Back up an Azure VM using Enhanced policy
This article explains how to use Enhanced policy to configure Multiple Backups Per Day and back up Trusted Launch VMs with Azure Backup service.
Azure Backup now supports Enhanced policy that's needed to support new Azure offerings. For example, Trusted Launch VM is supported with Enhanced policy only.
Important
- Default policy will not support protecting newer Azure offerings, such as Trusted Launch VM, Ultra SSD, Premium SSD v2, Shared disk, and Confidential Azure VMs.
- Enhanced policy now supports protecting both Ultra SSD and Premium SSD v2.
- Backups for VMs having data access authentication enabled disks will fail.
- If you're protecting a VM with an enhanced policy, it incurs additional snapshot costs. Learn more.
- Once you enable a VM backup with Enhanced policy, Azure Backup doesn't allow to change the policy type to Standard.
- Azure Backup now supports the migration to enhanced policy for the Azure VM backups using standard policy. Learn more.
- You can exclude shared disk with Enhanced policy and backup the other supported disks in the VM.
You must enable backup of Trusted Launch VM through enhanced policy only. Enhanced policy provides the following features:
- Supports Multiple Backups Per Day.
- Instant Restore tier is zonally redundant using Zone-redundant storage (ZRS) resiliency. See the pricing details for Managed Disk Snapshots.
The following screenshot shows Multiple Backups occurred in a day.
Note
The above screenshot shows that one of the backups is transferred to Vault-Standard tier.
Create an Enhanced policy and configure VM backup
Choose a client
Follow these steps:
In the Azure portal, select a Recovery Services vault to back up the VM.
Under Backup, select Backup Policies.
Select +Add.
On Select policy type, select Azure Virtual Machine.
On Create policy, perform the following actions:
Policy sub-type: Select Enhanced type.
Backup schedule: You can select frequency as Hourly/Daily/Weekly.
With backup schedule set to Hourly, the default selection for start time is 8 AM, schedule is Every 4 hours, and duration is 24 Hours. Hourly backup has a minimum RPO of 4 hours and a maximum of 24 hours. You can set the backup schedule to 4, 6, 8, 12, and 24 hours respectively.
Instant Restore: You can set the retention of recovery snapshot from 1 to 30 days. The default value is set to 7.
Retention range: Options for retention range are autoselected based on backup frequency you choose. The default retention for daily, weekly, monthly, and yearly backup points are set to 180 days, 12 weeks, 60 months, and 10 years respectively. You can customize these values as required.
Note
The maximum limit of instant recovery point retention range depends on the number of snapshots you take per day. If the snapshot count is more (for example, every 4 hours frequency in 24 hours duration - 6 scheduled snapshots), then the maximum allowed days for retention reduces.
However, if you choose lower RPO of 12 hours, the snapshot retention is increased to 30 days.
Select Create.
Note
- The support for Enhanced policy is available in all Azure Public and US Government regions.
- For hourly backups, the last backup of the day is transferred to vault. If backup fails, the first backup of the next day is transferred to vault.
- Migration to enhanced policy for Azure VMs protected with standard policy is now supported and available in preview.
- Backup an Azure VM with disks that have public network access disabled is now supported and generally available.
Enable selective disk backup and restore
You can exclude noncritical disks from backup by using selective disk backup to save costs. Using this capability, you can selectively back up a subset of the data disks that are attached to your VM, and then restore a subset of the disks that are available in a recovery point, both from instant restore and vault tier. Learn more.