Support matrix for Azure Backup

You can use Azure Backup to back up data to the Microsoft Azure cloud platform. This article summarizes the general support settings and limitations for Azure Backup scenarios and deployments.

Other support matrices are available:

Note

This service supports Azure Lighthouse, which lets service providers sign in to their own tenant to manage subscriptions and resource groups that customers have delegated.

Vault support

Azure Backup uses Recovery Services vaults to orchestrate and manage backups for the following workload types - Azure VMs, SQL in Azure VMs, SAP HANA in Azure VMs, Azure File shares and on-premises workloads using Azure Backup Agent, Azure Backup Server and System Center DPM. It also uses Recovery Services vaults to store backed-up data for these workloads.

The following table describes the features of Recovery Services vaults:

Feature Details
Vaults in subscription Up to 500 Recovery Services vaults in a single subscription.
Machines in a vault Up to 2000 datasources across all workloads (like Azure VMs, SQL Server VM, MABS Servers, and so on) can be protected in a single vault.

Up to 1,000 Azure VMs in a single vault.

Up to 50 MABS servers can be registered in a single vault.
Data sources Maximum size of an individual data source is 54,400 GB. This limit doesn't apply to Azure VM backups. No limits apply to the total amount of data you can back up to the vault.
Backups to vault Azure VMs: Once a day.

Machines protected by DPM/MABS: Twice a day.

Machines backed up directly by using the MARS agent: Three times a day.
Backups between vaults Backup is within a region.

You need a vault in every Azure region that contains VMs you want to back up. You can't back up to a different region.
Move vaults You can move vaults across subscriptions or between resource groups in the same subscription. However, moving vaults across regions isn't supported.
Move data between vaults Moving backed-up data between vaults isn't supported.
Modify vault storage type You can modify the storage replication type (either geo-redundant storage or locally redundant storage) for a vault before backups are stored. After backups begin in the vault, the replication type can't be modified.
Zone-redundant storage (ZRS) Available in the UK South (UKS) and South East Asia (SEA) regions.

On-premises backup support

Here's what's supported if you want to back up on-premises machines:

Machine What's backed up Location Features
Direct backup of Windows machine with MARS agent Files, folders, system state Back up to Recovery Services vault. Back up three times a day

No app-aware backup

Restore file, folder, volume
Direct backup of Linux machine with MARS agent Backup not supported
Back up to DPM Files, folders, volumes, system state, app data Back up to local DPM storage. DPM then backs up to vault. App-aware snapshots

Full granularity for backup and recovery

Linux supported for VMs (Hyper-V/VMware)

Oracle not supported
Back up to MABS Files, folders, volumes, system state, app data Back up to MABS local storage. MABS then backs up to the vault. App-aware snapshots

Full granularity for backup and recovery

Linux supported for VMs (Hyper-V/VMware)

Oracle not supported

Azure VM backup support

Azure VM limits

Limit Details
Azure VM data disks See the support matrix for Azure VM backup.
Azure VM data disk size Individual disk size can be up to 32 TB and a maximum of 256 TB combined for all disks in a VM.

Azure VM backup options

Here's what's supported if you want to back up Azure VMs:

Machine What's backed up Location Features
Azure VM backup by using VM extension Entire VM Back up to vault. Extension installed when you enable backup for a VM.

Back up once a day.

App-aware backup for Windows VMs; file-consistent backup for Linux VMs. You can configure app-consistency for Linux machines by using custom scripts.

Restore VM or disk.

Can't back up an Azure VM to an on-premises location.
Azure VM backup by using MARS agent Files, folders, system state Back up to vault. Back up three times a day.

If you want to back up specific files or folders rather than the entire VM, the MARS agent can run alongside the VM extension.
Azure VM with DPM Files, folders, volumes, system state, app data Back up to local storage of Azure VM that's running DPM. DPM then backs up to vault. App-aware snapshots.

Full granularity for backup and recovery.

Linux supported for VMs (Hyper-V/VMware).

Oracle not supported.
Azure VM with MABS Files, folders, volumes, system state, app data Back up to local storage of Azure VM that's running MABS. MABS then backs up to the vault. App-aware snapshots.

Full granularity for backup and recovery.

Linux supported for VMs (Hyper-V/VMware).

Oracle not supported.

Linux backup support

Here's what's supported if you want to back up Linux machines:

Backup type Linux (Azure endorsed)
Direct backup of on-premises machine that's running Linux Not supported. The MARS agent can be installed only on Windows machines.
Using agent extension to back up Azure VM that's running Linux App-consistent backup by using custom scripts.

File-level recovery.

Restore by creating a VM from a recovery point or disk.
Using DPM to back up on-premises machines running Linux File-consistent backup of Linux Guest VMs on Hyper-V and VMware.

VM restoration of Hyper-V and VMware Linux Guest VMs.
Using MABS to back up on-premises machines running Linux File-consistent backup of Linux Guest VMs on Hyper-V and VMware.

VM restoration of Hyper-V and VMware Linux guest VMs.
Using MABS or DPM to back up Linux Azure VMs Not supported.

Daylight saving time support

Azure Backup doesn't support automatic clock adjustment for daylight saving time for Azure VM backups. It doesn't shift the hour of the backup forward or backwards. To ensure the backup runs at the desired time, modify the backup policies manually as required.

Disk deduplication support

Disk deduplication support is as follows:

  • Disk deduplication is supported on-premises when you use DPM or MABS to back up Hyper-V VMs that are running Windows. Windows Server performs data deduplication (at the host level) on virtual hard disks (VHDs) that are attached to the VM as backup storage.
  • Deduplication isn't supported in Azure for any Backup component. When DPM and MABS are deployed in Azure, the storage disks attached to the VM can't be deduplicated.

Security and encryption support

Azure Backup supports encryption for in-transit and at-rest data.

Network traffic to Azure

  • Backup traffic from servers to the Recovery Services vault is encrypted by using Advanced Encryption Standard 256.
  • Backup data is sent over a secure HTTPS link.

Data security

  • Backup data is stored in the Recovery Services vault in encrypted form.
  • When data is backed up from on-premises servers with the MARS agent, data is encrypted with a passphrase before upload to Azure Backup and decrypted only after it's downloaded from Azure Backup.
  • When you're backing up Azure VMs, you need to set up encryption within the virtual machine.
  • Azure Backup supports Azure Disk Encryption, which uses BitLocker on Windows virtual machines and dm-crypt on Linux virtual machines.
  • On the back end, Azure Backup uses Azure Storage Service Encryption, which protects data at rest.
Machine In transit At rest
On-premises Windows machines without DPM/MABS Yes Yes
Azure VMs Yes Yes
On-premises Windows machines or Azure VMs with DPM Yes Yes
On-premises Windows machines or Azure VMs with MABS Yes Yes

Compression support

Backup supports the compression of backup traffic, as summarized in the following table.

  • For Azure VMs, the VM extension reads the data directly from the Azure storage account over the storage network, so it isn't necessary to compress this traffic.
  • If you're using DPM or MABS, you can save bandwidth by compressing the data before it's backed up.
Machine Compress to MABS/DPM (TCP) Compress to vault (HTTPS)
Direct backup of on-premises Windows machines NA Yes
Backup of Azure VMs by using VM extension NA NA
Backup on on-premises/Azure machines by using MABS/DPM Yes Yes

Retention limits

Setting Limits
Maximum recovery points per protected instance (machine or workload) 9,999
Maximum expiry time for a recovery point No limit
Maximum backup frequency to DPM/MABS Every 15 minutes for SQL Server

Once an hour for other workloads
Maximum backup frequency to vault On-premises Windows machines or Azure VMs running MARS: Three per day

DPM/MABS: Two per day

Azure VM backup: One per day
Recovery point retention Daily, weekly, monthly, yearly
Maximum retention period Depends on backup frequency
Recovery points on DPM/MABS disk 64 for file servers; 448 for app servers

Unlimited tape recovery points for on-premises DPM

Cross Region Restore

Azure Backup has added the Cross Region Restore feature to strengthen data availability and resiliency capability, giving you full control to restore data to a secondary region. To configure this feature, visit the Set Cross Region Restore article.. This feature is supported for the following management types:

Backup Management type Supported Supported Regions
Azure VM Yes. Supported for encrypted VMs and VMs with lesser than 4-TB disks All Azure public regions and sovereign clouds.
SQL /SAP HANA Yes All public regions except France
MARS Agent/On premises No N/A
AFS (Azure file shares) No N/A

Next steps