How Azure Backup Works
Start course

In this course, we'll take an introductory look at Azure Backup, where you’ll learn what it is and what it does. You’ll also learn what workloads can be protected with Azure Backup.

After you’ve been introduced to Azure Backup, we’ll take a look at how it works. You’ll learn about Recovery Services vaults, Backup vaults, and about backup data redundancy options. We’ll also cover the different backup types that are available.

Once you’ve learned how Azure Backup works, we’ll take a look at Backup Center, where you’ll learn how to use it to manage Azure Backups. Coming down the home stretch, we’ll take a look at Azure Backup policies, where you’ll learn why you use them and how to configure them. We’ll round things out with a few Azure Backup demonstrations.

Learning Objectives

A good understanding of what Azure Backup is, what it offers, and how to implement it.

Intended Audience

This course is intended for those who wish to learn about Azure Backup.


To get the most from this course, you should have a basic understanding of Microsoft Azure and its offerings.


So, how does Azure Backup work? Well, for starters, Azure Backup consists of a few different layers, or pieces. You have the Workload Integration Layer, the Data Plane, and the Management Plane. The Data Plane is actually broken out into two pieces: “Access Tiers” and “Availability and Security”.

The Workload Integration layer is where the integration of the backup extension and the workload being backed up happens. The Access Tiers within the Data Plane define where backups are stored. These access tiers include the Snapshot Tier, the Standard Tier, and then Archive Tier. The Availability and Security piece of the Data Plane defines where backup data is replicated. The redundancy options chosen by the user will determine if the backup data is replicated across zones, or regions, or both. And the Management Plane is where the Recovery Service vaults, Backup Vaults, and Backup Center sit. These tools allow you to interact with the backup service.

Whether it’s data, machine state, or workloads running on on-prem machines or on VMs, it’s all backed up to the cloud and stored in either a Recovery Services Vault or a Backup Vault. Backup Vaults support Azure Database for PostgreSQL server backups, Azure blob backups, and backups of Azure disks. Recovery Services Vaults support everything else, including VM backups, SQL in Azure VMs, Azure Files, SAP HANA in Azure VMs, Azure Backup Server backups, backups via Azure Backup Agents, and DPM.

Regardless of which type of vault you use; the vault is used to organize backup data and it allow you to monitor your backed up items. Access to Recovery Services Vaults and Backup Vaults is controlled by Azure RBAC.

When you backup to a vault, you need to specify how the data in the vault is replicated, because the replication you choose determines how redundant your backup data is. You have a few different choices. You have locally redundant storage, or LRS; you have GRS, or geo-redundant storage; and you have zone-redundant storage, or ZRS.

Locally redundant storage protects backup data from server rack failures and drive failures in Azure. LRS replicates the backed-up data three times with a single data center within the primary region.

Geo-redundant storage protect data against region-wide outages by replicating that data to a secondary region.

Zone-redundant storage replicates backup data in availability zones. This guarantees data residency and resiliency in the same region. I should mention that recovery services vaults use geo-redundant storage by default.

If you need to back up on-prem Windows machines, you can use the MARS agent to backup directly to Azure, right over the internet. The long name for the MARS agent is Azure Backup Microsoft Azure Recovery Services agent. You can also backup on-prem Windows machines to a backup server like System Center Data Protection Manager, or DPM, or a Microsoft Azure Backup Server, or MABS. In these cases, you would then backup the backup server to a Recovery Services Vault in Azure. I should point out that on-prem Linux machines are not supported by Azure Backup.

Azure VMs can be backed up directly to Azure via the backup extension that Azure Backup installs on Azure VMs. The backup extension allows you to perform a backup of the entire VM. However, if you only need to backup files and folders on a VM, you can use the MARS agent instead.

Azure Backup supports full backups and incremental backups. It also supports Full, Differential, and Transaction Log SQL Server backups. The table on your screen breaks down the differences between the types of backups supported by Azure Backup:

Notice that all backup types, including MARS agent backups, Azure VM backups and backups performed via DPM and MABS all go to a vault. What’s also important to note here is that all backup types also support incremental backups. 

In the next lesson, we’ll take a look at the Azure Backup Center.


About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.