Configure file and folder backups

Describe Azure backup benefits

Azure Backup offers multiple components that you download and deploy on the appropriate computer, server, or in the cloud. The component, or agent, that you deploy depends on what you want to protect. All Azure Backup components (no matter whether you’re protecting data on-premises or in the cloud) can be used to back up data to a Recovery Services vault in Azure.

Key benefits

Implement Azure backup center

Backup Center provides a single unified management experience in Azure for enterprises to govern, monitor, operate, and analyze backups at scale. As such, it’s consistent with Azure’s native management experiences.

Setup recovery service vault backup options

Recovery Services vaults store backup data for various Azure services:

Configure on-premises file and folder backups

Create the recovery services vault.
Download the agent and credential file.
Install and register agent.
Configure the backup.

Manage the Azure recovery services agent

Azure Backup for files and folders relies on the Microsoft Azure Recovery Services (MARS) agent to be installed on the Windows client or server.

The MARS agent is a full featured agent that has many features.

Back up files and folders on physical or virtual Windows OS (VMs can be on-premises or in Azure).
No separate backup server required.
Not application aware; file, folder, and volume-level restore only.
Back up and restore content.

Interactive lab simulation

Task 1

Create VM and vnet

Task 2: Create a Recovery Services vault.
Create a recovery services vault in the same region you deployed the virtual machines.
Configure the recovery services vault for geo-redundant storage and soft delete.

Task 3: Implement Azure virtual machine-level backup.
Configure the recovery services vault to back up Azure virtual machines.


Create a backup policy that will run daily at 12:00 AM.

Enable backup for one of the virtual machines.

Click enable backup

Go to recovery service vault and run bck

Task 4: Implement file and folder backup.
Connect through remote desktop to a virtual machine and access the Azure portal.
Configure the recovery services vault to back up on-premises files and folders.
Install the download agent for Windows Server or Windows Client.
Register the agent with the recovery services vault.


Create a backup schedule and back up local files.

Confirm the backed-up files are in the recovery services vault.

Task 5: Perform file recovery by using Azure Recovery Services agent.
Remove files that were backed up in the previous task.
Use the Recover Data Wizard to retrieve the deleted files.

Task 6: Perform file recovery by using Azure virtual machine snapshots (optional).

Note the drive


Task 7: Review the Azure Recovery Services soft delete functionality (optional).

Configure virtual machine backups

Protect virtual machine data
There are several backup options available for VMs, depending on your use-case.

Azure Backup
Azure Site Recovery

Azure Backup
For vm’s in production, win and lin.
It creates recovery point stored in geo-redundant recovery vaults.
Can restore full vm or just files.

Azure Site Recovery
Recover application and replicate to different Azure region.

Managed disk snapshot
I a disk snapshot read-only full copy of a managed disk that is stored as a standard mangaged disk by default.
Snapshots, gives you ption to backup managed disk at any point in time.
Snapshots exists independent of source disk and can be used to create new disks.
Cost is based on use, 10gb / 64gb = billed for 10gb

Can create image from custom VHD in a storage account or directly from generalized(sysprepped) vm.
Images contains all managed disk associated with a vm (OS and data).
Can use that images to create hundreds of vm’s from that.

Images vs snapshot
Snapshot is a copy of a disk in time, apply only to one disk.
Snapshot does not have awareness of other disks.

Create virtual machine snapshots

An Azure backup job consists of two phases. First, a virtual machine snapshot is taken. Second, the virtual machine snapshot is transferred to the Azure Recovery Services vault.

A recovery point is considered created only after both steps are completed. As a part of the upgrade, a recovery point is created as soon as the snapshot is finished. This recovery point is used to perform a restore. You can identify the recovery point in the Azure portal by using “snapshot” as the recovery point type. After the snapshot is transferred to the vault, the recovery point type changes to “snapshot and vault”.

Capabilities and considerations.

Ability to use snapshot taken as part of a backup job that is available for recovery without waiting for the data transfer to the vault.
Reduce backup and restore times by retaining snapshots locally, default 2 days. Can be from 1 to 5 days.
Support disk up to 32TB.
Support Standard and premium SSD, standard HDD.
Incremental snaps are stored as page blobs.
For premium accounts, snaps taken count towards the 10 TB limit of space.
Rentetion policy, can set retetion to 1 day to save cost.

Recovery Services vault is a storage entity in Azure that houses data. The data is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations.

Use Recovery Services vaults to hold backup data for various Azure services such as IaaS VMs (Linux or Windows) and Azure SQL databases. Recovery Services vaults support System Center DPM, Windows Server, Azure Backup Server, and more.

Backup virtual machines

1 Create a recovery services vault. To back up your files and folders, you need to create a Recovery Services vault in the region where you want to store the data. You also need to determine how you want your storage replicated, either geo-redundant (default) or locally redundant.

Portal, select storage replication before first bck

2 Use the Portal to define the backup. Protect your data by taking snapshots of your data at defined intervals. These snapshots are known as recovery points, and they are stored in recovery services vaults.

3 Backup the virtual machine. The Azure VM Agent must be installed on the Azure virtual machine for the Backup extension to work. However, if your VM was created from the Azure gallery, then the VM Agent is already present on the virtual machine.

Example backup storage account

Delete some files and restore.

Navigate back to recovery service vault and Protected items->Backup items

Select the fileshare and select restore

Select restore point and restore


All files is restored

Restore virtual machines

Once you have the snapshot, you can easy restore easy.

Implement Azure Backup Server

Another method of backing up virtual machines is using a Data Protection Manager (DPM) or Microsoft Azure Backup Server (MABS) server. This method can be used for specialized workloads, virtual machines, or files, folders, and volumes. Specialized workloads can include SharePoint, Exchange, and SQL Server.

The advantages of backing up machines and apps to MABS/DPM storage, and then backing up DPM/MABS storage to a vault are as follows:

Backing up to MABS/DPM provides app-aware backups optimized for common apps.(SQL, Exchange, SP, file/folder, volume, state)
For on-premises machines, you don’t need to install the MARS agent on each machine you want to back up. Each machine runs the DPM/MABS protection agent, and the MARS agent runs on the MABS/DPM only.
Manage backups for multiple machines that you gather into protection groups in a single console.

Compare backup options

Manage soft delete

Even after the backups are deleted, they are preserved in soft-delete state for 14 extra days (The permanently deleted).

How soft delete works for VM’s

1 To delete backup, bck must be stopped.
2 Choose delete or retain (continue to have). If delete, the stop bck, and it will be retained for 14 d in soft-delete state.
3 During the 14 days:In recovery service vault, the vm will have RED soft-delete icon.
The vault cannot be deleted before all bck’s are gone.
4 To restore soft-deleted vm:Choose VM, select option undeleted. Now you can restore from restore point avaliable.
5 After undeleted process is done:the sattus will return to Stop backup with retain data, then you can choose Resume backup and the bck item will be in active state.


Soft delete only protects deleted backup data. If a VM is deleted without a backup, the soft-delete feature won’t preserve the data. All resources should be protected with Azure Backup to ensure full resilience.

Implement Azure Site Recovery

Site Recovery replicates workloads running on physical and virtual machines (VMs) from a primary site to a secondary location.

Outage occur = fail over to secondary location, when ok, fall back to primary


Can do all from the portal
Eliminates cost with with having a secondary data center inhouse
Replicates without intercepting application data
Continuous replication for az vm and vmware vm, 30 sec for hyper-v
Replicate using recovery points of app snapshot (disk data, data in memory and transactions in process)
Run planned failover for test data loss or not and result
Site recovery integrates with network management, reserving IP addresses, lb and traffic manager for efficient network switchovers.

MARS agent backups data directly to Azure, that is to recovery services vault.

However, MABS backups the data to the local storage first and then MARS agent installed on MABS server backups the local storage to vault.

MARS agent is easy to install and manage. Whereas, MABS is little complex and used for set ups.

Configure Azure Monitor

Describe Azure Monitor key capabilities

Monitor and visualize metrics.
Query and analyze logs.
Setup alerts and actions

Describe Azure Monitor components

Data source->Metrics and logs->Azure monitor = Insight,visualize, analyse, respond, integrate

Define metrics and logs

Metrics, numerical data, can view in portal
Logs, files, events and trace, Kusto, KQL language

Identify data types

Azure monitor can collect data from various sources

Application monitoring data:performance and functions
Guest OS monitor:data about the OS
Azure resource monitoring data:Operation/management of subscription and health/operation of Azure itself
Azure tenant monitoring:Active Directory
Azure Monitor starts collecting data as soon as you create an Azure subscription and add resources. Activity Logs record when resources are created or modified. Metrics tell you how the resource is performing and the resources it is consuming.

Extend the data you’re collecting into the actual operation of the resources by enabling diagnostics and adding an agent to compute resources.

Describe activity log events

Azure activity log is a subscription log.
With the Activity Log, you can determine the ‘what, who, and when’ for any write operations (PUT, POST, DELETE) taken on the resources in your subscription.
Activity logs are kept for 90 days

Query the activity log

Just search it up

Everything is here

Lab monitor

Deploy vm

Register resource provider

Create and configure an Azure Log Analytics workspace and Azure Automation-based solutions.

create it

Next create

Make sure to check supported the region for linked log analytics workspaces.

When created is done. In automation click inventory

Select the log analytics workspace that we created before. Add it, enable

Update management, enable.

Next task, view some metrics on the vm, i.e cpu.

Next task go to vm, diagnostics settings, enable it.

Go to performance counters, view them

Enable the workspace

Monitor, create some alerts

Send mail after trigger CPU high


Configure Azure alerts

You use Azure Monitor to configure notifications and alerts for your key systems and applications.

You can alert on metrics and logs as described in monitoring data sources. These include but are not limited to:

Metric values
Log search queries
Activity Log events
Health of the underlying Azure platform
Tests for web site availability

Alert states

Create alert rules

Target Resource – Defines the scope and signals available for alerting.
Signal – Signals are emitted by the target resource and can be of several types. Metric, Activity log, Application Insights, and Log.
Criteria – Criteria is a combination of Signal and Logic applied on a Target resource.
Alert Name, Alert Description, Severity, Action.

Create action groups

An action group is a collection of notification preferences defined by the owner of an Azure subscription.

Notifications configure the method in which users will be notified when the action group triggers.

Email Azure Resource Manager role, Send email to the members of the subscription’s role.
Email/SMS message/Push/Voice – Specify any email, SMS, push, or voice actions.

Action type

Automation runbook – An automation runbook is the ability to define, build, orchestrate, manage, and report on workflows that support system and network operational processes.
Azure Function
ITSM – Connect Azure and a supported IT Service Management (ITSM) product/service.
Logic App

Configure Log Analytics

Create a workspace
The workspace will automatically use the Per GB pricing plan.
Log Analytics provides a query syntax to quickly retrieve and consolidate data in the repository. You can create and save Log Searches to directly analyze data in the portal. You can also create log searches to run automatically and create an alert.

Structure Log Analytics queries

Configure Network Watcher

You can create complex and flexible setups in Azure that connect many virtual machines (VMs) to meet your needs. Just like in an on-premises network, configuration errors can result in problems that are challenging to troubleshoot. When you have to diagnose network problems in Azure, use Azure Network Watcher.

Administrators use Network Watcher to monitor, diagnose, and gain insight into their network health and performance with metrics. The elements can be broken down into four areas: monitoring, network diagnostic tools, metrics, and logs. Additionally, Network Watcher provides tools for troubleshooting connection problems.

Describe Network Watcher features

Automate remote network monitoring with packet capture.
Gain insight into your network traffic using flow logs. NSG logs
Diagnose VPN connectivity issues.

Verify IP Flow: Quickly diagnose connectivity issues from or to the internet and from or to the on-premises environment.
Next Hop: To determine if traffic is being directed to the intended destination by showing the next hop. This will help determine if networking routing is correctly configured.
VPN Diagnostics: Troubleshoot gateways and connections.
NSG Flow Logs: NSG Flow Logs maps IP traffic through a network security group.
Connection Troubleshoot. Azure Network Watcher Connection Troubleshoot is a more recent addition to the Network Watcher suite of networking tools and capabilities.

Note: To use Network Watcher, you must be an Owner, Contributor, or Network Contributor.

Review flow verify diagnostics
IP Flow Verify Purpose: Checks if a packet is allowed or denied to or from a virtual machine. For example, confirming if a security rule is blocking ingress or egress traffic to or from a virtual machine.

Review next hop diagnostics
Next Hop Purpose: To determine if traffic is being directed to the intended destination. Next hop information will help determine if network routing is correctly configured.

Visualize the network topology

Improve incident response with alerting on Azure

Respond to incidents and activities in your infrastructure through alerting capabilities in Azure Monitor.

Data types in Azure Monitor

The focus for metric-based data types is the numerical time-sensitive values that represent some aspect of the target resource.
The focus for log-based data types is the querying of content data held in structured, record-based log files that are relevant to the target resource.

Metric alerts provide an alert trigger when a specified threshold is exceeded.
For example, a metric alert can notify you when CPU usage is greater than 95 percent.

Activity log alerts notify you when Azure resources change state.
For example, an activity log alert can notify you when a resource is deleted.

Log alerts are based on things written to log files.
For example, a log alert can notify you when a web server has returned a number of 404 or 500 responses.

Composition of an alert rule

Resource, target.
Condition, signal type, metric, activity log or logs.
Action, like send mail. Action group, uniques set of recipients for the action.
Alert details, name, desc and severity.

Use metric alerts for alerts about performance issues in your Azure environment

When would you use metric alerts?
In Azure Monitor, you can use metric alerts to achieve regular threshold monitoring of Azure resources. Azure Monitor runs metric alert trigger conditions at regular intervals.

Metric alerts can be useful if, for instance, you need to know when your server CPU utilization is reaching a critical threshold of 90 percent.

Use activity log alerts to alert on events within your Azure infrastructure

Analyze your Azure infrastructure by using Azure Monitor logs

Use Azure Monitor logs to extract valuable information about your infrastructure from log data.

Features of Azure Monitor logs

Data collection in Azure Monitor
Azure Monitor collects two fundamental types of data:
metrics and logs.
Metrics tell you how the resource is performing, and the other resources that it’s consuming.
Logs contain records that show when resources are created or modified.

Azure Monitor collects data automatically from a range of components. For example:
Application data, custom code.
OS data, windows or linux.
Resource data, operations on rg’s.
Subscription data, subscription, health and availability.
Tenant data, data about organization services, i.e Active Directory.

Because Azure Monitor is an automatic system, it begins to collect data from these sources as soon as you create Azure resources like virtual machines and web apps.

You can extend the data that Azure Monitor collects by:

Enabling diagnostics.
Adding an agent.

Can log data from Azure monitor in a Log Analytics workspace.

Metrics are stored in a time-series db.

Analyzing logs by using Kusto
To retrieve, consolidate, and analyze data, you can specify a query to run in Azure Monitor logs. You can write a log query with the Kusto query language, which Azure Data Explorer also uses.

Monitor performance of virtual machines by using Azure Monitor VM Insights

Deploy monitoring for workloads on virtual machines. Set up a log analytics workspace, onboard virtual machines to Azure Monitor VM Insights, and build log queries by using Kusto Query Language.

Azure Monitor Logs collects and organizes log data generated from Azure resources.
Log data is stored in a Log Analytics workspace.
You can query data living in the workspace for trend analysis, reporting, and alerting.
Some examples of data captured include Windows event logs, Heartbeat logs, performance data, and Syslogs.

Azure collects compute monitoring data by using agents

Plan a Log Analytics workspace deployment

One of the tasks involved with a Log Analytics deployment is picking the right design. Log Analytics workspaces are containers where Azure Monitor data is collected, aggregated, and analyzed. To better understand Log Analytics workspaces, the following diagram provides more insight into all the different types of logs that can be ingested

Access mode,

Acess control mode

Table-level RBACK


Exercise – Set up a Log Analytics workspace and Azure Monitor VM Insights

Exercise – Set up a Log Analytics workspace and Azure Monitor VM Insights – Training | Microsoft Learn

1 Create and configure a Log Analytics workspace


2 Onboard virtual machines to Azure Monitor VM Insights

In the left menu under Monitoring > Insights, select Refresh until you get results.

Review the map, which displays dependencies like processes running, ports open, connection details, health of the virtual machine, machine properties, and Azure virtual machine properties.

Select the Performance tab.
Explore the different graphs for:

Logical Disk Performance
CPU Utilization
Available Memory
Logical Disk IOPS
Logical Disk MB/s
Logical Disk Latency (ms)
Max Logical Disk Used %
Bytes Sent Rate
Bytes Received Rate

Build log queries by using the Kusto Query Language

To unlock the full range of possibilities with Azure Monitor Logs, you’ll need to use log queries. These queries help you obtain a deep understanding of data collected in Azure Monitor Logs.

We did that above.

Can also use much more