Protect and recover in Azure

Protect and recover is the third and final discipline in any cloud-management baseline.

Diagram showing a cloud management baseline.

In Operational compliance in Azure the objective is to reduce the likelihood of a business interruption. The current article aims to reduce the duration and impact of outages that can't be prevented.

For any enterprise-grade environment, this table outlines the suggested minimum for any management baseline:

Process Tool Purpose
Protect data Azure Backup Back up data and virtual machines in the cloud.
Protect the environment Microsoft Defender for Cloud Strengthen security and provide advanced threat protection across your hybrid workloads.

Azure Backup

With Azure Backup, you can back up, protect, and recover your data in the Microsoft cloud. Azure Backup replaces your existing on-premises or offsite backup solution with a cloud-based solution. This new solution is reliable, secure, and cost competitive. Azure Backup can also help protect and recover on-premises assets through one consistent solution.

For data present in Azure, Azure Backup offer varied levels of protection. For example, when backing up key cloud infrastructure pieces such as Azure Virtual Machines and Azure Files, it offers Azure Virtual Machines backup and Azure Files backup. For more critical components such as databases running in Azure Virtual Machines, it offers dedicated database backup solutions for SQL Server and SAP HANA with far lower RPO.

Review the following section to see how easily you can enable backup for Azure Virtual Machines.

Enable backup for an Azure VM

  1. In the Azure portal, select Virtual machines, then select the VM you want to backup.
  2. On the Operations pane, select Backup.
  3. Create or select an existing Azure Recovery Services vault.
  4. Select Create (or edit) a new policy.
  5. Configure the schedule and retention period.
  6. Select OK.
  7. Select Enable backup.

For more details about Azure Backup, see Overview of Azure Backup.

Azure Site Recovery

Azure Site Recovery is a critical component in your disaster recovery strategy.

Site Recovery replicates VMs and workloads that are hosted in a primary Azure region. It replicates them to a copy that is hosted in a secondary region. When an outage occurs in your primary region, you fail over to the copy running in the secondary region. You then continue to access your applications and services from there. This proactive approach to recovery can significantly reduce recovery times. When the recovery environment is no longer needed, production traffic can fall back to the original environment.

Replicate an Azure VM to another region with Site Recovery

The following steps outline the process to use Site Recovery for Azure-to-Azure replication, which is replication of an Azure VM to another region.


Depending on your scenario, the exact steps might differ slightly.

Enable replication for the Azure VM

  1. In the Azure portal, select Virtual machines, then select the VM you want to replicate.
  2. On the Operations pane, select Disaster recovery.
  3. Select Configure disaster recovery > Target region, and choose the target region to which you'll replicate.
  4. For this quickstart, accept the default values for all other options.
  5. Select Enable replication, which starts a job to enable replication for the VM.

Verify settings

After the replication job has finished, you can check the replication status, verify replication health, and test the deployment.

  1. In the VM menu, select Disaster recovery.
  2. Verify replication health, the recovery points that have been created, and source and target regions on the map.

Learn more