Backing Up an On-Prem Server with Azure Backup
Start course

As the move to the cloud continues at a record pace, understanding how to properly backup and recover Azure virtual machines is becoming a key skill, one that every IT professional should possess.

In this course, you will learn how to plan and deploy Azure Backup and how to manage backups on a day-to-day basis. You will learn how to create the Recovery Services Vault that stores backed-up data, how to create backup policies, and how to perform backup operations. You’ll also learn how to perform VM restores.

The topics covered in this Azure course map very closely to the learning objectives covered in the Microsoft Azure certification exams. By mastering the topics covered in this course, you will not only learn the skills necessary for day-to-day Azure Backup management, but also learn the skills necessary to become Azure certified.

Learning Objectives

  • Learn how to configure and review backup reports
  • Understand how to perform backup operations
  • Create a Recovery Services Vault
  • Be able to create and configure backup policies
  • Know how to assign backup policies
  • Execute and perform restore operations

Intended Audience

  • IT Professionals interested in becoming Azure cloud architects
  • IT Professionals preparing for Microsoft’s Azure certification exams


  • General knowledge of IT infrastructure
  • General knowledge of the Azure environment


In this demonstration, we will back up an on-prem Windows server to the Recovery Services vault that we previously deployed. To begin the process for on-prem backup, click Backup in the Getting Started section of the Recovery Services vault. From the Where is your workload running dropdown menu, select On-premises. From the What do you want to backup menu, select Files and Folders. From the Prepare Infrastructure blade, download the MARS agent by clicking Download Agent for Windows Server or Windows Client. 

The MARS installer file is saved to your Downloads folder on your local machine. If prompted to run it, click No. It doesn't need to be installed yet nor does it need to be installed on your workstation. On the Prepare Infrastructure blade, click Download to download the vault credentials. The vault credentials are downloaded to your Downloads folder as well. The MARS agent that you downloaded is used to back up servers to Azure. The vault credentials are used to allow the server to communicate with the vault. Unfortunately, enabling backup of an on-prem server through the Azure portal is not yet available. Instead, backups for on-prem servers must be enabled using the MARS agent itself. To install the MARS agent on the on-prem server, locate the downloaded installer and copy it over to the server that needs to be backed up. Additionally, copy the downloaded vault credentials as well. 

Afterward, log in to the server and double click the MARS installer file to begin the installation of the MARS agent. The installer provides a series of messages as it extracts, installs, and registers the Recovery Services agent with the server. Follow the wizard to complete the installation. You'll need to choose a location for the installation and cache folder and provide any necessary proxy server information if a proxy is used in your environment to connect to the internet. We aren't using a proxy server so we can leave this piece alone. 

Next, provide the downloaded vault credentials and save the encryption passphrase in a secure location. Now one thing I wanna raise here and make sure you keep this in mind. Microsoft cannot help you recover backup data if you lose or forget the passphrase. Be sure to save the file in a secure location. It's required to restore backups. Without it, Microsoft can't help you. 

So, with the MARS agent installed and the server registered to the vault, the backup can now be scheduled. Now if the on-prem server has limited internet access and this happens in some environments, you need to ensure that any firewall settings that are configured are configured to allow access to, *, *, *, and * You need to make sure that your server can communicate with all those sites through your firewall. Use the Microsoft Azure Backup agent to create the backup policy for files and folders when backing up the on-prem server.

To do so, we simply open the Microsoft Azure Backup agent. In the Actions pane, click Schedule Backup. This launches the Schedule Backup wizard. Click Next on the Getting Started page of the Schedule Backup wizard. And on the Select Items to Backup page, click Add Items. Select the files and folders that you want to protect and then click OK. Click Next on the Select Items to Backup page. Specify the backup schedule and then click Next. You can schedule daily or weekly backups. Choose the specific retention policies for the backup on the Select Retention Policy page and then click Next. You can modify the daily, weekly, monthly, and even yearly retention policies to meet your needs. On the Choose Initial Backup Type page, select the initial backup type, leaving the automatically over the network option selected and then click Next. You can backup automatically over the network or you can backup offline. For this exercise, we're covering the process of backing up automatically. 

On the Confirmation page, review the information that's been provided and then click Finish. After the wizard finishes creating the backup schedule, click Close. Bandwidth utilization is always a concern, at least it is in most production environments. As such, the ability to control bandwidth used by backups is critical to ensuring backups do not negatively affect production traffic to the internet. That being said, the Microsoft Azure Backup agent provides network throttling capabilities. However, keep in mind that throttling is not available on Windows Server 2008 R2 SP1, Windows Server 2008 SP2 or Windows 7. 

So, although Azure Backup can protect these operating systems, the version of QoS available on these platforms doesn't work with Azure Backup network throttling. However, network throttling can be used on all other supported operating systems. To enable network throttling, click Change Properties in the Microsoft Azure Backup agent. On the Throttling tab, select Enable internet bandwidth usage throttling for backup operations. That's the checkbox here. After enabling throttling, specify the allowed bandwidth for backup data transfer during work hours and non-work hours. Obviously, you're gonna be a little more lenient with your bandwidth availability for backups during non-work hours than you would be during work hours. Start and finish times can be designated for work hours as well as which days of the week are considered work days. 

Hours outside of designated work hours are considered non-work hours. Click OK after setting the required parameters. With the policy configured, the initial backup can be launched from the backup agent by clicking Backup Now. The process completes the initial seeding over the network. Obviously, this can take a while. Review the settings on the Confirmation page and then click Back Up. Click Close to close the wizard. After the initial backup is completed, the Job Completed status appears in the backup console.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.