According to the documentation traffic re-encryption is recommended for communication between Azure Front Door and backend service because it uses public IP addresses: Azure Front Door FAQ
But what in case when Azure Front Door is routing traffic eg. to AKS cluster (with Azure Load Balancer in front of AKS).
Is TLS between AFD and AKS necessary? Is it safe to assume that once traffic reaches AFD then it never again leaves Microsoft backbone network (then I would say AFD to AKS re-encryption isn't necessary)?
Is TLS between AFD and AKS necessary?
That is really your own choice I would say.
Is it safe to assume that once traffic reaches AFD then it never again leaves Microsoft backbone network?
That is the idea of Front Door, yes. Traffic enters an Edge node close to the client (lets say in France). From there on the traffic to your backend (e.g. in Azure West US) travels on the Microsoft backbone. If you do or do not want to encrypt your traffic on this - potentially long - route, is totally up to you and your requirements.
To cite official documentation:
In fact, since the connections to the backend happen over it's public IP, it is recommended that you configure your Front Door to use HTTPS as the forwarding protocol.