Restore Azure Managed Disks using Azure PowerShell
This article explains how to restore Azure Managed Disks from a restore point created by Azure Backup.
Currently, the Original-Location Recovery (OLR) option of restoring by replacing existing the source disk from where the backups were taken isn't supported. You can restore from a recovery point to create a new disk either in the same resource group as that of the source disk from where the backups were taken or in any other resource group. This is known as Alternate-Location Recovery (ALR) and this helps to keep both the source disk and the restored (new) disk.
In this article, you'll learn how to:
Restore to create a new disk
Track the restore operation status
We will refer to an existing backup vault "TestBkpVault" under the resource group "testBkpVaultRG" in the examples
$TestBkpVault = Get-AzDataProtectionBackupVault -VaultName TestBkpVault -ResourceGroupName "testBkpVaultRG"
Restore to create a new disk
Setting up permissions
Backup Vault uses Managed Identity to access other Azure resources. To restore from backup, Backup vault’s managed identity requires a set of permissions on the resource group where the disk is to be restored.
Backup vault uses a system assigned managed identity, which is restricted to one per resource and is tied to the lifecycle of this resource. You can grant permissions to the managed identity by using Azure role-based access control (Azure RBAC). Managed identity is a service principal of a special type that may only be used with Azure resources. Learn more about Managed Identities.
Assign the relevant permissions for vault's system assigned managed identity on the target resource group where the disks will be restored/created as mentioned here.
Fetching the relevant recovery point
Fetch all instances using Get-AzDataProtectionBackupInstance command and identify the relevant instance.
$AllInstances = Get-AzDataProtectionBackupInstance -ResourceGroupName "testBkpVaultRG" -VaultName $TestBkpVault.Name
You can also use Az.Resourcegraph and the Search-AzDataProtectionBackupInstanceInAzGraph command to search across instances in many vaults and subscriptions.
$AllInstances = Search-AzDataProtectionBackupInstanceInAzGraph -ResourceGroupName "testBkpVaultRG" -VaultName $TestBkpVault.Name -DatasourceType AzureDisk -ProtectionStatus ProtectionConfigured
Once the instance is identified, fetch the relevant recovery point.
$rp = Get-AzDataProtectionRecoveryPoint -ResourceGroupName "testBkpVaultRG" -VaultName $TestBkpVault.Name -BackupInstanceName $AllInstances.BackupInstanceName
Preparing the restore request
Construct the ARM ID of the new disk to be created with the target resource group, to which permissions were assigned as detailed above, and the required disk name. For example, a disk can be named PSTestDisk2 under a resource group targetrg with a different subscription.
$targetDiskId = /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx/resourceGroups/targetrg/providers/Microsoft.Compute/disks/PSTestDisk2
Use the Initialize-AzDataProtectionRestoreRequest command to prepare the restore request with all relevant details.
$restorerequest = Initialize-AzDataProtectionRestoreRequest -DatasourceType AzureDisk -SourceDataStore OperationalStore -RestoreLocation $TestBkpVault.Location -RestoreType AlternateLocation -TargetResourceId $targetDiskId -RecoveryPoint $rp.Name
Trigger the restore
Use the Start-AzDataProtectionBackupInstanceRestore command to trigger the restore with the request prepared above.
Start-AzDataProtectionBackupInstanceRestore -BackupInstanceName $AllInstances.BackupInstanceName -ResourceGroupName "testBkpVaultRG" -VaultName $TestBkpVault.Name -Parameter $restorerequest
Track all the jobs using the Get-AzDataProtectionJob command. You can list all jobs and fetch a particular job detail.
You can also use Az.ResourceGraph to track all jobs across all backup vaults. Use the Search-AzDataProtectionJobInAzGraph command to get the relevant job, which can be across any backup vault.
$job = Search-AzDataProtectionJobInAzGraph -Subscription $sub -ResourceGroupName "testBkpVaultRG" -Vault $TestBkpVault.Name -DatasourceType AzureDisk -Operation OnDemandBackup