Azure Backup for Virtual Machines

In this post, I share about Azure Backup as a way to protect your data on virtual machines. Two different ways to enable Azure Backup for virtual machines will be explained step by step.

There are several reasons for backing up your data. Backup helps against accidental destruction of the data an protect your data in case of a malicious attack such as ransomware.  

In this article, we are going to review two ways to enable built-in Azure Backup service for virtual machines (VMs) on Azure.  

Azure Backup enables you to protect your VM data against data loss by creating independent and isolated backups stored in a Recovery Services Vault. The vault provides built-in functionality to manage recovery points. Backups are optimized and can be restored easily when required.  

Using Azure Backup, you can back up several data sources such as Azure VMs (Linux and Windows), Azure Managed Disks, Azure Files Shares, SQL Server and SAP HANA databases in Azure VMs, Azure Blobs, etc. In this article, we will cover Azure VM backup using backup extension which provides a secure and easy service to take backups, restore and defining backup policies.  

Why use Azure Backup? 

Here, I will just mention a few features of Azure Backup which provides value for users: 

Security: There are increasing concerns about issues like malware, ransomware, and intrusion. Azure Backup provides security features such as additional layer of authentication for backup operations, soft delete of backups with a retention of 14 days with no extra cost and alerting the subscription admin about any critical operations on backups.  

Centralized monitoring and alerting: Azure Backup Center provide a single unified management experience in Azure. It provides users with the ability to govern, monitor, operate, and analyze backups at scale from a single service. All these capabilities are available without additional management infrastructure.  

Multiple storage options: To keep your storage/data highly available, there are three types of replication offered by Azure Backup.  

  • Locally redundant storage (LRS) replicates your data three times (it creates three copies of your data) in a storage scale unit in a datacenter. All copies of the data exist within the same region. LRS is a low-cost option for protecting your data from local hardware failures. 
  • Geo-redundant storage (GRS) is the default and recommended replication option. GRS replicates your data to a secondary region (hundreds of miles away from the primary location of the source data). GRS costs more than LRS, but GRS provides a higher level of durability for your data, even if there’s a regional outage. 

How to take a backup? 

Method 1: Back up an Azure VM from the VM settings (Azure portal) 

This method is the easiest way to create and manage backups for a single VM in Azure, directly from the VM settings.  


As a requirement, Azure VM agent needs to be installed and running on the VM. If the VM was created using an image from Azure Marketplace, the agent is already running. Azure backup will install an extension on the VM agent to enable the backup process. In exceptional cases, if you created your VM using a custom image or migrated your VM from on-premises, you might need to install the agent manually. Follow the instructions for Windows or Linux VMs for manual agent installation.  


  1. Go to VM settings for the virtual machine that you want to backup (check image below).  
    • Go to Azure portal
    • In the search bar, type Virtual Machines and select your VM for backup.  
    • By selecting your VM, the VM settings menu will open. 
  2. On VM settings menu, on the left pane, under Operations, select Backup.  
  3. In Recovery Services vault section, do the following: 
    • If you already have a vault, choose Select existing, and select a vault. 
    • If there is no existing vault, select Create new. Choose a name for the vault. The vault is created in the same region and resource group as the VM. You cannot change these settings when you enable backup directly from the VM settings. 
  1. For Policy sub type, select Standard.  
  1. In Choose backup policy, do one of the following: 
    • Leave the default policy. This backs up the VM once a day at the time specified and retains backups in the vault for 30 days. 
    • Select an existing backup policy if you have one from the dropdown.  
    • Create a new policy and define the policy settings by selecting Edit this policy. 
  1. Select Enable Backup. This associates the backup policy with the VM. 

After the job is completed, in the VM settings menu, select Backup. As shown in the image below, you can check the backup status for the VM, details about recovery points, jobs running, and alerts issued. After enabling backup, an initial backup runs in accordance with backup policy. You can start the initial backup immediately or wait until it starts in accordance with the backup schedule. 

  • Until the initial backup is completed, the Last backup status shows as Warning (Initial backup pending)
  • To see when the next scheduled backup will run, select the backup policy name. 


Method 2: Backup Azure virtual machines using Recovery Services Vault 

This tutorial will show how to enable backups for an existing virtual machine in Azure. We will use Recovery Services Vault which is a backup management service that stores recovery points and provides an interface to perform backup-related tasks. These tasks include creating on-demand backups, performing restores, and defining backup policies. 


Create a Recovery Services Vault: 

  • Go to Azure portal
  • In the search bar, type and select Backup center.  
  • In Backup center dashboard, click +Vault in overview tab.  

  • Select Recovery Services vault > Continue
  • Fill in required information (subscription, resource group, vault name, region) in the opened dialog. Please note that the vault must be in the same region as the data source. If you have data sources in multiple locations, you need to create a separate recovery services vault for each data source according to the location.  
  • After filling in the values, click Review + Create and in the next dialog if all the values seem correct, select Create.  

It will take a while for the vault to be created. To check the list of the vaults, in the Backup center dashboard, under the Manage tab, select Vaults.  

After creating the recovery services vault, it is time to create a backup of virtual machines. Follow the steps below to create a backup. 

  • In Backup center dashboard, click +Backup from the Overview tab. 
  • In the opened dialog, for Datasource type choose Azure Virtual machines. For Vault, select the vault you have created. Then click Continue
  • In configure Backup dialog, select Standard as the Policy sub type
  • Then assign a policy to your backup. In policy settings, you can configure the intervals of the backup and retention periods. Review the default policy settings under the Policy Details. If you wish to change the settings, select Create a new policy, otherwise continue with the DefaultPolicy.  
  • Select a VM to back up by clicking Add under Virtual Machines. 
  • The Select virtual machines dialog will open. Select the VMs you want to back up. Then select OK
    • The selected VMs are validated. 
    • You can only select VMs in the same region as the vault. 
    • VMs can only be backed up in a single vault. 
  • Click Enable backup on Configure Backup dialog. 

After these steps, Azure Backup will install the backup extension on selected VMs (whether they are running or not). Then an initial backup will be created in accordance with your backup policy schedule.  



Backups are one of the proven methods to protect data from incidental and malicious data loss. However, managing backups if not carefully planned and automated, can be a tedious task. Azure Backup service provides built-in functionality to create and manage backups in an easy and automated manner. I recommend reading further about Azure Backup architecture and how Azure VM Backup works using the links below.  

Azure Backup Architecture 

An overview of Azure VM Backup