Azure Backup
Data loss is one of the most damaging events for any organization — accidental file deletion, database corruption, ransomware attacks, or hardware failures can destroy months of work. Azure Backup is a simple, cost-effective, cloud-native backup service that protects data in Azure and on-premises by creating secure, recoverable copies stored in Azure.
What is Azure Backup?
Azure Backup provides a centralized solution for backing up Azure VMs, SQL databases, file shares, Kubernetes workloads, SAP HANA, and on-premises servers to Azure. It replaces traditional tape-based or local backup infrastructure with a fully managed cloud service — with no hardware to maintain and built-in security against ransomware.
Recovery Services Vault
All Azure Backup data is stored in a Recovery Services Vault — a management entity in Azure that stores backup data, recovery points, and backup policies. The vault is the central place to configure, monitor, and manage all backup jobs.
What Can Be Backed Up
| Workload | Backup Method | What Is Protected |
|---|---|---|
| Azure VM | Agent-based or agentless snapshot | Full VM disk snapshot — restore entire VM or individual files |
| Azure SQL Database | Automated (built into service) | Full, differential, and transaction log backups |
| Azure Files | Share snapshot via Azure Backup | File share snapshots — restore individual files or full share |
| Azure Disks (Managed Disks) | Disk snapshots | Point-in-time snapshots of individual managed disks |
| Azure Kubernetes (AKS) | Backup extension on cluster | Persistent volumes and cluster configuration |
| On-premises Windows | MARS Agent installed on server | Files, folders, and system state |
| On-premises VMware / Hyper-V | Azure Backup Server (MABS) | Full VM backups of virtual machines |
| SAP HANA on Azure VM | Backup extension | Full, incremental, and differential SAP HANA database backups |
Backup Policies
A backup policy defines when backups happen and how long they are retained. Each backup item is assigned a policy that controls its schedule.
Example Backup Policy for Azure VMs
Policy: VM-Daily-Backup
Backup Schedule:
Daily backup at 11:30 PM UTC
Retention:
Daily backup points → Keep for 30 days
Weekly backup points → Keep for 12 weeks (Sunday backups)
Monthly backup points → Keep for 12 months (first Sunday of month)
Yearly backup points → Keep for 5 years (January 1st)
This creates a GFS (Grandfather-Father-Son) retention scheme:
Recover from yesterday → use a daily point
Recover from 2 months ago → use a monthly point
Recover from 3 years ago → use a yearly point
Backup Storage Redundancy
The Recovery Services Vault stores backup data with the following redundancy options:
- LRS (Locally Redundant): 3 copies in the same data center. Cheapest — acceptable if the primary and backup regions are the same and cost is a concern.
- ZRS (Zone Redundant): 3 copies across availability zones in the same region. Protects against data center failure.
- GRS (Geo-Redundant) — Default: 6 copies — 3 in the primary region + 3 in the paired region. Best protection for disasters affecting the entire primary region.
Soft Delete
Soft Delete protects backup data from accidental or malicious deletion. When backup data is deleted (or the backup is stopped and data is deleted), Azure Backup retains the data for 14 additional days at no charge. The data can be recovered during this period. After 14 days it is permanently purged.
Soft Delete is always-on for Azure VM backups and cannot be disabled for 14 days after disabling.
Cross-Region Restore
With GRS-enabled vaults, Cross-Region Restore (CRR) allows restoring backup data in the secondary (paired) region. This is used when the primary region is completely unavailable and restoration in the secondary region is required to bring systems back online during a major regional disaster.
Backup Center
Backup Center is a unified management dashboard in the Azure Portal for managing backups across multiple vaults, subscriptions, and regions from a single view. It provides a consolidated view of all backup jobs, alerts, and compliance reports across the entire organization.
Key Takeaways
- Azure Backup stores backup data in a Recovery Services Vault with configurable redundancy (LRS, ZRS, GRS).
- Backup policies define schedules and retention rules — daily, weekly, monthly, and yearly retention points.
- Soft Delete prevents immediate permanent deletion — giving a 14-day recovery window after a backup is deleted.
- Azure Backup protects VMs, SQL, Azure Files, on-premises servers, SAP HANA, and Kubernetes workloads.
- Backup Center provides a centralized view for managing all backup resources across the organization.