Microsoft Azure

Use Microsoft Azure Backup with Recovery Services

In a recent article I reviewed the ability to backup Windows client devices to Microsoft Azure using Online Backup. In this post, I will show you how to implement backup using Recovery Services.

Microsoft Online Backup Supported Scenarios

Microsoft’s online backup solution supports three versions of the client operating system:

  • Windows 8.1
  • Windows 8
  • Windows 7

Any computer that you wish to protect must have .NET Framework 4.5 and PowerShell installed, and you must use version 2.0.8694.0 or later of the protection agent.

You cannot protect the system state of a computer with this tool. You may only backup and restore files and folders on client devices.

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

Microsoft Azure Backup Vault

Azure Online Backup sends backup data directly to Azure where the data is stored in a backup vault. The vault is pretty simple to create. Before you do that you must decide if:

  • You will have one backup vault per protected machine: An Azure subscription supports up to 25 vaults.
  • You will have multiple protected machines per backup vault: A vault can contain backup data for up to 50 machines.

Log into the Azure management portal, navigate to Recovery Services, click New > Data Services > Recovery Services > Backup Vault > Quick Create. Enter a unique name for the new backup vault and select the Azure region where you want the data to be stored. It will take Azure a couple of minutes to provision the new vault.

Creating an Azure backup vault (Image Credit: Aidan Finn)
Creating an Azure backup vault (Image Credit: Aidan Finn)

Installing the Agent

Stay in Azure for a couple of minutes. Browse into the new backup vault, and you’ll find yourself in the Quick Start screen, where you can configure your client backup. There are two steps for configuration:

  1. Download the vault credentials: This is an identifier that you download and securely deploy to PCs that you want to backup. You will need this small text file to register any PCs with this backup vault. Once a PC is registered, you don’t need the file anymore on that PC. The file is valid for two days. After this time, the key will expire and you will have to download the file again to register any further machines with this vault. When you click this link, a file is generated by Azure, and a download popup will appear a few seconds later.
  2. Download and install the Azure Backup Agent: Click the link for Windows Server, System Center, and Windows Client. This is a 35 MB download, so you might opt to keep a copy if you are going to enable backup on multiple machines. Note that you will probably need to download and update this program in the future.
Download the installer and vault credentials (Image Credit: Aidan Finn)
Download the installer and vault credentials (Image Credit: Aidan Finn)

Securely copy the credentials and the MARSAgentInstaller.EXE setup program to the PC that you want to backup. Run MARSAgentInstaller.

The first screen in the install wizard will ask you where to install the program. The second setup screen allows you to configure a proxy with options for custom proxy settings and a username and password. The setup program will also download and install any missing pre-requisites. It doesn’t take long for the installer to complete the setup. When completed, you will be prompted to register the computer and create a scheduled backup.

The Register Your Server (yes, it says ‘Server’) will ask you to locate the previously downloaded credentials for the backup vault. Browse to and select the file, and the registration wizard will validate the secure connection to Azure.

Validate your connection to the Azure backup vault (Image Credit: Aidan Finn)
Validate your connection to the Azure backup vault (Image Credit: Aidan Finn)

Online Backup will encrypt any data on your PC before it is sent to Azure. The passphrase that is used for this encryption must be generated. You can enter something yourself, or you can use the Generate Passphrase button to get a nice long and complicated string. You should save this string somewhere safe. Note that Microsoft never has a copy of this file. Microsoft can never restore your data. You will need this passphrase to restore this data, so don’t save this file on the same location as the data you are protecting!

Generating and saving the encryption passphrase. (Image Credit: Aidan Finn)
Generating and saving the encryption passphrase. (Image Credit: Aidan Finn)

Configuring a Backup Job

Launch the Microsoft Azure Recovery Services Agent, labelled as Microsoft Azure Backup in the Start Menu or Start Screen. A console that is similar to Windows Server Backup will appear. It is here that you will configure your backup job, and it is here that you will restore files. Click Schedule Backup to create a new backup job.

In Select Items to Backup you can add files and folders that you want to protect. Note that this can include synchronized OneDrive files and folders. You can also set file type exclusions.

Selecting items to backup to Microsoft Azure. (Image Credit: Aidan Finn)
Selecting items to backup to Microsoft Azure. (Image Credit: Aidan Finn)

You can set the schedule and retention policy of your backup in the Specify Backup Time screen. Azure currently supports up to 120 recovery points — think of these as 120 backups — which is enough data to restore files from backup jobs over the last 120 days. The more data you retain, the more space you consume in the backup vault, and the more the service will cost.

If you backup three times per day, then you can retain up to 40 days of data (3 jobs per day x 40 days = 120 recovery points). If you do a backup every four weeks, then you can retain over nine years of data (28 days x 120 recovery points = 3360 days).

My tip: If you are going to do a local backup to a USB drive, then arrange the USB backup not to clash with the online backup.

Scheduling your backup and configuring the retention period. (Image Credit: Microsoft).
Scheduling your backup and configuring the retention period. (Image Credit: Microsoft).

And that’s it, the backup will run at the appointed schedule.

If you click Change Retention Range, then you can:

  • Modify the backup selection or schedule.
  • Stop the backup job while retaining data.
  • Stop the backup job and erase all data.

Restoring Files with Microsoft Azure Backup

Restoring files and folders is easy. Click Recover Data and a wizard starts up. You can recover data from a backup vault for the currently registered computer or another computer, assuming that you have the valid vault credentials.

You can select from any retained recovery point and then search for or specify specific files or folders. When you do decide to restore something, you can restore it:

  • to the original location
  • an alternative location
  • create copies so you retain the original file
  • overwrite existing files
  • do not overwrite existing files
  • by default the permissions of the original item will be restored

Azure Online Backup is pretty simple, and if you’ve used it to protect a server, then the protecting a client will be a familiar process.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (3)

3 responses to “Use Microsoft Azure Backup with Recovery Services”

      • Hi Aidan,

        yeah i went through this and i think its the same in PowerShell – see below.

        Set-OBPolicy : A new backup policy cannot be created because the current server already has an existing backup
        To create a new backup policy for this server you must first delete the previous policy…..

        I guess you could schedule powershell scripts to remove current policies add a new one and then have other powershell scripts to reset.
        not sure how the Vault data would react to this though.

Leave a Reply

Aidan Finn, Microsoft Most Valuable Professional (MVP), has been working in IT since 1996. He has worked as a consultant and administrator for the likes of Innofactor Norway, Amdahl DMR, Fujitsu, Barclays and Hypo Real Estate Bank International where he dealt with large and complex IT infrastructures and MicroWarehouse Ltd. where he worked with Microsoft partners in the small/medium business space.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: