fix: correct Azure Files backup support and add DFS private endpoint

yeongseon · yeongseon · commit 965783963096 · 2026-04-05T22:12:19.000+09:00
- Azure Backup supports Azure Files (not just blobs)
- PIT restore remains blob-only
- Add privatelink.dfs.core.windows.net for ADLS Gen2
- HNS accounts need both blob and dfs private endpoints
diff --git a/docs/operations/backup-and-data-protection.md b/docs/operations/backup-and-data-protection.md
@@ -7,12 +7,12 @@ Ensure data durability and availability using layered protection features.
 | Soft Delete | Container/Blob | Protect against accidental deletion. |
 | Versioning | Blob | Maintain history of blob changes. |
 | PIT Restore | Block blobs | Revert blob data to a specific point in time. |
-| Azure Backup | Blob containers | Operational or vaulted backup for blob data. |
+| Azure Backup | Blob containers / Azure Files | Operational or vaulted backup for blob data and file shares. |
 
 !!! note
     Enable soft delete as a minimum protection layer for all production storage accounts.
 
-Note: Point-in-time restore and Azure Backup for blobs do not cover Azure Files, Queue Storage, or Table Storage.
+Note: Point-in-time restore applies to block blobs only. Azure Backup also supports Azure Files through file share snapshots in a Recovery Services vault.
 
 ```mermaid
 graph TD
diff --git a/docs/operations/use-private-endpoints.md b/docs/operations/use-private-endpoints.md
@@ -25,6 +25,7 @@ graph TD
 
 - Place endpoint in a subnet with required NSG rules.
 - Create service-specific private DNS zones.
+- For HNS-enabled (Data Lake Gen2) accounts, create private endpoints for both blob and dfs sub-resources.
 - Link zones to all client VNets that resolve names.
 - Validate forwarders for hybrid DNS environments.
 - Test connectivity before disabling public endpoint access.
diff --git a/docs/troubleshooting/data-protection-and-recovery-issues.md b/docs/troubleshooting/data-protection-and-recovery-issues.md
@@ -12,7 +12,7 @@ Recover from accidental data deletion or corruption.
 !!! note
     Always verify which data protection features were enabled BEFORE the incident occurred.
 
-Note: Backup and point-in-time restore apply to blob data only; they do not cover Azure Files, Queue Storage, or Table Storage.
+Note: Point-in-time restore applies to block blobs only. Azure Backup supports both Azure Blobs and Azure Files.
 
 ```mermaid
 graph TD
diff --git a/docs/troubleshooting/private-endpoint-and-dns-issues.md b/docs/troubleshooting/private-endpoint-and-dns-issues.md
@@ -6,6 +6,7 @@ Troubleshoot Private Link connectivity and DNS resolution.
 |---------------|-----------------|------------|
 | nslookup | Private IP (e.g., 10.x.x.x) | Link Private DNS Zone to VNet. |
 | DNS Zone Name | `privatelink.blob.core.windows.net` | Create correct zone for service. |
+| DNS Zone Name | `privatelink.dfs.core.windows.net` | Create correct zone for ADLS Gen2. |
 | DNS Zone Name | `privatelink.file.core.windows.net` | Create correct zone for Files. |
 | DNS Zone Name | `privatelink.queue.core.windows.net` | Create correct zone for Queue. |
 | DNS Zone Name | `privatelink.table.core.windows.net` | Create correct zone for Table. |
