Azure Backup: Complete Data Protection and Recovery Guide
Azure Backup provides cloud-based backup solutions that protect your data against ransomware, hardware failures, and human errors. This comprehensive guide covers virtual machine backups, file backups, and disaster recovery strategies for small businesses.
Understanding Azure Backup
Backup Types
- Azure VM Backup: Full virtual machine protection
- Azure Files Backup: File share backup and recovery
- SQL Database Backup: Database-specific protection
- Azure Disk Backup: Managed disk snapshots
- On-premises Backup: MARS agent for local systems
Recovery Services Vault
- Central management: Single location for all backups
- Cross-region replication: Geo-redundant storage options
- Policy management: Automated backup schedules
- Monitoring: Centralized backup health monitoring
Creating Recovery Services Vault
PowerShell Setup
# Install Azure PowerShell module
Install-Module -Name Az -Force
# Connect to Azure
Connect-AzAccount
# Create resource group
New-AzResourceGroup -Name "Backup-RG" -Location "East US"
# Create Recovery Services vault
$vault = New-AzRecoveryServicesVault `
-ResourceGroupName "Backup-RG" `
-Name "BusinessBackupVault" `
-Location "East US"
# Set vault context
Set-AzRecoveryServicesVaultContext -Vault $vault
# Configure backup storage redundancy
Set-AzRecoveryServicesBackupProperty `
-Vault $vault `
-BackupStorageRedundancy "GeoRedundant"
Azure CLI Setup
# Login to Azure
az login
# Create resource group
az group create --name "Backup-RG" --location "eastus"
# Create Recovery Services vault
az backup vault create \
--resource-group "Backup-RG" \
--name "BusinessBackupVault" \
--location "eastus"
# Set storage redundancy
az backup vault backup-properties set \
--name "BusinessBackupVault" \
--resource-group "Backup-RG" \
--backup-storage-redundancy "GeoRedundant"
Virtual Machine Backup
Backup Policy Configuration
# Create backup policy
$policy = New-AzRecoveryServicesBackupProtectionPolicy `
-Name "DailyVMBackup" `
-WorkloadType "AzureVM" `
-RetentionPolicy @{
"IsDaily" = $true
"DailySchedule" = @{
"DurationCountInDays" = 30
"RetentionTimes" = @((Get-Date -Hour 2 -Minute 0 -Second 0))
}
"IsWeekly" = $true
"WeeklySchedule" = @{
"DurationCountInWeeks" = 12
"DaysOfTheWeek" = @("Sunday")
"RetentionTimes" = @((Get-Date -Hour 2 -Minute 0 -Second 0))
}
"IsMonthly" = $true
"MonthlySchedule" = @{
"DurationCountInMonths" = 12
"RetentionScheduleFormatType" = "Weekly"
"RetentionScheduleWeekly" = @{
"DaysOfTheWeek" = @("Sunday")
"WeeksOfTheMonth" = @("First")
}
"RetentionTimes" = @((Get-Date -Hour 2 -Minute 0 -Second 0))
}
} `
-SchedulePolicy @{
"ScheduleRunFrequency" = "Daily"
"ScheduleRunTimes" = @((Get-Date -Hour 2 -Minute 0 -Second 0))
}
# Set backup policy
Set-AzRecoveryServicesBackupProtectionPolicy -Policy $policy
Enable VM Backup
# Get VM
$vm = Get-AzVM -ResourceGroupName "VM-RG" -Name "BusinessVM001"
# Enable backup
Enable-AzRecoveryServicesBackupProtection `
-ResourceGroupName "VM-RG" `
-Name "BusinessVM001" `
-Policy $policy
# Trigger immediate backup
$backupJob = Backup-AzRecoveryServicesBackupItem `
-Item (Get-AzRecoveryServicesBackupItem -Container (Get-AzRecoveryServicesBackupContainer -ContainerType "AzureVM" -Name "BusinessVM001") -WorkloadType "AzureVM")
# Monitor backup job
Get-AzRecoveryServicesBackupJob -Job $backupJob
Backup Monitoring
# Check backup status
$backupItems = Get-AzRecoveryServicesBackupItem -Container (Get-AzRecoveryServicesBackupContainer -ContainerType "AzureVM") -WorkloadType "AzureVM"
foreach ($item in $backupItems) {
$status = Get-AzRecoveryServicesBackupStatus -Name $item.Name -ResourceGroupName $item.ResourceGroupName
Write-Host "VM: $($item.Name) - Status: $($status.BackupEnabled) - Last Backup: $($item.LastBackupTime)"
}
# Get backup jobs
$jobs = Get-AzRecoveryServicesBackupJob -From (Get-Date).AddDays(-7) -To (Get-Date)
$jobs | Select-Object WorkloadName, Operation, Status, StartTime, EndTime
File and Folder Backup
Azure Files Backup
# Create storage account for file shares
$storageAccount = New-AzStorageAccount `
-ResourceGroupName "Backup-RG" `
-Name "businessfilesbackup" `
-Location "East US" `
-SkuName "Standard_LRS" `
-Kind "StorageV2"
# Create file share
$ctx = $storageAccount.Context
$fileShare = New-AzStorageShare -Name "companyfiles" -Context $ctx
# Enable backup for file share
Enable-AzRecoveryServicesBackupProtection `
-Policy $policy `
-Name "companyfiles" `
-StorageAccountName "businessfilesbackup" `
-ResourceGroupName "Backup-RG"
On-Premises Backup (MARS Agent)
# Download MARS agent
$marsUrl = "https://download.microsoft.com/download/3/B/D/3BD917B2-2F17-4635-8096-8A7FA2B1D6F8/MARSAgentInstaller.exe"
Invoke-WebRequest -Uri $marsUrl -OutFile "C:\Temp\MARSAgentInstaller.exe"
# Install MARS agent (run on on-premises server)
Start-Process -FilePath "C:\Temp\MARSAgentInstaller.exe" -ArgumentList "/q" -Wait
# Configure backup policy
$policy = @{
"ScheduleRunTimes" = @("02:00")
"ScheduleRunDays" = @("Monday", "Wednesday", "Friday")
"RetentionPolicy" = @{
"Daily" = @{
"Count" = 30
}
"Weekly" = @{
"Count" = 12
"DaysOfWeek" = @("Sunday")
}
"Monthly" = @{
"Count" = 12
"Week" = "First"
"DayOfWeek" = "Sunday"
}
}
}
# Create backup job
$backupJob = New-OBPolicy
$backupJob | Add-OBFileSpec -FileSpec "C:\BusinessData"
$backupJob | Set-OBSchedule -DaysOfWeek Monday,Wednesday,Friday -TimesOfDay 02:00
$backupJob | Set-OBRetentionPolicy -RetentionDays 30
$backupJob | Set-OBPolicy
Database Backup
SQL Database Backup
# Enable SQL Database backup
$sqlPolicy = New-AzRecoveryServicesBackupProtectionPolicy `
-Name "SQLDatabaseBackup" `
-WorkloadType "MSSQL" `
-RetentionPolicy @{
"IsDaily" = $true
"DailySchedule" = @{
"DurationCountInDays" = 35
"RetentionTimes" = @((Get-Date -Hour 2 -Minute 0 -Second 0))
}
"IsWeekly" = $true
"WeeklySchedule" = @{
"DurationCountInWeeks" = 12
"DaysOfTheWeek" = @("Sunday")
"RetentionTimes" = @((Get-Date -Hour 2 -Minute 0 -Second 0))
}
} `
-SchedulePolicy @{
"ScheduleRunFrequency" = "Daily"
"ScheduleRunTimes" = @((Get-Date -Hour 2 -Minute 0 -Second 0))
}
# Register SQL Server
$sqlServer = Get-AzVM -ResourceGroupName "Database-RG" -Name "SQLServer001"
Register-AzRecoveryServicesBackupContainer `
-ResourceGroupName "Database-RG" `
-Name "SQLServer001" `
-ContainerType "Windows" `
-WorkloadType "MSSQL"
# Enable database backup
Enable-AzRecoveryServicesBackupProtection `
-ResourceGroupName "Database-RG" `
-Name "BusinessDatabase" `
-Policy $sqlPolicy
Azure SQL Database Long-term Retention
# Configure long-term retention
Set-AzSqlDatabaseBackupLongTermRetentionPolicy `
-ResourceGroupName "Database-RG" `
-ServerName "businesssqlserver001" `
-DatabaseName "BusinessDB" `
-WeeklyRetention "P12W" `
-MonthlyRetention "P12M" `
-YearlyRetention "P7Y" `
-WeekOfYear 1
# List long-term retention backups
Get-AzSqlDatabaseLongTermRetentionBackup `
-Location "East US" `
-ServerName "businesssqlserver001" `
-DatabaseName "BusinessDB"
Backup Restoration
VM Restore
# Get recovery points
$backupItem = Get-AzRecoveryServicesBackupItem -Container (Get-AzRecoveryServicesBackupContainer -ContainerType "AzureVM" -Name "BusinessVM001") -WorkloadType "AzureVM"
$recoveryPoints = Get-AzRecoveryServicesBackupRecoveryPoint -Item $backupItem
# Restore VM configuration
$restoreJob = Restore-AzRecoveryServicesBackupItem `
-RecoveryPoint $recoveryPoints[0] `
-TargetResourceGroupName "Restore-RG" `
-TargetVMName "BusinessVM001-Restored" `
-TargetVNetName "Restore-VNet" `
-TargetSubnetName "Restore-Subnet" `
-TargetStorageAccountName "restorestorage001"
# Monitor restore job
Get-AzRecoveryServicesBackupJob -Job $restoreJob
File-Level Recovery
# Mount recovery point as drive
$mountJob = Get-AzRecoveryServicesBackupRecoveryPoint -Item $backupItem | Select-Object -First 1 | Enable-AzRecoveryServicesBackupMount
# Get mount details
$mountDetails = Get-AzRecoveryServicesBackupMountDetails -Job $mountJob
# Restore specific files
Copy-Item -Path "$($mountDetails.MountPath)\C\BusinessData\ImportantFile.txt" -Destination "C:\Restored\ImportantFile.txt"
# Dismount recovery point
Disable-AzRecoveryServicesBackupMount -Job $mountJob
Database Restore
# Get database recovery points
$dbBackupItem = Get-AzRecoveryServicesBackupItem -Container (Get-AzRecoveryServicesBackupContainer -ContainerType "AzureSQL" -Name "BusinessDatabase") -WorkloadType "AzureSQLDatabase"
$dbRecoveryPoints = Get-AzRecoveryServicesBackupRecoveryPoint -Item $dbBackupItem
# Restore database
$restoreJob = Restore-AzRecoveryServicesBackupItem `
-RecoveryPoint $dbRecoveryPoints[0] `
-TargetDatabaseName "BusinessDB-Restored" `
-TargetServerName "businesssqlserver001"
# Monitor restore
Get-AzRecoveryServicesBackupJob -Job $restoreJob
Cross-Region Backup
Geo-Redundant Storage
# Configure geo-redundant storage
Set-AzRecoveryServicesBackupProperty `
-Vault $vault `
-BackupStorageRedundancy "GeoRedundant"
# Enable cross-region restore
Set-AzRecoveryServicesBackupProperty `
-Vault $vault `
-EnableCrossRegionRestore $true
# Check replication status
Get-AzRecoveryServicesBackupProperty -Vault $vault
Cross-Region Restore
# Get secondary region recovery points
$secondaryRegionRPs = Get-AzRecoveryServicesBackupRecoveryPoint `
-Item $backupItem `
-UseSecondaryRegion
# Restore in secondary region
$crossRegionRestoreJob = Restore-AzRecoveryServicesBackupItem `
-RecoveryPoint $secondaryRegionRPs[0] `
-TargetResourceGroupName "DR-RG" `
-TargetVMName "BusinessVM001-DR" `
-TargetVNetName "DR-VNet" `
-TargetSubnetName "DR-Subnet" `
-UseSecondaryRegion
Backup Automation
PowerShell Automation
# Automated backup health check
param(
[string]$VaultName = "BusinessBackupVault",
[string]$ResourceGroupName = "Backup-RG",
[string]$EmailRecipient = "admin@company.com"
)
# Set vault context
$vault = Get-AzRecoveryServicesVault -ResourceGroupName $ResourceGroupName -Name $VaultName
Set-AzRecoveryServicesVaultContext -Vault $vault
# Get backup items
$backupItems = Get-AzRecoveryServicesBackupItem -Container (Get-AzRecoveryServicesBackupContainer -ContainerType "AzureVM") -WorkloadType "AzureVM"
# Check backup status
$report = @()
foreach ($item in $backupItems) {
$lastBackup = $item.LastBackupTime
$status = if ($lastBackup -lt (Get-Date).AddDays(-2)) { "FAILED" } else { "SUCCESS" }
$report += [PSCustomObject]@{
VMName = $item.Name
LastBackup = $lastBackup
Status = $status
ProtectionState = $item.ProtectionState
}
}
# Send email report
$htmlReport = $report | ConvertTo-Html -Title "Backup Status Report"
Send-MailMessage -To $EmailRecipient -Subject "Daily Backup Report" -Body $htmlReport -BodyAsHtml -From "backup@company.com" -SmtpServer "smtp.company.com"
Azure Automation Runbook
# Runbook for automated backup management
param(
[string]$SubscriptionId,
[string]$ResourceGroupName = "Backup-RG",
[string]$VaultName = "BusinessBackupVault"
)
# Connect using managed identity
Connect-AzAccount -Identity
# Select subscription
Set-AzContext -SubscriptionId $SubscriptionId
# Get vault
$vault = Get-AzRecoveryServicesVault -ResourceGroupName $ResourceGroupName -Name $VaultName
Set-AzRecoveryServicesVaultContext -Vault $vault
# Trigger backup for all VMs
$backupItems = Get-AzRecoveryServicesBackupItem -Container (Get-AzRecoveryServicesBackupContainer -ContainerType "AzureVM") -WorkloadType "AzureVM"
foreach ($item in $backupItems) {
$backupJob = Backup-AzRecoveryServicesBackupItem -Item $item
Write-Output "Triggered backup for $($item.Name): $($backupJob.JobId)"
}
Monitoring and Alerting
Backup Reports
# Configure backup reports
$logAnalyticsWorkspace = New-AzOperationalInsightsWorkspace `
-ResourceGroupName "Backup-RG" `
-Name "BackupLogAnalytics" `
-Location "East US" `
-Sku "PerGB2018"
# Enable diagnostic settings
Set-AzDiagnosticSetting `
-ResourceId $vault.ID `
-Name "BackupDiagnostics" `
-Enabled $true `
-WorkspaceId $logAnalyticsWorkspace.ResourceId `
-Log @(
@{
"category" = "CoreAzureBackup"
"enabled" = $true
"retentionPolicy" = @{
"enabled" = $true
"days" = 90
}
},
@{
"category" = "AddonAzureBackupJobs"
"enabled" = $true
"retentionPolicy" = @{
"enabled" = $true
"days" = 90
}
}
)
Backup Alerts
# Create action group
$actionGroup = New-AzActionGroup `
-ResourceGroupName "Backup-RG" `
-Name "backup-alerts" `
-ShortName "bkAlerts" `
-EmailReceiver @{
"name" = "admin"
"emailAddress" = "admin@company.com"
}
# Create backup failure alert
New-AzMetricAlertRule `
-ResourceGroupName "Backup-RG" `
-Name "backup-failure-alert" `
-TargetResourceId $vault.ID `
-MetricName "BackupHealthEvent" `
-Operator "GreaterThan" `
-Threshold 0 `
-WindowSize "01:00:00" `
-TimeAggregationOperator "Total" `
-ActionGroupId $actionGroup.Id
Cost Management
Backup Storage Optimization
# Analyze backup storage usage
$backupItems = Get-AzRecoveryServicesBackupItem -Container (Get-AzRecoveryServicesBackupContainer -ContainerType "AzureVM") -WorkloadType "AzureVM"
$storageUsage = @()
foreach ($item in $backupItems) {
$recoveryPoints = Get-AzRecoveryServicesBackupRecoveryPoint -Item $item
$storageUsage += [PSCustomObject]@{
VMName = $item.Name
RecoveryPointCount = $recoveryPoints.Count
EstimatedStorageGB = $recoveryPoints.Count * 50 # Estimate 50GB per recovery point
}
}
$storageUsage | Sort-Object EstimatedStorageGB -Descending
Cost Optimization Strategies
# Implement tiered backup policy
$tierPolicy = New-AzRecoveryServicesBackupProtectionPolicy `
-Name "TieredBackup" `
-WorkloadType "AzureVM" `
-RetentionPolicy @{
"IsDaily" = $true
"DailySchedule" = @{
"DurationCountInDays" = 7
"RetentionTimes" = @((Get-Date -Hour 2 -Minute 0 -Second 0))
}
"IsWeekly" = $true
"WeeklySchedule" = @{
"DurationCountInWeeks" = 4
"DaysOfTheWeek" = @("Sunday")
"RetentionTimes" = @((Get-Date -Hour 2 -Minute 0 -Second 0))
}
"IsMonthly" = $true
"MonthlySchedule" = @{
"DurationCountInMonths" = 3
"RetentionScheduleFormatType" = "Weekly"
"RetentionScheduleWeekly" = @{
"DaysOfTheWeek" = @("Sunday")
"WeeksOfTheMonth" = @("First")
}
"RetentionTimes" = @((Get-Date -Hour 2 -Minute 0 -Second 0))
}
} `
-SchedulePolicy @{
"ScheduleRunFrequency" = "Daily"
"ScheduleRunTimes" = @((Get-Date -Hour 2 -Minute 0 -Second 0))
}
# Calculate cost savings
$standardCost = 100 * 0.095 # 100GB at $0.095 per GB/month
$tieredCost = (50 * 0.095) + (30 * 0.05) + (20 * 0.025) # Hot + Cool + Archive
$savings = $standardCost - $tieredCost
Write-Host "Monthly savings: $${savings}"
Best Practices
Backup Strategy
- 3-2-1 Rule: 3 copies, 2 different media types, 1 offsite
- Test restores regularly
- Document procedures for disaster recovery
- Monitor backup health continuously
Security
- Enable soft delete for accidental deletion protection
- Use RBAC for backup administrator access
- Implement network restrictions for vault access
- Regular security reviews of backup policies
Performance
- Schedule backups during off-peak hours
- Use incremental backups to reduce storage costs
- Optimize retention policies based on business needs
- Monitor backup windows to avoid overlaps
Troubleshooting
Common Issues
# Check backup job failures
$failedJobs = Get-AzRecoveryServicesBackupJob -Status "Failed" -From (Get-Date).AddDays(-7)
$failedJobs | Select-Object WorkloadName, Operation, Status, StartTime, ErrorDetails
# Verify VM backup prerequisites
$vm = Get-AzVM -ResourceGroupName "VM-RG" -Name "BusinessVM001"
$vmStatus = Get-AzVMStatus -ResourceGroupName "VM-RG" -Name "BusinessVM001"
Write-Host "VM Power State: $($vmStatus.PowerState)"
Write-Host "VM Agent Status: $($vmStatus.VMAgent.Status)"
# Check storage account connectivity
Test-AzureRmBackupItem -Container $container -Item $backupItem
Recovery Point Issues
# Verify recovery point consistency
$backupItem = Get-AzRecoveryServicesBackupItem -Container (Get-AzRecoveryServicesBackupContainer -ContainerType "AzureVM" -Name "BusinessVM001") -WorkloadType "AzureVM"
$recoveryPoints = Get-AzRecoveryServicesBackupRecoveryPoint -Item $backupItem
foreach ($rp in $recoveryPoints) {
Write-Host "Recovery Point: $($rp.RecoveryPointTime) - Type: $($rp.RecoveryPointType) - Consistency: $($rp.ConsistencyType)"
}
Conclusion
Azure Backup provides comprehensive data protection for modern business environments. Implementing proper backup policies, monitoring, and testing procedures ensures business continuity and data protection against various failure scenarios.
For professional Azure Backup implementation and disaster recovery planning services in Louisville, contact Tyler on Tech Louisville for expert assistance with your data protection strategy.