Install and configure Azure Backup Server

This article explains how to prepare your environment to back up workloads using Azure Backup Server. With Azure Backup Server, you can protect application workloads such as Hyper-V VMs, Microsoft SQL Server, SharePoint Server, Microsoft Exchange, and Windows clients from a single console.


Azure Backup Server can now protect VMware VMs and provides improved security capabilities. Install the product as explained in the sections below; apply Update 1 and the latest Azure Backup Agent. To learn more about backing up VMware servers with Azure Backup Server, see the article, Use Azure Backup Server to back up a VMware server. To learn about security capabilities, refer to Azure backup security features documentation.

You can also protect Infrastructure as a Service (IaaS) workloads such as VMs in Azure.


Azure has two deployment models for creating and working with resources: Resource Manager and classic. This article provides the information and procedures for restoring VMs deployed using the Resource Manager model.

Azure Backup Server inherits much of the workload backup functionality from Data Protection Manager (DPM). This article links to DPM documentation to explain some of the shared functionality. Though Azure Backup Server shares much of the same functionality as DPM. Azure Backup Server does not back up to tape, nor does it integrate with System Center.

Choose an installation platform

The first step towards getting the Azure Backup Server up and running is to set up a Windows Server. Your server can be in Azure or on-premises.

Using a server in Azure

When choosing a server for running Azure Backup Server, it is recommended you start with a gallery image of Windows Server 2012 R2 Datacenter or Windows Server 2016 Datacenter. The article, Create your first Windows virtual machine in the Azure portal, provides a tutorial for getting started with the recommended virtual machine in Azure, even if you've never used Azure before. The recommended minimum requirements for the server virtual machine (VM) should be: A2 Standard with two cores and 3.5 GB RAM.

Protecting workloads with Azure Backup Server has many nuances. The article, Install DPM as an Azure virtual machine, helps explain these nuances. Before deploying the machine, read this article completely.

Using an on-premises server

If you do not want to run the base server in Azure, you can run the server on a Hyper-V VM, a VMware VM, or a physical host. The recommended minimum requirements for the server hardware are two cores and 4 GB RAM. The supported operating systems are listed in the following table:

Operating System Platform SKU
Windows Server 2016 and latest SPs 64 bit Standard, Datacenter, Essentials (MABS v2 onwards)
Windows Server 2012 R2 and latest SPs 64 bit Standard, Datacenter, Foundation
Windows Server 2012 and latest SPs 64 bit Datacenter, Foundation, Standard
Windows Storage Server 2012 R2 and latest SPs 64 bit Standard, Workgroup
Windows Storage Server 2012 and latest SPs 64 bit Standard, Workgroup

You can deduplicate the DPM storage using Windows Server Deduplication. Learn more about how DPM and deduplication work together when deployed in Hyper-V VMs.


Azure Backup Server is designed to run on a dedicated, single-purpose server. You cannot install Azure Backup Server on:

  • A computer running as a domain controller
  • A computer on which the Application Server role is installed
  • A computer that is a System Center Operations Manager management server
  • A computer on which Exchange Server is running
  • A computer that is a node of a cluster

Always join Azure Backup Server to a domain. If you plan to move the server to a different domain, install Azure Backup Server first, then join the server to the new domain. Moving an existing Azure Backup Server machine to a new domain after deployment is not supported.

Whether you send backup data to Azure, or keep it locally, Azure Backup Server must be registered with a Recovery Services vault.

Create a Recovery Services vault

A Recovery Services vault is an entity that stores the backups and recovery points created over time. The Recovery Services vault also contains the backup policies that are associated with the protected virtual machines.

To create a Recovery Services vault:

  1. Sign in to your subscription in the Azure portal.

  2. On the left menu, select All services.

    Select All services

  3. In the All services dialog box, enter Recovery Services. The list of resources filters according to your input. In the list of resources, select Recovery Services vaults.

    Enter and choose Recovery Services vaults

    The list of Recovery Services vaults in the subscription appears.

  4. On the Recovery Services vaults dashboard, select Add.

    Add a Recovery Services vault

    The Recovery Services vault dialog box opens. Provide values for the Name, Subscription, Resource group, and Location.

    Configure the Recovery Services vault

    • Name: Enter a friendly name to identify the vault. The name must be unique to the Azure subscription. Specify a name that has at least two, but not more than 50 characters. The name must start with a letter and consist only of letters, numbers, and hyphens.
    • Subscription: Choose the subscription to use. If you're a member of only one subscription, you'll see that name. If you're not sure which subscription to use, use the default (suggested) subscription. There are multiple choices only if your work or school account is associated with more than one Azure subscription.
    • Resource group: Use an existing resource group or create a new one. To see the list of available resource groups in your subscription, select Use existing, and then select a resource from the drop-down list box. To create a new resource group, select Create new and enter the name. For complete information about resource groups, see Azure Resource Manager overview.
    • Location: Select the geographic region for the vault. To create a vault to protect virtual machines, the vault must be in the same region as the virtual machines.


      If you're not sure of the location of your VM, close the dialog box. Go to the list of virtual machines in the portal. If you have virtual machines in several regions, create a Recovery Services vault in each region. Create the vault in the first location, before you create the vault for another location. There's no need to specify storage accounts to store the backup data. The Recovery Services vault and the Azure Backup service handle that automatically.

  5. When you're ready to create the Recovery Services vault, select Create.

    Create the Recovery Services vault

    It can take a while to create the Recovery Services vault. Monitor the status notifications in the Notifications area at the upper-right corner of the portal. After your vault is created, it's visible in the list of Recovery Services vaults. If you don't see your vault, select Refresh.

    Refresh the list of backup vaults

Set Storage Replication

The storage replication option allows you to choose between geo-redundant storage and locally redundant storage. By default, Recovery Services vaults use geo-redundant storage. If this vault is your primary vault, leave the storage option set to geo-redundant storage. Choose locally redundant storage if you want a cheaper option that isn't quite as durable. Read more about geo-redundant and locally redundant storage options in the Azure Storage replication overview.

To edit the storage replication setting:

  1. Select your vault to open the vault dashboard and the Settings menu. If the Settings menu doesn't open, click All settings in the vault dashboard.
  2. On the Settings menu, click Backup Infrastructure > Backup Configuration to open the Backup Configuration blade. On the Backup Configuration menu, choose the storage replication option for your vault.

    List of backup vaults

    After choosing the storage option for your vault, you are ready to associate the VM with the vault. To begin the association, you should discover and register the Azure virtual machines.

Software package

Downloading the software package

  1. Sign in to the Azure portal.
  2. If you already have a Recovery Services vault open, proceed to step 3. If you do not have a Recovery Services vault open, but are in the Azure portal, on the main menu, click Browse.

    • In the list of resources, type Recovery Services.
    • As you begin typing, the list will filter based on your input. When you see Recovery Services vaults, click it.

      Create Recovery Services Vault step 1

      The list of Recovery Services vaults appears.

    • From the list of Recovery Services vaults, select a vault.

      The selected vault dashboard opens.

      Open vault blade

  3. The Settings blade opens up by default. If it is closed, click on Settings to open the settings blade.

    Open vault blade

  4. Click Backup to open the Getting Started wizard.

    Backup getting started

    In the Getting Started with backup blade that opens, Backup Goals will be auto-selected.


  5. In the Backup Goal blade, from the Where is your workload running menu, select On-premises.

    on-premises and workloads as goals

    From the What do you want to backup? drop-down menu, select the workloads you want to protect using Azure Backup Server, and then click OK.

    The Getting Started with backup wizard switches the Prepare infrastructure option to back up workloads to Azure.


    If you only want to back up files and folders, we recommend using the Azure Backup agent and following the guidance in the article, First look: back up files and folders. If you are going to protect more than files and folders, or you are planning to expand the protection needs in the future, select those workloads.

    Getting Started wizard change

  6. In the Prepare infrastructure blade that opens, click the Download links for Install Azure Backup Server and Download vault credentials. You use the vault credentials during registration of Azure Backup Server to the recovery services vault. The links take you to the Download Center where the software package can be downloaded.

    Prepare infrastructure for Azure Backup Server

  7. Select all the files and click Next. Download all the files coming in from the Microsoft Azure Backup download page, and place all the files in the same folder.

    Download center 1

    Since the download size of all the files together is > 3G, on a 10Mbps download link it may take up to 60 minutes for the download to complete.

Extracting the software package

After you've downloaded all the files, click MicrosoftAzureBackupInstaller.exe. This will start the Microsoft Azure Backup Setup Wizard to extract the setup files to a location specified by you. Continue through the wizard and click on the Extract button to begin the extraction process.


At least 4GB of free space is required to extract the setup files.

Microsoft Azure Backup Setup Wizard

Once the extraction process complete, check the box to launch the freshly extracted setup.exe to begin installing Microsoft Azure Backup Server and click on the Finish button.

Installing the software package

  1. Click Microsoft Azure Backup to launch the setup wizard.

    Microsoft Azure Backup Setup Wizard

  2. On the Welcome screen click the Next button. This takes you to the Prerequisite Checks section. On this screen, click Check to determine if the hardware and software prerequisites for Azure Backup Server have been met. If all prerequisites are met successfully, you will see a message indicating that the machine meets the requirements. Click on the Next button.

    Azure Backup Server - Welcome and Prerequisites check

  3. Microsoft Azure Backup Server requires SQL Server Standard. Further,the Azure Backup Server installation package comes bundled with the appropriate SQL Server binaries needed if you do not wish to use your own SQL. When starting with a new Azure Backup Server installation, you should pick the option Install new Instance of SQL Server with this Setup and click the Check and Install button. Once the prerequisites are successfully installed, click Next.

    Azure Backup Server - SQL check

    If a failure occurs with a recommendation to restart the machine, do so and click Check Again.


    Azure Backup Server will not work with a remote SQL Server instance. The instance being used by Azure Backup Server needs to be local.

  4. Provide a location for the installation of Microsoft Azure Backup server files and click Next.

    Microsoft Azure Backup PreReq2

    The scratch location is a requirement for back up to Azure. Ensure the scratch location is at least 5% of the data planned to be backed up to the cloud. For disk protection, separate disks need to be configured once the installation completes. For more information regarding storage pools, see Configure storage pools and disk storage.

  5. Provide a strong password for restricted local user accounts and click Next.

    Microsoft Azure Backup PreReq2

  6. Select whether you want to use Microsoft Update to check for updates and click Next.


    We recommend having Windows Update redirect to Microsoft Update, which offers security and important updates for Windows and other products like Microsoft Azure Backup Server.

    Microsoft Azure Backup PreReq2

  7. Review the Summary of Settings and click Install.

    Microsoft Azure Backup PreReq2

  8. The installation happens in phases. In the first phase the Microsoft Azure Recovery Services Agent is installed on the server. The wizard also checks for Internet connectivity. If Internet connectivity is available you can proceed with installation, if not, you need to provide proxy details to connect to the Internet.

    The next step is to configure the Microsoft Azure Recovery Services Agent. As a part of the configuration, you will have to provide your vault credentials to register the machine to the recovery services vault. You will also provide a passphrase to encrypt/decrypt the data sent between Azure and your premises. You can automatically generate a passphrase or provide your own minimum 16-character passphrase. Continue with the wizard until the agent has been configured.

    Azure Backup Serer PreReq2

  9. Once registration of the Microsoft Azure Backup server successfully completes, the overall setup wizard proceeds to the installation and configuration of SQL Server and the Azure Backup Server components. Once the SQL Server component installation completes, the Azure Backup Server components are installed.

    Azure Backup Server

When the installation step has completed, the product's desktop icons will have been created as well. Just double-click the icon to launch the product.

Add backup storage

The first backup copy is kept on storage attached to the Azure Backup Server machine. For more information about adding disks, see Configure storage pools and disk storage.


You need to add backup storage even if you plan to send data to Azure. In the current architecture of Azure Backup Server, the Azure Backup vault holds the second copy of the data while the local storage holds the first (and mandatory) backup copy.

Network connectivity

Azure Backup Server requires connectivity to the Azure Backup service for the product to work successfully. To validate whether the machine has the connectivity to Azure, use the Get-DPMCloudConnection cmdlet in the Azure Backup Server PowerShell console. If the output of the cmdlet is TRUE then connectivity exists, else there is no connectivity.

At the same time, the Azure subscription needs to be in a healthy state. To find out the state of your subscription and to manage it, log in to the subscription portal.

Once you know the state of the Azure connectivity and of the Azure subscription, you can use the table below to find out the impact on the backup/restore functionality offered.

Connectivity State Azure Subscription Back up to Azure Back up to disk Restore from Azure Restore from disk
Connected Active Allowed Allowed Allowed Allowed
Connected Expired Stopped Stopped Allowed Allowed
Connected Deprovisioned Stopped Stopped Stopped and Azure recovery points deleted Stopped
Lost connectivity > 15 days Active Stopped Stopped Allowed Allowed
Lost connectivity > 15 days Expired Stopped Stopped Allowed Allowed
Lost connectivity > 15 days Deprovisioned Stopped Stopped Stopped and Azure recovery points deleted Stopped

Recovering from loss of connectivity

If you have a firewall or a proxy that is preventing access to Azure, you need to whitelist the following domain addresses in the firewall/proxy profile:

  • *
  • *
  • *
  • *

Once connectivity to Azure has been restored to the Azure Backup Server machine, the operations that can be performed are determined by the Azure subscription state. The table above has details about the operations allowed once the machine is "Connected".

Handling subscription states

It is possible to take an Azure subscription from an Expired or Deprovisioned state to the Active state. However this has some implications on the product behavior while the state is not Active:

  • A Deprovisioned subscription loses functionality for the period that it is deprovisioned. On turning Active, the product functionality of backup/restore is revived. The backup data on the local disk also can be retrieved if it was kept with a sufficiently large retention period. However, the backup data in Azure is irretrievably lost once the subscription enters the Deprovisioned state.
  • An Expired subscription only loses functionality for until it has been made Active again. Any backups scheduled for the period that the subscription was Expired will not run.


If Microsoft Azure Backup server fails with errors during the setup phase (or backup or restore), refer to this error codes document for more information. You can also refer to Azure Backup related FAQs

Next steps

You can get detailed information about preparing your environment for DPM on the Microsoft TechNet site. It also contains information about supported configurations on which Azure Backup Server can be deployed and used.

You can use these articles to gain a deeper understanding of workload protection using Microsoft Azure Backup server.