Secure Your Azure VMs with Agentless Crash-Consistent Backup: A Step-by-Step Guide

-

 Want to protect your Azure virtual machines with a robust, agentless backup solution? This guide walks you through configuring agentless crash-consistent backup for a new Azure virtual machine (VM) with multiple disks and how to switch an existing VM from application/filesystem-consistent to crash-consistent backup. All steps are performed easily via the Azure portal using the Enhanced Policy.

What is Agentless Crash-Consistent Backup?

Azure Backup supports agentless backups for VMs by creating crash-consistent snapshots across multiple disks. This eliminates the need to install an agent on the VM, simplifying the process. Crash-consistent backups are ideal when application-consistent snapshots fail or when you prefer a streamlined approach. Note that this feature requires the Enhanced Policy, as application/filesystem-consistent backup is the default setting.

Note: Check pricing details and supported scenarios before starting, as there may be limitations for certain VM configurations.

Prerequisites

  • An Azure account with administrative privileges.

  • An Azure virtual machine (new or existing).

  • Basic familiarity with the Azure portal.

Part 1: Configure Backup for a New Azure Virtual Machine

Follow these steps to enable agentless crash-consistent backup for a new Azure VM:

  1. Create a Recovery Services Vault:



    • In the Azure portal, create a Recovery Services vault 

    • Choose a resource group, region, and name for the vault.

    • Configure redundancy on the Redundancy tab based on your needs. Set Backup Storage Redundancy to Geo-redundant for high availability across regions (recommended for most scenarios).

    • On the Vault properties tab, you can optionally enable immutability to protect backups from deletion or changes. Leave it unchecked unless required for compliance.

    • If you want you can set Cross Subscription Restore. Cross Subscription Restore allows you to restore data to a different subscription within the same tenant as the source subscription.


  2. Start Backup Configuration:

    • In the Azure portal, navigate to your Recovery Services vault.

    • Click Backup under Getting Started.

    • Select Azure as the workload and Virtual machine as the resource type.

  3. Choose or Create a New Policy:

    • On the Configure Backup blade, under Policy sub-type, select Enhanced.

    • Click Create a new policy.

  4. Configure the Policy:

    • On the Create Policy blade:

      • Name the policy (e.g., "CrashConsistentBackup").

      • Set Consistency Type to Crash-consistent snapshot only.

      • Define the backup schedule (e.g., daily at 1:00 AM) and retention period (e.g., 30 days).

    • Click OK.

  5. Select Virtual Machine and Enable:

    • Choose the VM you want to back up.

    • Click Enable Backup to start the process.

Tip: All disks attached to the VM are automatically included in the backup.


Part 2: Switch an Existing VM to Crash-Consistent Backup

If you have VMs already using application/filesystem-consistent backup with the Enhanced Policy, you can switch to crash-consistent backup. Here are the two options:

Option 1: Create a New Policy (Recommended)

  1. Locate the Existing Policy:

    • Go to your Recovery Services vault in the Azure portal.

    • Under Manage, select Backup Policies.

    • Choose the policy associated with your VM and check Associated Items to identify the VM.



  2. Create a New Crash-Consistent Policy:

    • Navigate to Backup Policies and click Add.

    • On the Select Policy Type blade, choose Azure Virtual Machine.

    • Select Enhanced as the policy sub-type.

    • Configure the same backup frequency and retention as the existing policy.

    • Set Consistency Type to Crash-consistent snapshot only.

    • Click Create


      .

  3. Update the VM’s Policy:

    • Return to the existing policy and select Associated Items.

    • Click View Details for the VM you want to switch.

    • Select Backup Policy, then Change Backup Policy.

    • Choose the new crash-consistent policy and click Change.

    • Monitor the job under Backup Jobs to ensure the change is successful.

Note: Verify that your VM supports crash-consistent backups. Refer to the support matrix.

Option 2: Edit the Existing Policy

  1. Locate and Edit the Policy:

    • Go to Backup Policies in your Recovery Services vault.

    • Select the existing policy and click Edit.

    • On the Edit Policy blade, change Consistency Type to Crash-consistent snapshot only.

  2. Update and Monitor:

    • Click Update to save changes.

    • Monitor the job under Backup Jobs. If an error occurs (e.g., if a VM is unsupported), revert the policy and remove unsupported VMs before retrying.

Key Tips

  • Monitoring: Always check the status of backup jobs in the Azure portal to confirm successful configuration.

  • Limitations: Ensure your VMs meet the requirements for crash-consistent backups. Review supported scenarios.

  • Pricing: Agentless crash-consistent backup may impact costs. Check Azure Backup pricing for details.

Your Azure VMs are now protected with a simple and effective agentless crash-consistent backup! Have questions or need more details? Drop a comment below!

Kommentarer

Skicka en kommentar

Populära inlägg i den här bloggen

🚀 IntuneWin – Deploying Win32 Apps via Intune 🎯

-
Bild
🔹 Benefits of IntuneWin: ✅ Seamless app packaging 📦 ✅ Automated deployment ⚙️ ✅ Centralized cloud management ☁️ ✅ Support for installation & uninstallation 🔄 The IntuneWin format is a method for preprocessing Windows Classic (Win32) applications. The tool transforms application installation files into the .intunewin format. Once you apply this tool to the app packaging folder, you can create an app enrollment configuration that enables advanced deployment features, such as OS version dependencies and uninstallation methods for remote application removal. Win32 apps in Intune size limit of 30 GB per app. To start the configuration 1- First you need to download the Microsoft Win32 Content Prep Tool :  Microsoft Win32 Content Prep Tool 2-  Unzip the tool to a folder, E, C , F etc drive (you can choose any folder you like). 3- Save your application  in the same folder as the Content Prep tools.  4- Now we will create the .intunewin package using PowerS...
Read more »

Boost Your Graphics Power med GPU-acceleration i Azure Virtual Desktop!

-
Bild
  🎯 Purpose Optimize performance for Remote Desktop sessions by enabling GPU acceleration and video optimization via Microsoft Intune or Group Policy (GPO). 🧠 Prerequisites & Requirements Required skills: Basic knowledge of Windows device management Experience with Microsoft Intune or Group Policy Understanding of Remote Desktop (RDP/AVD) concepts Technical requirements: Windows 10/11 on session hosts GPU-enabled VMs (e.g., NVv3, NVadsA10 v5, NCasT4_v3) Microsoft HEVC codec installed on client devices Proper GPU drivers installed (NVIDIA GRID or AMD) 1. Sign in Go to: https://intune.microsoft.com 2. Create or edit a configuration profile Go to Devices > Configuration profiles Click Create profile Select: Platform: Windows 10 and later Profile type: Settings catalog 3. Add settings Click Add settings and browse to: Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host ...
Read more »

Block Personal devices to acces to Desktop apps like teams, Onedrive etc and how to troubleshooting the issue.

-
Bild
  You can use Conditional Access to block users based on location, IP address, and more, but now we will talk about blocking access for users who are using personal devices 1. Navigate to Entra ID -> Protection -> Conditional Access and create a new policy. 2- Create new policy 3-   Name your policy Assign your policy to a user/group or to all users. If you assign the policy to all users, be sure to exclude the break-glass account. It's essential to always have a break-glass account in place. In case of an error, you could accidentally lock out all users, so make sure these accounts remain unaffected. 4- In the Target resources select All resources (formerly 'All cloud apps') 5- In the conditions: Device platforms: select which devices you want the policy to apply to. In my case i will select windows and MacOS  Client apps: check all boxes except Browser, which will block everything except the browser. Here’s the magic: In the Filter for devices, you can ...
Read more »