Back up a virtual machine in Azure with PowerShell

The Azure PowerShell AZ module is used to create and manage Azure resources from the command line or in scripts.

Azure Backup backs up on-premises machines and apps, and Azure VMs. This article shows you how to back up an Azure VM with the AZ module. Alternatively, you can back up a VM using the Azure CLI, or in the Azure portal.

This quickstart enables backup on an existing Azure VM. If you need to create a VM, you can create a VM with Azure PowerShell.

This quickstart requires the Azure PowerShell AZ module version 1.0.0 or later. Run Get-Module -ListAvailable Az to find the version. If you need to install or upgrade, see Install Azure PowerShell module.

Note

This article has been updated to use the new Azure PowerShell Az module. You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. For Az module installation instructions, see Install Azure PowerShell.

Sign in and register

  1. Sign in to your Azure subscription with the Connect-AzAccount command and follow the on-screen directions.

    Connect-AzAccount
    
  2. The first time you use Azure Backup, you must register the Azure Recovery Service provider in your subscription with Register-AzResourceProvider, as follows:

    Register-AzResourceProvider -ProviderNamespace "Microsoft.RecoveryServices"
    

Create a Recovery Services vault

A Recovery Services vault is a logical container that stores backup data for protected resources, such as Azure VMs. When a backup job runs, it creates a recovery point inside the Recovery Services vault. You can then use one of these recovery points to restore data to a given point in time.

When you create the vault:

  • For the resource group and location, specify the resource group and location of the VM you want to back up.
  • If you used this sample script to create the VM, the resource group is myResourceGroup, the VM is *myVM, and the resources are in the WestEurope region.
  • Azure Backup automatically handles storage for backed up data. By default the vault uses Geo-Redundant Storage (GRS). Geo-redundancy ensures that backed up data is replicated to a secondary Azure region, hundreds of miles away from the primary region.

Now create a vault:

  1. Use the New-AzRecoveryServicesVault to create the vault:

    New-AzRecoveryServicesVault `
        -ResourceGroupName "myResourceGroup" `
        -Name "myRecoveryServicesVault" `
    -Location "WestEurope"
    
  2. Set the vault context with Set-AzRecoveryServicesVaultContext, as follows:

    Get-AzRecoveryServicesVault `
        -Name "myRecoveryServicesVault" | Set-AzRecoveryServicesVaultContext
    
  3. Change the storage redundancy configuration (LRS/GRS) of the vault with Set-AzRecoveryServicesBackupProperty, as follows:

    Get-AzRecoveryServicesVault `
        -Name "myRecoveryServicesVault" | Set-AzRecoveryServicesBackupProperty -BackupStorageRedundancy LocallyRedundant/GeoRedundant
    

    Note

    Storage Redundancy can be modified only if there are no backup items protected to the vault.

Enable backup for an Azure VM

You enable backup for an Azure VM, and specify a backup policy.

  • The policy defines when backups run, and how long recovery points created by the backups should be retained.
  • The default protection policy runs a backup once a day for the VM, and retains the created recovery points for 30 days. You can use this default policy to quickly protect your VM.

Enable backup as follows:

  1. First, set the default policy with Get-AzRecoveryServicesBackupProtectionPolicy:

    $policy = Get-AzRecoveryServicesBackupProtectionPolicy     -Name "DefaultPolicy"
    
  2. Enable VM backup with Enable-AzRecoveryServicesBackupProtection. Specify the policy, the resource group, and the VM name.

    Enable-AzRecoveryServicesBackupProtection `
        -ResourceGroupName "myResourceGroup" `
        -Name "myVM" `
        -Policy $policy
    

Start a backup job

Backups run according to the schedule specified in the backup policy. You can also run an on-demand backup:

  • The first initial backup job creates a full recovery point.
  • After the initial backup, each backup job creates incremental recovery points.
  • Incremental recovery points are storage and time-efficient, as they only transfer changes made since the last backup.

To run an on-demand backup, you use the Backup-AzRecoveryServicesBackupItem.

Run an on-demand backup job as follows:

  1. Specify the container, obtain VM information, and run the backup.

    $backupcontainer = Get-AzRecoveryServicesBackupContainer `
        -ContainerType "AzureVM" `
        -FriendlyName "myVM"
    
    $item = Get-AzRecoveryServicesBackupItem `
        -Container $backupcontainer `
        -WorkloadType "AzureVM"
    
    Backup-AzRecoveryServicesBackupItem -Item $item
    
  2. You might need to wait up to 20 minutes, since the first backup job creates a full recovery point. Monitor the job as described in the next procedure.

Monitor the backup job

  1. Run Get-AzRecoveryservicesBackupJob to monitor the job status.

    Get-AzRecoveryservicesBackupJob
    

    Output is similar to the following example, which shows the job as InProgress:

    WorkloadName   Operation         Status       StartTime              EndTime                JobID
    ------------   ---------         ------       ---------              -------                -----
    myvm           Backup            InProgress   9/18/2017 9:38:02 PM                          9f9e8f14
    myvm           ConfigureBackup   Completed    9/18/2017 9:33:18 PM   9/18/2017 9:33:51 PM   fe79c739
    
  2. When the job status is Completed, the VM is protected and has a full recovery point stored.

Clean up the deployment

If you no longer need to back up the VM, you can clean it up.

  • If you want to try out restoring the VM, skip the clean-up.
  • If you used an existing VM, you can skip the final Remove-AzResourceGroup cmdlet to leave the resource group and VM in place.

Disable protection, remove the restore points and vault. Then delete the resource group and associated VM resources, as follows:

Disable-AzRecoveryServicesBackupProtection -Item $item -RemoveRecoveryPoints
$vault = Get-AzRecoveryServicesVault -Name "myRecoveryServicesVault"
Remove-AzRecoveryServicesVault -Vault $vault
Remove-AzResourceGroup -Name "myResourceGroup"

Next steps

In this quickstart, you created a Recovery Services vault, enabled protection on a VM, and created the initial recovery point.