AvePoint Learn
Request an article
Contact support
Request an article
Contact support
English

Home > Azure Security Management > Back Up Resources

Download this article

Back Up Resources

In Azure security management > Inventory > Resources, you can enable the backup service to protect Azure virtual machines, Azure blobs, and Azure file shares, Azure SQL databases, and Azure DevOps organizations.

NOTE

  • To back up Azure blobs and Azure file shares, make sure the Public network access and Allow storage account key access settings for the storage account are enabled.

  • To back up SQL databases, the APElements Azure Security Management app must be configured as the Microsoft Entra admin for the SQL server, and the Support only Microsoft Entra authentication for this server setting must be disabled. Make sure the Allow Azure services and resources to access this server setting is enabled for the SQL server.

There are two modes of backup:

  • SaaS infrastructure mode – Delivers centralized management, automation, and comprehensive data protection, enabling secure collaboration and operational efficiency. It is ideal if you want a fully managed, cloud-to-cloud backup solution and prefer a hands-off approach and minimize manual setups.

  • CAP Gateway mode – A secure and efficient solution to enhance your cloud data protection while improving backup performance. It is suitable if you require more control over your backup infrastructure. Note that this mode is not available for Azure SQL database and Azure DevOps.

    To use this mode, a CAP Gateway must be configured. Refer to Manage CAP Gateways to configure gateways.

Configure Backup Profiles

A backup profile serves as a customizable template that defines how backup operations are performed for specific Azure resources. It allows you to tailor settings such as scheduling, retention policies, and backup frequency to meet your needs. Backup profiles can be configured for Azure VM, Azure storage (Azure blobs and Azure file shares), Azure SQL database, and Azure DevOps.

At the top of the Azure security management page, you can view the Backup profile tile. Click View details or the tile to access the Backup profiles page.

You can perform the following operations to manage backup profiles:

  • Create profile – Click Create profile in the upper-right corner of the page to create a backup profile.

    1. In the General information step, complete the following information:

      • Name – Enter a name for this backup profile.

      • Description – Enter an optional description for this backup profile.

      • Type – Select a resource type for which you are about to create this backup profile.

    2. Click Next to go the Settings step and refer to the sections below to configure the settings for different resource types. Then, click Create to create the backup profile.

  • Edit profile – Select an existing profile and click Edit to update the settings.

  • Delete profile – Select profiles that is not in use and click Delete to delete the backup profiles.

Backup settings for Azure VM

  • Index – Select the Generate index for file-level data export option if you want to perform file-level data export using the backup data. Otherwise, keep this option deselected. The backup job will take longer to finish to generate an index. The retention period to keep the index will follow the retention policy configured for the backup data. Note that generating index for the disks with over 8 TB size is also supported.

    NOTE

    Running index generation on the following file systems will result in folders without indexes in restore recovery points.: UFS – BSD default fsZFS – BSD alternative fsBitLocker – Windows encrypted fsLUKS – Linux encrypted fsReFS – Windows new fs. Therefore, the file-level data exportation is unsupported for disks with the file systems.

  • Schedule – Select hoursdaysweeks, or months from the Interval drop-down list as the unit of time for the backup interval, enter a number in the text box after Every, and then configure the start time for your first backup job. By default, the VM backup job will run once a day.

  • Retention policy – Configure when to prune the snapshots from Azure and the backup data from the storage location. Note that if you are using AvePoint storage, the retention policy for backup data is subject to your agreement and you can configure a retention period up to the retention policy in your subscription.

    • For snapshots in Azure – You can choose the number of the latest snapshots to retain or choose for how long the snapshots will be retained after generation.

      The number of the latest snapshots to retain must be less than 500.

    • For backup data in storage – Configure the retention period to keep the backup data in the storage.

      • Daily/Hourly recovery point – Enter a number in the text box and select days or weeks from the drop-down list. The retention period must be between 7 and 28 days.

      • Weekly recovery point – Enter a number in the text box and select weeks or months from the drop-down list. The retention period must be between 2 and 12 weeks.

      • Monthly recovery point – Enter a number in the text box. The retention period must be between 1 and 12 months.

      • Yearly recovery point – Enter a number between 1 and 7974 in the text box.

Backup settings for Azure storage and Azure DevOps

  • Schedule – Select hoursdaysweeks, or months from the Interval drop-down list as the unit of time for the backup interval, enter a number in the text box after Every, and then configure the start time for your first backup job.

  • Retention policy – Configure when to prune the backup data from the storage location. Enter a number in the text box and select weeksmonths, or years from the drop-down list. The retention period cannot be less than 2 weeks. Note that if you are using AvePoint storage, the retention policy for backup data is subject to your agreement and you can configure a custom retention period up to the retention policy in your subscription.

    NOTE

    When you configure the retention period for backup data using the Year unit, the Configure full backup frequency will be configurable. You can then select a number from the drop-down list to set the full backup frequency. If the retention period is set to more than three months using the Month or Week unit, the full backup frequency will automatically be set to three months and cannot be changed. For retention periods of less than three months, the full backup frequency will be adjusted accordingly and cannot be modified.

Backup settings for Azure SQL database

  • Schedule – Select days, weeksmonths, or years as the unit of time for the backup interval, enter a number in the text box after Every, and then configure the start time for your first backup job.

Configure Storage and CAP Gateways

Before you enable backups, you must configure the storage profiles for resources to define where the backup data will be stored. If the tenant’s subscription supports the CAP Gateway backup mode, you also need to specify the CAP Gateways to use for backups.

  1. Go to Azure security management > Inventory.

  2. Click the Configure storage profile button.

  3. In the prompted window, you can configure the following settings:

    • Backup mode – If the tenant’s subscription is in the SaaS infrastructure model, you can choose to use either the SaaS infrastructure mode or CAP Gateway mode for your backups. When the CAP Gateway mode is selected, select a CAP Gateway for each region from the drop-down list. Note that if the resources are located in a different region or zone from your CAP Gateway installation, additional costs will incur. Refer to Manage CAP Gateways to configure gateways.

    • Storage profile – Check and select a desired storage profile to store your backup data for each region. Note that the storage selection will affect all resources from that region. For details about storage profiles, refer to Manage Storage Profiles.

  4. Click Save to save your settings.

Enable Backup

To enable backups for resources, select the resource, click Backup, and select Enable backup from the drop-down list.

For Azure VM, Azure blob, and Azure file share, and Azure SQL database,you can configure the following settings in the Enable backup window:

  • Backup profiles – Select a backup profile you want to use for backups from the drop-down list.

  • Select when do you want to run the backup job: wait for the next scheduled job to run or run the backup job now.

For Azure DevOps, you can configure the following settings in the Enable backup window:

  • Backup profiles – Select a backup profile you want to use for backups from the drop-down list.

  • Projects – Select the projects in the organization that you want to back up.

  • Back up organization settings – Turn the toggle on/off to choose if you want to back up organization settings.

  • Select when do you want to run the backup job: wait for the next scheduled job to run or run the backup job now.

For resources with backup enabled, you can also and run a backup job or configure the backup profile for the resources.

  • Select the resources, click Backup, and then select Run backup from the drop-down list. In the confirmation window, click Run now to run a backup job immediately.

  • Select the resources and click Apply backup profile. In the prompted window, select the backup profile you want to apply to the resources, and click Apply.

Disable Backup

To disable backups for resources, select the resources, click Backup, and select Disable from the drop-down list. In the confirmation window, click Confirm to disable the backup for the resources. Note that once backup is disabled, the next time you enable backup for the resources, a full backup job will be performed.