#Back Up Resources

In Azure security management > Inventory, you can enable the backup service to protect Azure virtual machines, Azure blobs, and Azure file shares, Azure SQL databases, and Azure DevOps organizations.

There are two modes of backup:

• SaaS infrastructure mode – Delivers centralized management, automation, and comprehensive data protection, enabling secure collaboration and operational efficiency. It is ideal if you want a fully managed, cloud-to-cloud backup solution and prefer a hands-off approach and minimize manual setups.

• CAP Gateway mode – A secure and efficient solution to enhance your cloud data protection while improving backup performance. It is suitable if you require more control over your backup infrastructure. Note that this mode is not available for Azure SQL database and Azure DevOps.

  To use this mode, a CAP Gateway must be configured. Refer to Manage CAP Gateways to configure gateways.

#Configure Backup Profiles

A backup profile serves as a customizable template that defines how backup operations are performed for specific Azure resources. It allows you to tailor settings such as scheduling, retention policies, and backup frequency to meet your needs. Backup profiles can be configured for Azure VM, Azure storage (Azure blobs and Azure file shares), Azure SQL database, and Azure DevOps.

At the top of the Azure security management page, you can view the Backup profile tile. Click View details or the tile to access the Backup profiles page.

You can perform the following operations to manage backup profiles:

• Create profile – Click Create profile in the upper-right corner of the page to create a backup profile.

  1. In the General information step, complete the following information:

     • Name – Enter a name for this backup profile.

     • Description – Enter an optional description for this backup profile.

     • Type – Select a resource type for which you are about to create this backup profile.

  2. Click Next to go the Settings step and refer to the sections below to configure the settings for different resource types. Then, click Create to create the backup profile.

• Edit profile – Select an existing profile and click Edit to update the settings.

• Delete profile – Select profiles that is not in use and click Delete to delete the backup profiles.

#Backup settings for Azure VM

• Index – Select the Generate index for file-level data export option if you want to perform file-level data export using the backup data. Otherwise, keep this option deselected. The backup job will take longer to finish to generate an index. The retention period to keep the index will follow the retention policy configured for the backup data. Note that generating index for the disks with over 8 TB size is also supported.

  NOTE

  Running index generation on the following file systems will result in folders without indexes in restore recovery points.: UFS – BSD default fs, ZFS – BSD alternative fs, BitLocker – Windows encrypted fs, LUKS – Linux encrypted fs, ReFS – Windows new fs. Therefore, the file-level data exportation is unsupported for disks with the file systems.

• Schedule – Select hours, days, weeks, or months from the Interval drop-down list as the unit of time for the backup interval, enter a number in the text box after Every, and then configure the start time for your first backup job. By default, the VM backup job will run once a day.

• Retention policy – Configure when to prune the snapshots from Azure and the backup data from the storage location. Note that if you are using AvePoint storage, the retention policy for backup data is subject to your agreement and you can configure a retention period up to the retention policy in your subscription.

  • For snapshots in Azure – You can choose the number of the latest snapshots to retain or choose for how long the snapshots will be retained after generation.

    The number of the latest snapshots to retain must be less than 500.

  • For backup data in storage – Configure the retention period to keep the backup data in the storage.

    • Daily/Hourly recovery point – Enter a number in the text box and select days or weeks from the drop-down list. The retention period must be between 7 and 28 days.

    • Weekly recovery point – Enter a number in the text box and select weeks or months from the drop-down list. The retention period must be between 2 and 12 weeks.

    • Monthly recovery point – Enter a number in the text box. The retention period must be between 1 and 12 months.

    • Yearly recovery point – Enter a number between 1 and 7974 in the text box.

#Backup settings for Azure storage and Azure DevOps

• Schedule – Select hours, days, weeks, or months from the Interval drop-down list as the unit of time for the backup interval, enter a number in the text box after Every, and then configure the start time for your first backup job.

• Retention policy – Configure when to prune the backup data from the storage location. Enter a number in the text box and select weeks, months, or years from the drop-down list. The retention period cannot be less than 2 weeks. Note that if you are using AvePoint storage, the retention policy for backup data is subject to your agreement and you can configure a custom retention period up to the retention policy in your subscription.

  NOTE

  When you configure the retention period for backup data using the Year unit, the Configure full backup frequency will be configurable. You can then select a number from the drop-down list to set the full backup frequency. If the retention period is set to more than three months using the Month or Week unit, the full backup frequency will automatically be set to three months and cannot be changed. For retention periods of less than three months, the full backup frequency will be adjusted accordingly and cannot be modified.

#Backup settings for Azure SQL database

• Schedule – Select days, weeks, months, or years as the unit of time for the backup interval, enter a number in the text box after Every, and then configure the start time for your first backup job.

#Configure Storage and CAP Gateways

In Azure security management > Inventory, you can specify the storage profiles for Azure resources to define where the backup data will be stored. If the tenant’s subscription supports the CAP Gateway backup mode, you can also specify the CAP Gateways to use for backups.

• If the tenant’s subscription is in the SaaS infrastructure model, click the Configure storage profile button. In the prompted window, you can configure the following settings:

  • Backup mode (only available for Azure VM, Azure blob, and Azure file share) – You can choose to use either the SaaS infrastructure mode or CAP Gateway mode for your backups. When the CAP Gateway mode is selected, select a CAP Gateway for each region from the drop-down list. Note that if the resources are located in a different region or zone from your CAP Gateway installation, additional costs will incur.

  • Storage profile – Check and select a desired storage profile to store your backup data for each region. Note that the storage selection will affect all resources from that region. For details about storage profiles, refer to Manage Storage Profiles.

• If the tenant’s subscription is in CAP Gateway model and the resource type supports the CAP Gateway backup mode, click the Configure storage profile & CAP Gateway button. In the prompted window, you can configure the following settings:

  • Storage profile – Check and select a desired storage profile to store your backup data for each region. Note that the storage selection will affect all resources from that region. For details about storage profiles, refer to Manage Storage Profiles.

  • CAP Gateway – Select a CAP Gateway for each region from the drop-down list. Note that if the resources are located in a different region or zone from your CAP Gateway installation, additional costs will incur. Refer to Manage CAP Gateways to configure gateways.

#Enable Backup

To enable backups for resources, select the resource, click Backup, and select Back up from the drop-down list.

For Azure VM, Azure blob, and Azure file share, you can configure the following settings in the Back up window:

• Backup profiles – Select a backup profile you want to use for backups from the drop-down list.

• Backup mode – If the tenant’s subscription model is SaaS infrastructure, you can choose to use either the SaaS infrastructure mode or CAP Gateway mode for your backups.

• Storage profile – Check and select a desired storage profile to store your backup data for each region. Note that the storage selection will affect all resources from that region. For details about storage profiles, refer to Manage Storage Profiles.

• CAP Gateway – If you are using the CAP Gateway backup mode, select the GAP Gateway for each region from the drop-down list. Note that if you have selected resources that are located in a different region or zone from your CAP Gateway installation, additional costs will be incurred. Refer to Manage CAP Gateways to configure gateways.

• Select when do you want to run the backup job: wait for the next scheduled job to run or run the backup job now.

For Azure SQL database, you can configure the following settings in the Back up window:

• Backup profiles – Select a backup profile you want to use for backups from the drop-down list.

• Storage profile – Check and select a desired storage profile to store your backup data for each region. Note that the storage selection will affect all resources from that region. For details about storage profiles, refer to Manage Storage Profiles.

• Select when do you want to run the backup job: wait for the next scheduled job to run or run the backup job now.

For Azure DevOps, you can configure the following settings in the Back up window:

• Backup profiles – Select a backup profile you want to use for backups from the drop-down list.

• Storage profile – Check and select a desired storage profile to store your backup data for each region. Note that the storage selection will affect all resources from that region. For details about storage profiles, refer to Manage Storage Profiles.

• Configure scope – Selecting the projects in the organization that you want to back up. Then, select if you want to backup organization settings.

• Select when do you want to run the backup job: wait for the next scheduled job to run or run the backup job now.

For an Azure DevOps organization with backup enabled, you can select it, click Backup, and select Configure scope from the drop-down list to change the projects in the backup scope and whether you want to back up organization settings.

For resources with backup enabled, you can also and run a backup job or configure the backup profile for the resources.

• Select the resources, click Backup, and then select Back up from the drop-down list. In the confirmation window, click Run now to run a backup job immediately.

• Select the resources and click Apply backup profile. In the prompted window, select the backup profile you want to apply to the resources, and click Apply.

#Disable Backup

To disable backups for resources, select the resources, click Backup, and select Disable backup from the drop-down list. In the confirmation window, click Confirm to disable the backup for the resources. Note that once backup is disabled, the next time you enable backup for the resources, a full backup job will be performed.