Understanding Azure Backup – Protect data on-premises and in the cloud

Summary: Azure Backup is a great “feature” that allows you to quickly backup any on-premises or cloud workloads with very little configuration. This blog post goes into detail on the different options.

When I first heard of Azure Backup I thought this would be a solution that could protect Azure resources. When I started reading about it in more detail, I realized it is more than that! By leveraging Azure Backup, you can protect your cloud native AND on-premises resources with very little effort. This blog post will go into detail on backup options and license costs.

Why backup

When you think of backup in Azure, you might think: “Why do I need to worry about this? Microsoft does this for me right?”. The answer is no. Of course, Microsoft invests a lot of resources in protecting your data to make sure it is always available for you. However, this is just for disaster recovery scenarios. For instance, when a datacenter that hosts your Azure VMs goes down, depending on your configuration, Microsoft makes sure your VM will continue running in another datacenter.

So why do I need to care about backing up my resources you might ask? As mentioned, Microsoft only provides disaster recovery protection, so data corruption or ransomware is not covered in this. Over the last years, ransomware has been a huge problem for organizations where documents are encrypted and can only be recovered if you pay a large sum of money.

Ransomware statistics

Ransomware over the years (source: https://www.statista.com/statistics/494947/ransomware-attacks-per-year-worldwide/)

In 2016 alone, 638 million ransomware attacks occurred. The damage of these ransomware attacks are devastating. This alone should be a reason to at least look into the possibilities to prevent this from occurring.


Azure Backup is a one-stop solution for backing up cloud native and on-premises resources from Azure. While it is a one-stop solution, you still need to know what you need when configuring it. To demonstrate this, I created this image that hopefully helps you understand what solution is used when you configure Azure Backup.

Overview of Azure Backup

As you can see, Azure Backup is the core of the solution. The Azure product that provides this is called the “Recovery Services Vault”. This is where you configure most of it! Before you start backing up resources, you need to tell Azure how to store your backup data. This is called the storage replication type. You have 2 choices:

  • Locally-redundant storage (LRS)
  • Geo-redundant storage (GRS)

The settings can be found under: “Backup infrastructure” -> “Backup Configuration”.

Geo-redundant storage is the default setting. After you setup your first backup, it is impossible to switch this to locally-redundant storage. Storing data using GRS costs twice as much, but allows you to have your backup data stored in multiple datacenters. If you need to switch to LRS after you configured a backup, you need to remove all protected instances, including the backed up data. This can be a pain, so make sure to check this before you start the configuration.

Cloud native backup

With cloud native backup you can protect resources in Azure. This includes:

Azure Virtual machines

Backing up Azure VMs is very easy. All VMs in Azure automatically include the Azure Backup agent, no configuration needed for this. The only exception is when you migrated VMs from your on-premises datacenter to Azure. In this case, you have to install the Azure Backup agent.

The VMs that you want to backup must be in the same region as the Recovery Services Vault. This makes sense, because your backup data will be transferred to the Recovery Services Vault.

You can schedule Azure backup to backup Azure VMs up to once a day. You can also perform up to 4 manual backups for Azure VMs per day. This can be very useful when patching VMs.

For detailed information on how to configure Azure Backup for Azure VMs, see: https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-first-look-arm

Azure Fileshare (preview)

Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol. Azure file shares can be mounted concurrently by cloud or on-premises deployments of Windows, Linux, and macOS. Additionally, Azure file shares can be cached on Windows Servers with Azure File Sync for fast access near where the data is being used.

Backing up Azure Fileshare is very easy, as it requires no additional configuration on the Azure fileshare. Just select the Azure Fileshare and set up a backup policy and retention policy and you are good to go!

You can schedule Azure Fileshare backup to backup Azure Fileshares up to once a day. You can also perform up to 4 manual backups for Azure Fileshares.

There are 3 caveats when configuring backup for Azure Fileshare:

  • You can’t protect Azure Fileshares in storage accounts that have Virtual Networks or Firewall enabled
  • There is no automatic scan for new fileshares in a storage account
  • Azure Backup for Azure Fileshare is still in preview

For detailed information on how to configure Azure Backup for Azure Fileshares, see: https://docs.microsoft.com/en-us/azure/backup/backup-azure-files.

SQL Server in Azure VM (preview)

This one is great! Any VM in Azure that hosts SQL Server has native backup possibilities for SQL Server. This means you do not manually need to configure maintenance plans in the Azure VM to do SQL backups. If you selected a SQL Server template from the VM gallery, you do not need to configure anything to get this to work.

If you created a Windows VM and then manually installed SQL Server, you need to configure permissions for Azure Backup to work. This is described here: https://docs.microsoft.com/en-us/azure/backup/backup-azure-sql-database#set-permissions-for-non-marketplace-sql-vms.

You can schedule up to 1 full backup a day, with transaction log backups every 15 minutes! It is also possible to use compression settings as you could do on-premises.

You can choose to backup individual databases, or you can choose to “auto-protect” the SQL Server instance. This is a new feature that is described here: https://azure.microsoft.com/en-us/blog/azure-backup-can-automatically-protect-sql-databases-in-azure-vm-through-auto-protect/. This means you do not have to configure backup for newly created databases.

Microsoft Azure Backup Server (MABS)

As said, Azure Backup can also protect on-premises resources. Depending on the workload you need Microsoft Azure Backup Server (MABS) or Microsoft Azure Recovery Service (MARS).

Microsoft Azure Backup Server

Microsoft Azure Backup Server is used to protect workloads like SharePoint, SQL Server and Exchange that are hosted on-premises. For a full list of workloads that can be protected using MABS can be found here: https://docs.microsoft.com/en-us/azure/backup/backup-mabs-protection-matrix.

In essence, this is Microsoft Data Protection Manager (DPM), with some minor changes. The major one being the different pricing model. You do not need a software license for Microsoft Azure Backup Server, pricing is based on the protected instances. Also, you do not have the possibility to use tape storage.

If you are familiar with DPM, configuring Azure Backup Manager shouldn’t be any problem!

For detailed information on how to configure Microsoft Azure Backup Server, see: https://docs.microsoft.com/en-us/azure/backup/backup-azure-microsoft-azure-backup.

Microsoft Azure Recovery Service (MARS)

Microsoft Azure Recovery Service (MARS) allows you to backup on-premises resources. It uses a backup agent installed on the local VM to protect the following resources:

  • Files and folders
  • System state

I personally use MARS for backing up single-server applications. This allows me to have a cheap scalable backup solution that requires no additional backup infrastructure. All data is backed up securely in the Recovery Services Vault.

To start backing up using Azure Recovery Service, download the MARS agent and configure a backup policy and retention policy from the server. You can download the agent from the Azure Recovery Services vault. You also need a file that contains the vault credential. This is used to setup a link between the on-premises server and the Azure Recovery Services Vault.

For detailed information on how to configure Microsoft Azure Recovery Service, see: https://docs.microsoft.com/en-us/azure/backup/backup-configure-vault.


The pricing model used for Azure Backup is based on 2 factors:

  • Instance
  • Storage

Instance cost

The price per instance depends on the data that is present in the instance.

Azure Backup Pricing
Example: If you have 1.2 TB of data in one instance, then the cost would be $30 plus storage consumed. You would be charged $10 for two 500 GB increments and $10 for the remaining 200 GB data.

Storage cost

The pricing for storage depends on the data replication type you chose when setting up the Recovery Services Vault. You have the option to choose between Locally-redundant storage and Geo-redundant storage.

Azure Backup Storage pricing

Pricing example

Let’s say we have 2 VMs configured in Azure Backup. Both use the Locally-redundant storage type.

  • VM1: 40GB data
  • VM2: 800GB data

For a single full backup, the costs would be:

Total costs VM 1 VM 2
Price per instance $5 $20
Price per GB $0.024 $0.024
Amount of data 40GB 800GB
Total storage costs $0.96 $19.2
Total $5.96 $39.2

In a production environment, you will likely have a retention policy in place. This isn’t factored in the pricing example above. You need to pay for the storage consumed by the backups every month, so keep this in mind.

Microsoft released a pricing calculator for Azure Backup, which allows you to see the total backup costs, including retention. It can be found here: https://azure.microsoft.com/en-us/pricing/calculator/?service=backup.


Azure Backup is the Azure-based service you can use to back up (or protect) and restore your data in the Microsoft cloud. Azure Backup replaces your existing on-premises or off-site backup solution with a cloud-based solution that is reliable, secure, and cost-competitive.

Leave a Reply

Your email address will not be published. Required fields are marked *