What can we backup in Azure with Azure Backup Service?
- Azure Virtual Machines - You can take the full disk backup of Windows/Linux VMs on Azure using Azure backup extensions. If you wish to take backup of files and folders of a specific drive in a disk then you can use Microsoft Azure Recovery Services (MARS) agent.
- Azure Managed Disks - You can backup the entire Azure Managed Disks.
- Azure Storage - You can take complete and operational backup for Azure Blobs and File shares.
- SQL Server in Azure VMs - You can take the backup of SQL Server databases running on Azure VMs.
- SAP HANA databases in Azure VMs - You can take the backup SAP HANA databases running on Azure VMs.
- Azure Database for PostgreSQL Servers - You can take the backup of Azure PostgreSQL databases and retain the backups for up to 10 years.
Is Azure Backup Service capable of backing up on-premises data?
Yes, Azure Backup Service can be used to back up on-premises data. For that you need to install and configure a Microsoft Azure Recovery Services (MARS) agent on the on-premises server or machine. Once configured, you can backup your on-premise data directly to Azure. With this MARS agent you can backup files, folders, and system state to an Azure recovery service vault. With the Azure Backup Server (MABS) agent you can also protect on-premises VMs like Hyper-V, VMware and other on-premises workloads.
What Azure services can we monitor with Azure Backup?
Which ever the Azure service we are backing up, we can monitor all of those backup jobs by enabling diagnostic settings for Azure Recovery Services Vault. This will record the azure backup job actions. We can monitor logs with Azure Monitor or Azure Data Explorer.
Azure Backup Reports
Use the following KQL Log Query to get the count of Azure Backup Jobs with Status="Completed" from select Azure Subscription.
AzureDiagnostics | where Category == "AzureBackupReport" | where OperationName == "Job" and JobStatus_s == "Completed" | where _SubscriptionId == "68bXXXX5-4XXX-XXX4-9a2b-167233XXXX5" //Replace Sub Id | extend SubscriptionName=case(_SubscriptionId =~ '68bXXXX5-4XXX-XXX4-9a2b-167233XXXX5','Azure Monitor Sub',_SubscriptionId) //Replace Sub Id and Sub Name | summarize Success_Jobs_Count=count() by SubscriptionName
Use the following KQL Log Query to get the count of Azure Backup Jobs with Status="Failed" from select Azure Subscription.
AzureDiagnostics | where Category == "AzureBackupReport" | where OperationName == "Job" and JobStatus_s == "Failed" | where _SubscriptionId == "68bXXXX5-4XXX-XXX4-9a2b-167233XXXX5" //Replace Sub Id | extend SubscriptionName=case(_SubscriptionId =~ '68bXXXX5-4XXX-XXX4-9a2b-167233XXXX5','Azure Monitor Sub',_SubscriptionId) //Replace Sub Id and Sub Name | summarize Failed_Jobs_Count=count() by SubscriptionName
Use the following KQL Log Query to get the count of Azure Scheduled Backup Jobs from select Azure Subscription.
AzureDiagnostics | where Category == "AzureBackupReport" | where OperationName == "Job" and AdHocOrScheduledJob_s == "Scheduled" | where _SubscriptionId == "68bXXXX5-4XXX-XXX4-9a2b-167233XXXX5" //Replace Sub Id | extend SubscriptionName=case(_SubscriptionId =~ '68bXXXX5-4XXX-XXX4-9a2b-167233XXXX5','Azure Monitor Sub',_SubscriptionId) //Replace Sub Id and Sub Name | summarize Schedules_Jobs_Count=count() by SubscriptionName
Azure Virtual Machines Backup Compliance Report
Use the following KQL Log Query to get the detailed Azure Backup Compliance Report from a select Azure Subscription.
AzureDiagnostics | where Category == "AzureBackupReport" | where OperationName == "Job" | where _SubscriptionId == "68bXXXX5-4XXX-XXX4-9a2b-167233XXXX5" //Replace Sub Id | extend SubscriptionName=case(_SubscriptionId =~ '68bXXXX5-4XXX-XXX4-9a2b-167233XXXX5','Azure Monitor Sub',_SubscriptionId) //Replace Sub Id and Sub Name | project Recovery_Vault_Name=Resource, JobOperation_s, JobStatus_s, JobFailureCode_s, SubscriptionName, ResourceGroup, ResourceType, BackupItemUniqueId_s
Azure Virtual Machines Failed Backup Jobs
KQL Log Query to get the detailed Azure Virtual Machines Failed Backup Jobs Report from a select Azure Subscription.
AzureDiagnostics | where Category == "AzureBackupReport" | where OperationName == "Job" and JobStatus_s == "Failed" | where _SubscriptionId == "68bXXXX5-4XXX-XXX4-9a2b-167233XXXX5" //Replace Sub Id | extend SubscriptionName=case(_SubscriptionId =~ '68bXXXX5-4XXX-XXX4-9a2b-167233XXXX5','Azure Monitor Sub',_SubscriptionId) //Replace Sub Id and Sub Name | project Recovery_Vault_Name=Resource, JobOperation_s, JobStatus_s, JobFailureCode_s, SubscriptionName, ResourceGroup, ResourceType, BackupItemUniqueId_s
Azure Resource Graph Queries for Azure Backup
KQL Azure Resource Graph Query to get the details of Azure Backup Instances.
RecoveryServicesResources
| where type in~ ('Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems')
|extend policy = properties.policyInfo.policyId
| extend vaultName = case(type =~ 'microsoft.dataprotection/backupVaults/backupInstances',split(split(id, '/Microsoft.DataProtection/backupVaults/')[1],'/')[0],type =~ 'Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems',split(split(id, '/Microsoft.RecoveryServices/vaults/')[1],'/')[0],'--')
| extend dataSourceType = case(type =~ 'Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems',strcat(properties.backupManagementType,'/',properties.workloadType),type =~ 'microsoft.dataprotection/backupVaults/backupInstances',properties.dataSourceInfo.datasourceType,'--')
| extend friendlyName = properties.friendlyName
| extend dsResourceGroup = split(split(properties.dataSourceInfo.resourceID, '/resourceGroups/')[1],'/')[0]
| extend dsSubscription = split(split(properties.dataSourceInfo.resourceID, '/subscriptions/')[1],'/')[0]
| extend lastRestorePoint = properties.lastRecoveryPoint
| extend primaryLocation = properties.dataSourceInfo.resourceLocation
| extend policyName = case(type =~ 'microsoft.dataprotection/backupVaults/backupInstances', extract(@'([^/]*)/backupPolicies/([^/]*)', 2, tostring(policy)),type =~ 'Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems', properties.policyInfo.name,'--')
| extend protectionState = properties.currentProtectionState
| project id, name,type, resourceGroup, vaultName, friendlyName, subscriptionId, dataSourceType, protectionState, policyName, primaryLocation, lastRestorePoint, properties, dsResourceGroup, dsSubscription, location
| where (protectionState in~ ('ConfiguringProtection','ProtectionConfigured','ConfiguringProtectionFailed','ProtectionStopped','SoftDeleted','ProtectionError')) and (dataSourceType in~ ('AzureIaasVM/VM')) and (dsSubscription in~ ('68xxx777-xxxx-xxxx-xxxx-167xx3c2xx43','68xxx777-xxxx-xxxx-xxxx-167xx3c2xx43','68xxx777-xxxx-xxxx-xxxx-167xx3c2xx43','68xxx777-xxxx-xxxx-xxxx-167xx3c2xx43','68xxx777-xxxx-xxxx-xxxx-167xx3c2xx43','68xxx777-xxxx-xxxx-xxxx-167xx3c2xx43','68xxx777-xxxx-xxxx-xxxx-167xx3c2xx43'))
KQL Azure Resource Graph Query to get the details of Azure Recovery Services vaults and Backup.
Resources
| where type in~ ('microsoft.recoveryservices/vaults','Microsoft.DataProtection/BackupVaults')
| project name,resourceGroup,location,type,id
| where (type in~ ('microsoft.recoveryservices/vaults','Microsoft.DataProtection/BackupVaults'))
Azure Resource Graph Query to get the details of Azure Backup Policies
RecoveryServicesResources
| where type in~ ('Microsoft.RecoveryServices/vaults/backupPolicies')
| extend vaultName = case(type =~ 'microsoft.dataprotection/backupVaults/backupPolicies', split(split(id, '/Microsoft.DataProtection/backupVaults/')[1],'/')[0],type =~ 'microsoft.recoveryservices/vaults/backupPolicies', extract(@'([^/]*.[^/]*)/[V|v]aults/([^/]*)', 2, id),'--')
| extend workloadType = tostring(case (isnotnull(properties.workLoadType), properties.workLoadType, properties.backupManagementType == 'AzureIaasVM', 'VM', properties.backupManagementType == 'AzureStorage', 'AzureFileShare','--'))
| extend vaultType = case(type =~ 'microsoft.dataprotection/backupVaults/backupPolicies', 'Backup vault',type =~ 'microsoft.recoveryservices/vaults/backupPolicies', 'Recovery Services vault','--')
| extend datasourceType = case(type =~ 'Microsoft.RecoveryServices/vaults/backupPolicies', strcat(properties.backupManagementType,'/', workloadType),type =~ 'microsoft.dataprotection/backupVaults/backupPolicies',properties.datasourceTypes[0],'--')
| project id,name,vaultName,resourceGroup,properties,datasourceType,vaultType
| where (datasourceType in~ ('AzureIaasVM/VM'))