Back up and restore encrypted Azure virtual machines

Brass Contributor

1- Back up an encrypted VM

If you want to backup an encrypted Azure VM and you have this error  : 

MohamedT_Trabelsi_6-1706023921563.png

 

Protected Item Name: "VM;xxxxxxx;xxxxxxxxxxx;xxxxxxxxxxx"): backup.ProtectedItemOperationResultsClient#Get: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="UserErrorKeyVaultPermissionsNotConfigured" Message="Azure Backup Service does not have sufficient permissions to Key Vault for Backup of Encrypted Virtual Machines. Please grant the required permissions to the Azure Backup Service. For more details, refer to http://aka.ms/UserErrorKeyVaultPermissionsNotConfigured "

 

Link : https://learn.microsoft.com/en-us/azure/backup/backup-azure-troubleshoot-vm-backup-fails-snapshot-ti...

 

MohamedT_Trabelsi_0-1706023093541.png

Why ? 

Azure Backup Service does not have sufficient permissions to Key Vault for Backup of Encrypted Virtual Machines

 

Solution : 

Azure Backup needs read-only access to back up the keys and secrets, along with the associated VMs.

 

MohamedT_Trabelsi_5-1706023698350.png

 

 

MohamedT_Trabelsi_4-1706023664142.png

 

Notes : 

 

MohamedT_Trabelsi_7-1706024013649.png

2- Restore an encrypted VM

Encrypted VMs can only be restored by restoring the VM disk and creating a virtual machine instance as explained below. Replace existing disk on the existing VM, creating a VM from restore points and files or folder level restore are currently not supported.

 

Step 01 ==> Restore VM Disks

MohamedT_Trabelsi_8-1706024304939.png

 

Step 02 ==> Recreate the VM from the template that was generated during the restore operation. https://learn.microsoft.com/en-in/azure/backup/backup-azure-arm-restore-vms#use-templates-to-customi...

 

References : 

https://learn.microsoft.com/en-in/azure/backup/backup-azure-vms-encryption

https://learn.microsoft.com/en-in/azure/backup/restore-azure-encrypted-virtual-machines

 

0 Replies