![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 33%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERB%3C/text%3E%3C/svg%3E)
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,124 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 90%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
System State backups are intended to be restored on the same hardware. You can restore them on different hardware but there are risk of drivers issues that can make the entire thing a bit challenging. But nowadays with virtualization, the emulated hardware is easy to match so it is not often an issue...
I would suggest to have more than one DC backed up. It's okay if they are not FSMO holder as you can seize the role during a recovery.
I would also strongly recommend you test your backups in a lab environment (disconnect from your production environment) then you will be able to vouch for your backup, train on the recovery steps, and evaluate how long a recovery could be.
On another note, you can also use a bare metal backup (BMR). You could either backup the BMR in Azure Recovery Vault as files, or use Azure Backup Server to do directly BMR to the vault: https://learn.microsoft.com/en-us/azure/backup/backup-mabs-system-state-and-bmr
If you have DCs as VM in Azure, you can do BMR without having to deploy Azure Backup Server, so it make the backup and the recovery much easier.