Azure Backup
The presented resiliency recommendations in this guidance include Backup and associated settings.
Summary of Recommendations
|
Recommendation | Category | Impact | State | ARG Query Available |
---|---|---|---|---|
BK-1 - Migrate from classic alerts to built-in Azure Monitor alerts for Azure Recovery Services Vaults | Monitoring | Medium | Verified | Yes |
BK-2 - Opt-in to Cross Region Restore for all Geo-Redundant Storage (GRS) Azure Recovery Services vaults | Disaster Recovery | Medium | Verified | Yes |
Recommendations Details
BK-1 - Migrate from classic alerts to built-in Azure Monitor alerts for Azure Recovery Services Vaults
Category: Monitoring
Impact: Medium
Guidance
On 31 March 2026, classic alerts for Recovery Services vaults in Azure Backup will be retired and no longer supported. Before that date, transition to built-in Azure monitor alerting solution. Using Azure Monitor Alerts you can:
- Configure notifications to a wide range of notification channels.
- Enable notifications for selective scenarios.
- Monitor alerts at-scale via Backup center.
- Manage alerts and notifications programmatically.
- Consistent alert management for multiple Azure services, including backup.
Resources
Resource Graph Query
// This Resource Graph query will return all Recovery services vault with Classic alerts enabled.
resources
| where type in~ ('microsoft.recoveryservices/vaults')
| extend monitoringSettings = parse_json(properties).monitoringSettings
| extend isUsingClassicAlerts = case(isnull(monitoringSettings),'Enabled',monitoringSettings.classicAlertSettings.alertsForCriticalOperations)
| extend isUsingJobsAlerts = case(isnull(monitoringSettings), 'Enabled', monitoringSettings.azureMonitorAlertSettings.alertsForAllJobFailures)
| where isUsingClassicAlerts == 'Enabled'
| project recommendationId = "bk-1", name, id, tags, param1=strcat("isUsingClassicAlerts: ", isUsingClassicAlerts), param2=strcat("isUsingJobsAlerts: ", isUsingJobsAlerts)
BK-2 - Opt-in to Cross Region Restore for all Geo-Redundant Storage (GRS) Azure Recovery Services vaults
Category: Disaster Recovery
Impact: Medium
Guidance
Cross Region Restore allows you to restore Azure VMs in a secondary region, which is an Azure paired region. This option allows you to conduct drills to meet audit or compliance requirements, and to restore the VM or its disk if there’s a disaster in the primary region. CRR is an opt-in feature for any GRS vault only.
Resources
- Set Cross Region Restore
- Azure Backup Best Practices
- Minimum Role Requirements for Cross Region Restore
- Recovery Services Vault
Resource Graph Query
// Azure Resource Graph Query
// Displays all recovery services vaults that do not have cross region restore enabled
resources
| where type == "microsoft.recoveryservices/vaults"
| where properties.properties.enableCrossRegionRestore != true
| project recommendationId = "bk-2", name, id, tags