Back up a virtual machine in Azure with PowerShell

The Azure PowerShell module is used to create and manage Azure resources from the command line or in scripts. You can protect your data by taking backups at regular intervals. Azure Backup creates recovery points that can be stored in geo-redundant recovery vaults. This article details how to back up a virtual machine (VM) with the Azure PowerShell module. You can also perform these steps with the Azure CLI or Azure portal.

This quickstart enables backup on an existing Azure VM. If you need to create a VM, you can create a VM with Azure PowerShell.

This quickstart requires the Azure PowerShell module version 4.4 or later. Run Get-Module -ListAvailable AzureRM to find the version. If you need to install or upgrade, see Install Azure PowerShell module.

Log in to Azure

Log in to your Azure subscription with the Connect-AzureRmAccount command and follow the on-screen directions.


The first time you use Azure Backup, you must register the Azure Recovery Service provider in your subscription with Register-AzureRmResourceProvider.

Register-AzureRmResourceProvider -ProviderNamespace "Microsoft.RecoveryServices"

Create a recovery services vaults

A Recovery Services vault is a logical container that stores the backup data for each protected resource, such as Azure VMs. When the backup job for a protected resource runs, it creates a recovery point inside the Recovery Services vault. You can then use one of these recovery points to restore data to a given point in time.

Create a Recovery Services vault with New-AzureRmRecoveryServicesVault. Specify the same resource group and location as the VM you wish to protect. If you used the sample script to create your VM, the resource group is named myResourceGroup, the VM is named myVM, and the resources are in the WestEurope location.

New-AzureRmRecoveryServicesVault `
    -ResourceGroupName "myResourceGroup" `
    -Name "myRecoveryServicesVault" `
    -Location "WestEurope"

By default, the vault is set for Geo-Redundant storage. To further protect your data, this storage redundancy level ensures that your backup data is replicated to a secondary Azure region that is hundreds of miles away from the primary region.

To use this vault with the remaining steps, set the vault context with Set-AzureRmRecoveryServicesVaultContext

Get-AzureRmRecoveryServicesVault `
    -Name "myRecoveryServicesVault" | Set-AzureRmRecoveryServicesVaultContext

Enable backup for an Azure VM

You create and use policies to define when a backup job runs and how long the recovery points are stored. The default protection policy runs a backup job each day, and retains recovery points for 30 days. You can use these default policy values to quickly protect your VM. First, set the default policy with Get-AzureRmRecoveryServicesBackupProtectionPolicy:

$policy = Get-AzureRmRecoveryServicesBackupProtectionPolicy -Name "DefaultPolicy"

To enable backup protection for a VM, use Enable-AzureRmRecoveryServicesBackupProtection. Specify the policy to use, then the resource group and VM to protect:

Enable-AzureRmRecoveryServicesBackupProtection `
    -ResourceGroupName "myResourceGroup" `
    -Name "myVM" `
    -Policy $policy

Start a backup job

To start a backup now rather than wait for the default policy to run the job at the scheduled time, use Backup-AzureRmRecoveryServicesBackupItem. This first backup job creates a full recovery point. Each backup job after this initial backup creates incremental recovery points. Incremental recovery points are storage and time-efficient, as they only transfer changes made since the last backup.

In the following set of commands, you specify a container in the Recovery Services vault that holds your backup data with Get-AzureRmRecoveryServicesBackupContainer. Each VM to back up is treated as an item. To start a backup job, obtain information on your VM item with Get-AzureRmRecoveryServicesBackupItem.

$backupcontainer = Get-AzureRmRecoveryServicesBackupContainer `
    -ContainerType "AzureVM" `
    -FriendlyName "myVM"

$item = Get-AzureRmRecoveryServicesBackupItem `
    -Container $backupcontainer `
    -WorkloadType "AzureVM"

Backup-AzureRmRecoveryServicesBackupItem -Item $item

As this first backup job creates a full recovery point, the process can take up to 20 minutes.

Monitor the backup job

To monitor the status of backup jobs, use Get-AzureRmRecoveryservicesBackupJob:


The output is similar to the following example, which shows the backup job is InProgress:

WorkloadName   Operation         Status       StartTime              EndTime                JobID
------------   ---------         ------       ---------              -------                -----
myvm           Backup            InProgress   9/18/2017 9:38:02 PM                          9f9e8f14
myvm           ConfigureBackup   Completed    9/18/2017 9:33:18 PM   9/18/2017 9:33:51 PM   fe79c739

When the Status of the backup job reports Completed, your VM is protected with Recovery Services and has a full recovery point stored.

Clean up deployment

When no longer needed, you can disable protection on the VM, remove the restore points and Recovery Services vault, then delete the resource group and associated VM resources. If you used an existing VM, you can skip the final Remove-AzureRmResourceGroup cmdlet to leave the resource group and VM in place.

If you are going to continue on to a Backup tutorial that explains how to restore data for your VM, skip the steps in this section and go to Next steps.

Disable-AzureRmRecoveryServicesBackupProtection -Item $item -RemoveRecoveryPoints
$vault = Get-AzureRmRecoveryServicesVault -Name "myRecoveryServicesVault"
Remove-AzureRmRecoveryServicesVault -Vault $vault
Remove-AzureRmResourceGroup -Name "myResourceGroup"

Next steps

In this quickstart, you created a Recovery Services vault, enabled protection on a VM, and created the initial recovery point. To learn more about Azure Backup and Recovery Services, continue to the tutorials.