Azure File Backup

Question

Azure File Backup

GerryNicol 1

Hi there,

I have Azure Files backup running with GRS and CRR selected. The backup are running and I can run a restore to a secondary region.

I have the following questions

When restoring a share, the storage account in the seconday region has only got private endpoints and no public access. A restore seems to work, but I cannot find documetation on Azure Files Backup and private endpoints with public network access disabled.
When looking at the Business continuity centre, the Protection status in the secondary region is listed as 'not protected'. Why is this?

Vinod Pittala 4,095 Reputation points Microsoft External Staff Moderator

2025-04-28T06:24:31.6666667+00:00

Hello GerryNicol,

Have you had a chance to review Marcin Policht points?

Additionally, since you are referring Cross Region Restore feature for the azure file share, please refer to the below support matrix.https://learn.microsoft.com/en-us/azure/backup/backup-support-matrix#cross-region-restore

Kindly confirm if the provided solution resolves your issue. I look forward to your valuable feedback.

Thanks
Vinod Pittala 4,095 Reputation points Microsoft External Staff Moderator

2025-04-29T06:19:15.67+00:00

Hello GerryNicol,

I wanted to follow up on the detailed answer we provided regarding the issue you encountered. Have you had a chance to review it? I would like to ensure that the issue has been resolved to your satisfaction or if there is any further assistance you might need.

Kindly confirm if the provided solution resolves your issue. we will look forward to your valuable feedback.

Thank you.
Vinod Pittala 4,095 Reputation points Microsoft External Staff Moderator

2025-04-30T01:56:47.6133333+00:00

Hello GerryNicol,

I wanted to follow up on the detailed answer we provided regarding the issue you encountered. Have you had a chance to review it? I would like to ensure that the issue has been resolved to your satisfaction or if there is any further assistance you might need.

Kindly confirm if the provided solution resolves your issue. we will look forward to your valuable feedback.

Thank you.

1 answer

Your answer

Vinod Pittala 4,095 Reputation points Microsoft External Staff Moderator

2025-04-28T06:24:31.6666667+00:00

Hello GerryNicol,

Have you had a chance to review Marcin Policht points?

Additionally, since you are referring Cross Region Restore feature for the azure file share, please refer to the below support matrix.https://learn.microsoft.com/en-us/azure/backup/backup-support-matrix#cross-region-restore

Kindly confirm if the provided solution resolves your issue. I look forward to your valuable feedback.

Thanks
Vinod Pittala 4,095 Reputation points Microsoft External Staff Moderator

2025-04-29T06:19:15.67+00:00

Hello GerryNicol,

I wanted to follow up on the detailed answer we provided regarding the issue you encountered. Have you had a chance to review it? I would like to ensure that the issue has been resolved to your satisfaction or if there is any further assistance you might need.

Kindly confirm if the provided solution resolves your issue. we will look forward to your valuable feedback.

Thank you.
Vinod Pittala 4,095 Reputation points Microsoft External Staff Moderator

2025-04-30T01:56:47.6133333+00:00

Hello GerryNicol,

I wanted to follow up on the detailed answer we provided regarding the issue you encountered. Have you had a chance to review it? I would like to ensure that the issue has been resolved to your satisfaction or if there is any further assistance you might need.

Kindly confirm if the provided solution resolves your issue. we will look forward to your valuable feedback.

Thank you.

Answer 1

Regarding the first question, as per https://learn.microsoft.com/en-us/azure/storage/common/storage-private-endpoints#creating-a-private-endpoint

"For read access to the secondary region with a storage account configured for geo-redundant storage, you need separate private endpoints for both the primary and secondary instances of the service. You don't need to create a private endpoint for the secondary instance for failover. The private endpoint will automatically connect to the new primary instance after failover."

Regarding the second question, geo-redundant data Azure Files GRS (Geo-Redundant Storage) + CRR (Cross-Region Restore) works by replicating data automatically to the secondary region. But only the primary region is "protected" because that's where your backup policies, backup schedules, and recovery points are officially managed. The secondary region only holds a readable replica of the backup data, not an active protection policy.

So when it says "Not Protected" on the secondary region, it just means here's no backup job running directly in that region.

It's just passive replica data ready for you to restore if needed (like in a disaster). That's expected and normal behavior.

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin

Share via

Azure File Backup

1 answer

Your answer