Tutorial: Back up Azure Files using Azure portal
This tutorial describes how to back up Azure Files using Azure portal.
Azure Files backup is a native cloud solution that protects your data and eliminates on-premises maintenance overheads. Azure Backup seamlessly integrates with Azure File Sync, centralizing your file share data and backups. The simple, reliable, and secure solution allows you to protect your enterprise file shares using snapshot and vaulted backups, ensuring data recovery for accidental or malicious deletion.
Prerequisites
Before you back up Azure Files, ensure that the following prerequisites are met:
- Check that the File Share is present in one of the supported storage account types. Review the support matrix.
- Identify or create a Recovery Services vault in the same region and subscription as the storage account that hosts the File Share.
- If the storage account access has restrictions, check the firewall settings of the account to ensure the exception Allow Azure services on the trusted services list to access this storage account is in grant state. You can refer to this link for the steps to grant an exception.
- Create a backup policy for protection of Azure Files.
Create a Recovery Services vault
A Recovery Services vault is a management entity that stores recovery points that are created over time, and it provides an interface to perform backup-related operations. These operations include taking on-demand backups, performing restores, and creating backup policies.
To create a Recovery Services vault:
Sign in to the Azure portal.
Search for Business Continuity Center, and then go to the Business Continuity Center dashboard.
On the Vault pane, select +Vault.
Select Recovery Services vault > Continue.
On the Recovery Services vault pane, enter the following values:
Subscription: Select the subscription to use. If you're a member of only one subscription, you'll see that name. If you're not sure which subscription to use, use the default subscription. There are multiple choices only if your work or school account is associated with more than one Azure subscription.
Resource group: Use an existing resource group or create a new one. To view a list of available resource groups in your subscription, select Use existing, and then select a resource in the dropdown list. To create a new resource group, select Create new, and then enter the name. For more information about resource groups, see Azure Resource Manager overview.
Vault name: Enter a friendly name to identify the vault. The name must be unique to the Azure subscription. Specify a name that has at least 2 but not more than 50 characters. The name must start with a letter and consist only of letters, numbers, and hyphens.
Region: Select the geographic region for the vault. For you to create a vault to help protect any data source, the vault must be in the same region as the data source.
Important
If you're not sure of the location of your data source, close the window. Go to the list of your resources in the portal. If you have data sources in multiple regions, create a Recovery Services vault for each region. Create the vault in the first location before you create a vault in another location. There's no need to specify storage accounts to store the backup data. The Recovery Services vault and Azure Backup handle that automatically.
After providing the values, select Review + create.
To finish creating the Recovery Services vault, select Create.
It can take a while to create the Recovery Services vault. Monitor the status notifications in the Notifications area at the upper right. After the vault is created, it appears in the list of Recovery Services vaults. If the vault doesn't appear, select Refresh.
Note
Azure Backup now supports immutable vaults that help you ensure that recovery points once created can't be deleted before their expiry as per the backup policy. You can make the immutability irreversible for maximum protection to your backup data from various threats, including ransomware attacks and malicious actors. Learn more.
Configure backup
Azure Backup allows you to use a single backup policy to back up one or more Azure Files to the same vault in an Azure region.
To configure backup for Azure Files, follow these steps:
Go to Business Continuity Center > Overview, and then select + Configure protection.
On the Configure protection pane, select Resources managed by as Azure, Datasource type as Azure Files (Azure Storage), select Solution as Azure Backup, and then select Continue.
On the Start: Configure Backup pane, click Select vault under Vault.
If a Recovery Services vault doesn't exist, create a new one.
On the Select a Vault pane, select a Recovery Services vault from the list to associate with your storage accounts, and then select Next.
On the Configure Backup pane, click Select under Storage Account.
On the Select storage account pane, select a storage account from the list that contains the file shares for backup.
The Select storage account pane lists a set of discovered supported storage accounts. By default, the list shows the storage accounts from the current subscription, or from a different subscription if you select an alternate one from the Subscription filter. They're either associated with this vault or present in the same region as the vault, but not yet associated with any Recovery Services vault.
Select an account from the list, and then select OK to register the storage account with Recovery Services vault.
On the Configure Backup pane, under the File Shares to Backup section, select Add to choose the File Shares you want to back up.
On the Select file shares blade, from the file shares list, select one or more file shares you want to back up, and then select Next.
Note
Azure searches the storage account for file shares to back up. Recently added file shares might take some time to appear.
On the Configure Backup pane, under Policy Details, select an existing backup policy from the list for your file share protection
If a policy doesn't exist, create a new one.
To start protecting the file share, select Enable Backup.
Note
You can also configure snapshot backup and vaulted backup (preview) for Azure Files from the Recovery Services vault or File Share panes.
Run an on-demand backup job
Occasionally, you might want to generate a backup snapshot, or recovery point, outside of the times scheduled in the backup policy. A common reason to generate an on-demand backup is right after you configure the backup policy. Based on the schedule in the backup policy, it might be hours or days until a snapshot is taken. To protect your data until the backup policy engages, initiate an on-demand backup. Creating an on-demand backup is often required before you make planned changes to your file shares.
Choose an entry point
To run an on-demand backup, follow these steps:
Go to the Recovery Services vault and select Backup items from the menu.
On the Backup items pane, select the Backup Management Type as Azure Storage (Azure Files).
Select the item for which you want to run an on-demand backup job.
In the Backup Item menu, select Backup now. Because this backup job is on demand, there's no retention policy associated with the recovery point.
The Backup Now pane opens. Specify the last day you want to retain the recovery point. You can have a maximum retention of 10 years for an on-demand backup.
Select OK to confirm the on-demand backup job that runs.
Monitor the portal notifications to keep track of backup job run completion.
To monitor the job progress in the Recovery Services vault dashboard, go to Recovery Services vault > Backup Jobs > In progress.
Best practices
Don't delete snapshots created by Azure Backup. Deleting snapshots can result in loss of recovery points and/or restore failures.
Don't remove the lock taken on the storage account by Azure Backup. Deletion of the lock can make your storage account prone to accidental deletion. Learn more about protect your resources with lock.