Backup Vaults - Create Or Update
Creates or updates a BackupVault resource belonging to a resource group.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DataProtection/backupVaults/{vaultName}?api-version=2025-01-01URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
resource
|
path | True |
string |
The name of the resource group. The name is case insensitive. |
|
subscription
|
path | True |
string uuid |
The ID of the target subscription. The value must be an UUID. |
|
vault
|
path | True |
string |
The name of the backup vault. |
|
api-version
|
query | True |
string |
The API version to use for this operation. |
Request Header
| Name | Required | Type | Description |
|---|---|---|---|
| x-ms-authorization-auxiliary |
string |
Request Body
| Name | Required | Type | Description |
|---|---|---|---|
| location | True |
string |
Resource location. |
| properties | True |
BackupVault |
|
| eTag |
string |
Optional ETag. |
|
| identity |
DppIdentityDetails |
||
| tags |
object |
Resource tags. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
OK |
|
| 201 Created |
Created |
|
| Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name | Description |
|---|---|
| user_impersonation | impersonate your user account. |
Examples
|
Create Backup |
|
Create Backup |
|
Create Backup |
Create BackupVault
Sample request
PUT https://management.azure.com/subscriptions/0b352192-dcac-4cc7-992e-a96190ccc68c/resourceGroups/SampleResourceGroup/providers/Microsoft.DataProtection/backupVaults/swaggerExample?api-version=2025-01-01
{
"location": "WestUS",
"tags": {
"key1": "val1"
},
"identity": {
"type": "None"
},
"properties": {
"monitoringSettings": {
"azureMonitorAlertSettings": {
"alertsForAllJobFailures": "Enabled"
}
},
"storageSettings": [
{
"datastoreType": "VaultStore",
"type": "LocallyRedundant"
}
],
"featureSettings": {
"crossRegionRestoreSettings": {
"state": "Enabled"
}
},
"securitySettings": {
"softDeleteSettings": {
"state": "Enabled",
"retentionDurationInDays": 14
}
}
}
}
Sample response
Retry-After: 10
Azure-AsyncOperation: https://management.windowsazure.com/subscriptions/04cf684a-d41f-4550-9f70-7708a3a2283b/resourceGroups/SampleResourceGroup/providers/Microsoft.DataProtection/Backupvaults/swaggerExample/operationStatus/YWUzNDFkMzQtZmM5OS00MmUyLWEzNDMtZGJkMDIxZjlmZjgzOzdmYzBiMzhmLTc2NmItNDM5NS05OWQ1LTVmOGEzNzg4MWQzNA==?api-version=2025-01-01{
"id": "/subscriptions/0b352192-dcac-4cc7-992e-a96190ccc68c/resourceGroups/SampleResourceGroup/providers/Microsoft.DataProtection/Backupvaults/swaggerExample",
"name": "swaggerExample",
"type": "Microsoft.DataProtection/Backupvaults",
"location": "WestUS",
"tags": {
"key1": "val1"
},
"properties": {
"monitoringSettings": {
"azureMonitorAlertSettings": {
"alertsForAllJobFailures": "Enabled"
}
},
"provisioningState": "Provisioning",
"storageSettings": [
{
"datastoreType": "VaultStore",
"type": "LocallyRedundant"
}
],
"featureSettings": {
"crossRegionRestoreSettings": {
"state": "Enabled"
}
},
"securitySettings": {
"softDeleteSettings": {
"state": "Enabled",
"retentionDurationInDays": 14
}
},
"secureScore": "Adequate"
}
}{
"identity": {
"type": "None"
},
"id": "/subscriptions/0b352192-dcac-4cc7-992e-a96190ccc68c/resourceGroups/SampleResourceGroup/providers/Microsoft.DataProtection/Backupvaults/swaggerExample",
"name": "swaggerExample",
"type": "Microsoft.DataProtection/Backupvaults",
"location": "WestUS",
"tags": {
"key1": "val1"
},
"properties": {
"monitoringSettings": {
"azureMonitorAlertSettings": {
"alertsForAllJobFailures": "Enabled"
}
},
"provisioningState": "Succeeded",
"storageSettings": [
{
"datastoreType": "VaultStore",
"type": "LocallyRedundant"
}
],
"featureSettings": {
"crossRegionRestoreSettings": {
"state": "Enabled"
}
},
"securitySettings": {
"softDeleteSettings": {
"state": "Enabled",
"retentionDurationInDays": 14
}
},
"secureScore": "Adequate"
}
}Create BackupVault With CMK
Sample request
PUT https://management.azure.com/subscriptions/0b352192-dcac-4cc7-992e-a96190ccc68c/resourceGroups/SampleResourceGroup/providers/Microsoft.DataProtection/backupVaults/swaggerExample?api-version=2025-01-01
{
"location": "WestUS",
"tags": {
"key1": "val1"
},
"identity": {
"type": "None"
},
"properties": {
"monitoringSettings": {
"azureMonitorAlertSettings": {
"alertsForAllJobFailures": "Enabled"
}
},
"securitySettings": {
"softDeleteSettings": {
"state": "Off",
"retentionDurationInDays": 0
},
"immutabilitySettings": {
"state": "Disabled"
},
"encryptionSettings": {
"state": "Enabled",
"keyVaultProperties": {
"keyUri": "https://cmk2xkv.vault.azure.net/keys/Key1/0767b348bb1a4c07baa6c4ec0055d2b3"
},
"kekIdentity": {
"identityType": "UserAssigned",
"identityId": "/subscriptions/85bf5e8c-3084-4f42-add2-746ebb7e97b2/resourcegroups/defaultrg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/examplemsi"
},
"infrastructureEncryption": "Enabled"
}
},
"storageSettings": [
{
"datastoreType": "VaultStore",
"type": "LocallyRedundant"
}
]
}
}
Sample response
Retry-After: 10
Azure-AsyncOperation: https://management.windowsazure.com/subscriptions/04cf684a-d41f-4550-9f70-7708a3a2283b/resourceGroups/SampleResourceGroup/providers/Microsoft.DataProtection/Backupvaults/swaggerExample/operationStatus/YWUzNDFkMzQtZmM5OS00MmUyLWEzNDMtZGJkMDIxZjlmZjgzOzdmYzBiMzhmLTc2NmItNDM5NS05OWQ1LTVmOGEzNzg4MWQzNA==?api-version=2023-04-01-privatepreview{
"id": "/subscriptions/0b352192-dcac-4cc7-992e-a96190ccc68c/resourceGroups/SampleResourceGroup/providers/Microsoft.DataProtection/Backupvaults/swaggerExample",
"name": "swaggerExample",
"type": "Microsoft.DataProtection/Backupvaults",
"location": "WestUS",
"tags": {
"key1": "val1"
},
"properties": {
"monitoringSettings": {
"azureMonitorAlertSettings": {
"alertsForAllJobFailures": "Enabled"
}
},
"securitySettings": {
"softDeleteSettings": {
"state": "Off",
"retentionDurationInDays": 0
},
"immutabilitySettings": {
"state": "Disabled"
},
"encryptionSettings": {
"state": "Enabled",
"keyVaultProperties": {
"keyUri": "https://cmk2xkv.vault.azure.net/keys/Key1/0767b348bb1a4c07baa6c4ec0055d2b3"
},
"kekIdentity": {
"identityType": "UserAssigned",
"identityId": "/subscriptions/85bf5e8c-3084-4f42-add2-746ebb7e97b2/resourcegroups/defaultrg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/examplemsi"
},
"infrastructureEncryption": "Enabled"
}
},
"provisioningState": "Provisioning",
"storageSettings": [
{
"datastoreType": "VaultStore",
"type": "LocallyRedundant"
}
]
}
}{
"identity": {
"type": "None"
},
"id": "/subscriptions/0b352192-dcac-4cc7-992e-a96190ccc68c/resourceGroups/SampleResourceGroup/providers/Microsoft.DataProtection/Backupvaults/swaggerExample",
"name": "swaggerExample",
"type": "Microsoft.DataProtection/Backupvaults",
"location": "WestUS",
"tags": {
"key1": "val1"
},
"properties": {
"monitoringSettings": {
"azureMonitorAlertSettings": {
"alertsForAllJobFailures": "Enabled"
}
},
"provisioningState": "Succeeded",
"storageSettings": [
{
"datastoreType": "VaultStore",
"type": "LocallyRedundant"
}
]
}
}Create BackupVault With MSI
Sample request
PUT https://management.azure.com/subscriptions/0b352192-dcac-4cc7-992e-a96190ccc68c/resourceGroups/SampleResourceGroup/providers/Microsoft.DataProtection/backupVaults/swaggerExample?api-version=2025-01-01
{
"location": "WestUS",
"tags": {
"key1": "val1"
},
"identity": {
"type": "systemAssigned"
},
"properties": {
"monitoringSettings": {
"azureMonitorAlertSettings": {
"alertsForAllJobFailures": "Enabled"
}
},
"storageSettings": [
{
"datastoreType": "VaultStore",
"type": "LocallyRedundant"
}
],
"featureSettings": {
"crossRegionRestoreSettings": {
"state": "Enabled"
}
},
"securitySettings": {
"softDeleteSettings": {
"state": "Enabled",
"retentionDurationInDays": 14
}
}
}
}
Sample response
Retry-After: 10
Azure-AsyncOperation: https://management.windowsazure.com/subscriptions/04cf684a-d41f-4550-9f70-7708a3a2283b/resourceGroups/SampleResourceGroup/providers/Microsoft.DataProtection/Backupvaults/swaggerExample/operationStatus/YWUzNDFkMzQtZmM5OS00MmUyLWEzNDMtZGJkMDIxZjlmZjgzOzdmYzBiMzhmLTc2NmItNDM5NS05OWQ1LTVmOGEzNzg4MWQzNA==?api-version=2025-01-01{
"id": "/subscriptions/0b352192-dcac-4cc7-992e-a96190ccc68c/resourceGroups/SampleResourceGroup/providers/Microsoft.DataProtection/Backupvaults/swaggerExample",
"name": "swaggerExample",
"type": "Microsoft.DataProtection/Backupvaults",
"location": "WestUS",
"tags": {
"key1": "val1"
},
"properties": {
"monitoringSettings": {
"azureMonitorAlertSettings": {
"alertsForAllJobFailures": "Enabled"
}
},
"provisioningState": "Provisioning",
"storageSettings": [
{
"datastoreType": "VaultStore",
"type": "LocallyRedundant"
}
],
"featureSettings": {
"crossRegionRestoreSettings": {
"state": "Enabled"
}
},
"securitySettings": {
"softDeleteSettings": {
"state": "Enabled",
"retentionDurationInDays": 14
}
},
"secureScore": "Adequate"
}
}{
"identity": {
"principalId": "c009b9a0-0024-417c-83cd-025d3776045d",
"tenantId": "83abe5cd-bcc3-441a-bd86-e6a75360cecc",
"type": "SystemAssigned"
},
"id": "/subscriptions/0b352192-dcac-4cc7-992e-a96190ccc68c/resourceGroups/SampleResourceGroup/providers/Microsoft.DataProtection/Backupvaults/swaggerExample",
"name": "swaggerExample",
"type": "Microsoft.DataProtection/Backupvaults",
"location": "WestUS",
"tags": {
"key1": "val1"
},
"properties": {
"monitoringSettings": {
"azureMonitorAlertSettings": {
"alertsForAllJobFailures": "Enabled"
}
},
"provisioningState": "Succeeded",
"storageSettings": [
{
"datastoreType": "VaultStore",
"type": "LocallyRedundant"
}
],
"featureSettings": {
"crossRegionRestoreSettings": {
"state": "Enabled"
}
},
"securitySettings": {
"softDeleteSettings": {
"state": "Enabled",
"retentionDurationInDays": 14
}
},
"secureScore": "Adequate"
}
}Definitions
| Name | Description |
|---|---|
|
Alerts |
|
|
Azure |
Settings for Azure Monitor based alerts |
|
Backup |
BackupVault |
|
Backup |
BackupVault Resource |
|
BCDRSecurity |
Security Level of Backup Vault |
|
Cloud |
CloudError |
|
Cmk |
The details of the managed identity used for CMK |
|
Cmk |
The properties of the Key Vault which hosts CMK |
|
created |
The type of identity that created the resource. |
|
Cross |
|
|
Cross |
CrossRegionRestore state |
|
Cross |
CrossSubscriptionRestore Settings |
|
Cross |
CrossSubscriptionRestore state |
|
Dpp |
DppIdentityDetails |
|
encryption |
Customer Managed Key details of the resource. |
|
Encryption |
Encryption state of the Backup Vault. |
| Error |
The resource management error response. |
|
Error |
The resource management error additional info. |
|
Feature |
Class containing feature settings of vault |
|
Identity |
The identity type. 'SystemAssigned' and 'UserAssigned' are mutually exclusive. 'SystemAssigned' will use implicitly created managed identity. |
|
Immutability |
Immutability Settings at vault level |
|
Immutability |
Immutability state |
|
Infrastructure |
Enabling/Disabling the Double Encryption state |
|
Monitoring |
Monitoring Settings |
|
Provisioning |
Provisioning state of the BackupVault resource |
|
Resource |
ResourceMoveDetails will be returned in response to GetResource call from ARM |
|
Resource |
Resource move state for backup vault |
|
Secure |
Secure Score of Backup Vault |
|
Security |
Class containing security settings of vault |
|
Soft |
Soft delete related settings |
|
Soft |
State of soft delete |
|
Storage |
StorageSetting |
|
Storage |
Gets or sets the type of the datastore. |
|
Storage |
Gets or sets the type. |
|
system |
Metadata pertaining to creation and last modification of the resource. |
|
User |
User assigned identity properties |
AlertsState
| Value | Description |
|---|---|
| Disabled | |
| Enabled |
AzureMonitorAlertSettings
Settings for Azure Monitor based alerts
| Name | Type | Description |
|---|---|---|
| alertsForAllJobFailures |
BackupVault
BackupVault
| Name | Type | Description |
|---|---|---|
| bcdrSecurityLevel |
Security Level of Backup Vault |
|
| featureSettings |
Feature Settings |
|
| isVaultProtectedByResourceGuard |
boolean |
Is vault protected by resource guard |
| monitoringSettings |
Monitoring Settings |
|
| provisioningState |
Provisioning state of the BackupVault resource |
|
| replicatedRegions |
string[] |
List of replicated regions for Backup Vault |
| resourceGuardOperationRequests |
string[] |
ResourceGuardOperationRequests on which LAC check will be performed |
| resourceMoveDetails |
Resource move details for backup vault |
|
| resourceMoveState |
Resource move state for backup vault |
|
| secureScore |
Secure Score of Backup Vault |
|
| securitySettings |
Security Settings |
|
| storageSettings |
Storage Settings |
BackupVaultResource
BackupVault Resource
| Name | Type | Description |
|---|---|---|
| eTag |
string |
Optional ETag. |
| id |
string |
Resource Id represents the complete path to the resource. |
| identity |
DppIdentityDetails |
|
| location |
string |
Resource location. |
| name |
string |
Resource name associated with the resource. |
| properties |
BackupVault |
|
| systemData |
Metadata pertaining to creation and last modification of the resource. |
|
| tags |
object |
Resource tags. |
| type |
string |
Resource type represents the complete path of the form Namespace/ResourceType/ResourceType/... |
BCDRSecurityLevel
Security Level of Backup Vault
| Value | Description |
|---|---|
| Excellent | |
| Fair | |
| Good | |
| NotSupported | |
| Poor |
CloudError
CloudError
| Name | Type | Description |
|---|---|---|
| error |
The resource management error response. |
CmkKekIdentity
The details of the managed identity used for CMK
| Name | Type | Description |
|---|---|---|
| identityId |
string |
The managed identity to be used which has access permissions to the Key Vault. Provide a value here in case identity types: 'UserAssigned' only. |
| identityType |
The identity type. 'SystemAssigned' and 'UserAssigned' are mutually exclusive. 'SystemAssigned' will use implicitly created managed identity. |
CmkKeyVaultProperties
The properties of the Key Vault which hosts CMK
| Name | Type | Description |
|---|---|---|
| keyUri |
string |
The key uri of the Customer Managed Key |
createdByType
The type of identity that created the resource.
| Value | Description |
|---|---|
| Application | |
| Key | |
| ManagedIdentity | |
| User |
CrossRegionRestoreSettings
| Name | Type | Description |
|---|---|---|
| state |
CrossRegionRestore state |
CrossRegionRestoreState
CrossRegionRestore state
| Value | Description |
|---|---|
| Disabled | |
| Enabled |
CrossSubscriptionRestoreSettings
CrossSubscriptionRestore Settings
| Name | Type | Description |
|---|---|---|
| state |
CrossSubscriptionRestore state |
CrossSubscriptionRestoreState
CrossSubscriptionRestore state
| Value | Description |
|---|---|
| Disabled | |
| Enabled | |
| PermanentlyDisabled |
DppIdentityDetails
DppIdentityDetails
| Name | Type | Description |
|---|---|---|
| principalId |
string |
The object ID of the service principal object for the managed identity that is used to grant role-based access to an Azure resource. |
| tenantId |
string |
A Globally Unique Identifier (GUID) that represents the Azure AD tenant where the resource is now a member. |
| type |
string |
The identityType which can be either SystemAssigned, UserAssigned, 'SystemAssigned,UserAssigned' or None |
| userAssignedIdentities |
<string,
User |
Gets or sets the user assigned identities. |
encryptionSettings
Customer Managed Key details of the resource.
| Name | Type | Description |
|---|---|---|
| infrastructureEncryption |
Enabling/Disabling the Double Encryption state |
|
| kekIdentity |
The details of the managed identity used for CMK |
|
| keyVaultProperties |
The properties of the Key Vault which hosts CMK |
|
| state |
Encryption state of the Backup Vault. |
EncryptionState
Encryption state of the Backup Vault.
| Value | Description |
|---|---|
| Disabled |
CMK encryption is disabled on the Backup Vault. User can not set this state once Encryption State is 'Enabled'. |
| Enabled |
CMK encryption is enabled on the Backup Vault |
| Inconsistent |
CMK encryption is in inconsistent state on the Backup Vault. This state indicates that user needs to retry the encryption settings operation immediately to correct the state. |
Error
The resource management error response.
| Name | Type | Description |
|---|---|---|
| additionalInfo |
The error additional info. |
|
| code |
string |
The error code. |
| details |
Error[] |
The error details. |
| message |
string |
The error message. |
| target |
string |
The error target. |
ErrorAdditionalInfo
The resource management error additional info.
| Name | Type | Description |
|---|---|---|
| info |
object |
The additional info. |
| type |
string |
The additional info type. |
FeatureSettings
Class containing feature settings of vault
| Name | Type | Description |
|---|---|---|
| crossRegionRestoreSettings | ||
| crossSubscriptionRestoreSettings |
CrossSubscriptionRestore Settings |
IdentityType
The identity type. 'SystemAssigned' and 'UserAssigned' are mutually exclusive. 'SystemAssigned' will use implicitly created managed identity.
| Value | Description |
|---|---|
| SystemAssigned | |
| UserAssigned |
ImmutabilitySettings
Immutability Settings at vault level
| Name | Type | Description |
|---|---|---|
| state |
Immutability state |
ImmutabilityState
Immutability state
| Value | Description |
|---|---|
| Disabled | |
| Locked | |
| Unlocked |
InfrastructureEncryptionState
Enabling/Disabling the Double Encryption state
| Value | Description |
|---|---|
| Disabled | |
| Enabled |
MonitoringSettings
Monitoring Settings
| Name | Type | Description |
|---|---|---|
| azureMonitorAlertSettings |
Settings for Azure Monitor based alerts |
ProvisioningState
Provisioning state of the BackupVault resource
| Value | Description |
|---|---|
| Failed | |
| Provisioning | |
| Succeeded | |
| Unknown | |
| Updating |
ResourceMoveDetails
ResourceMoveDetails will be returned in response to GetResource call from ARM
| Name | Type | Description |
|---|---|---|
| completionTimeUtc |
string |
Completion time in UTC of latest ResourceMove operation attempted. ISO 8601 format. |
| operationId |
string |
CorrelationId of latest ResourceMove operation attempted |
| sourceResourcePath |
string |
ARM resource path of source resource |
| startTimeUtc |
string |
Start time in UTC of latest ResourceMove operation attempted. ISO 8601 format. |
| targetResourcePath |
string |
ARM resource path of target resource used in latest ResourceMove operation |
ResourceMoveState
Resource move state for backup vault
| Value | Description |
|---|---|
| CommitFailed | |
| CommitTimedout | |
| CriticalFailure | |
| Failed | |
| InProgress | |
| MoveSucceeded | |
| PartialSuccess | |
| PrepareFailed | |
| PrepareTimedout | |
| Unknown |
SecureScoreLevel
Secure Score of Backup Vault
| Value | Description |
|---|---|
| Adequate | |
| Maximum | |
| Minimum | |
| None | |
| NotSupported |
SecuritySettings
Class containing security settings of vault
| Name | Type | Description |
|---|---|---|
| encryptionSettings |
Customer Managed Key details of the resource. |
|
| immutabilitySettings |
Immutability Settings at vault level |
|
| softDeleteSettings |
Soft delete related settings |
SoftDeleteSettings
Soft delete related settings
| Name | Type | Description |
|---|---|---|
| retentionDurationInDays |
number |
Soft delete retention duration |
| state |
State of soft delete |
SoftDeleteState
State of soft delete
| Value | Description |
|---|---|
| AlwaysOn |
Soft Delete is permanently enabled for the BackupVault and the setting cannot be changed |
| Off |
Soft Delete is turned off for the BackupVault |
| On |
Soft Delete is enabled for the BackupVault but can be turned off |
StorageSetting
StorageSetting
| Name | Type | Description |
|---|---|---|
| datastoreType |
Gets or sets the type of the datastore. |
|
| type |
Gets or sets the type. |
StorageSettingStoreTypes
Gets or sets the type of the datastore.
| Value | Description |
|---|---|
| ArchiveStore | |
| OperationalStore | |
| VaultStore |
StorageSettingTypes
Gets or sets the type.
| Value | Description |
|---|---|
| GeoRedundant | |
| LocallyRedundant | |
| ZoneRedundant |
systemData
Metadata pertaining to creation and last modification of the resource.
| Name | Type | Description |
|---|---|---|
| createdAt |
string |
The timestamp of resource creation (UTC). |
| createdBy |
string |
The identity that created the resource. |
| createdByType |
The type of identity that created the resource. |
|
| lastModifiedAt |
string |
The timestamp of resource last modification (UTC) |
| lastModifiedBy |
string |
The identity that last modified the resource. |
| lastModifiedByType |
The type of identity that last modified the resource. |
UserAssignedIdentity
User assigned identity properties
| Name | Type | Description |
|---|---|---|
| clientId |
string |
The client ID of the assigned identity. |
| principalId |
string |
The principal ID of the assigned identity. |