Forum Discussion
Back up and restore encrypted Azure virtual machines
1- Back up an encrypted VM
If you want to backup an encrypted Azure VM and you have this error :
│ Protected Item Name: "VM;xxxxxxx;xxxxxxxxxxx;xxxxxxxxxxx"): backup.ProtectedItemOperationResultsClient#Get: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="UserErrorKeyVaultPermissionsNotConfigured" Message="Azure Backup Service does not have sufficient permissions to Key Vault for Backup of Encrypted Virtual Machines. Please grant the required permissions to the Azure Backup Service. For more details, refer to http://aka.ms/UserErrorKeyVaultPermissionsNotConfigured " |
Why ?
Azure Backup Service does not have sufficient permissions to Key Vault for Backup of Encrypted Virtual Machines
Solution :
Azure Backup needs read-only access to back up the keys and secrets, along with the associated VMs.
Notes :
2- Restore an encrypted VM
Encrypted VMs can only be restored by restoring the VM disk and creating a virtual machine instance as explained below. Replace existing disk on the existing VM, creating a VM from restore points and files or folder level restore are currently not supported.
Step 01 ==> Restore VM Disks
Step 02 ==> Recreate the VM from the template that was generated during the restore operation. https://learn.microsoft.com/en-in/azure/backup/backup-azure-arm-restore-vms#use-templates-to-customize-a-restored-vm
References :
https://learn.microsoft.com/en-in/azure/backup/backup-azure-vms-encryption
https://learn.microsoft.com/en-in/azure/backup/restore-azure-encrypted-virtual-machines