Backup Azure

Protecting ALL Azure VMs with Azure Backup

Script using bicep to protect all your Azure Virtual Machines using Azure Backup Vaults

Introduction

Based on my article last week I have since extended the original bicep with some powershell to enable protection across all Azure Virtual Machines with Azure Backup. In order for this to ensure I capture all VM’s old and new I’m running the this script from Azure DevOps on a daily schedule

Step-by-Step Implementation Guide

Prerequisites

Before you begin, ensure you have the following:

  • An Azure subscription
  • An Azure DevOps environment
  • Visual Studio Code with Bicep extension
  • Basic understanding of DevOps pipelines & Azure Backup concepts

Using Bicep to Protect All Existing Virtual Machines

Step 1: Create a new DevOps Pipeline

Create a new DevOps pipeline using the below yaml as an example

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55

trigger:
- main

pool:
  vmImage: 'ubuntu-latest'

steps:
- task: AzureCLI@2
  inputs:
    azureSubscription: '<Your Azure Service Connection>'
    scriptType: 'ps'
    scriptLocation: 'inlineScript'
    inlineScript: |

      # Get all VMs in the subscription
      $vms = Get-AzVM

      # Create a Bicep file to associate VMs with a backup policy
      $bicepContent = @"
      param vms array
      param backupPolicyName string
      param vaultName string
      param resourceGroupName string

      resource recoveryServicesVault 'Microsoft.RecoveryServices/vaults@2021-01-01' existing = {
        name: vaultName
        scope: resourceGroup(resourceGroupName)
      }

      resource backupPolicy 'Microsoft.RecoveryServices/vaults/backupPolicies@2021-01-01' existing = {
        name: backupPolicyName
        parent: recoveryServicesVault
      }

      resource vmBackupAssociation 'Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems@2021-01-01' = [for vm in vms: {
        name: '\${vm.name}-backup'
        properties: {
          protectedItemType: 'Microsoft.Compute/virtualMachines'
          sourceResourceId: vm.id
          policyId: backupPolicy.id
        }
      }]
      "@

      # Save the Bicep content to a file
      $bicepFilePath = "associateVMsToBackupPolicy.bicep"
      $bicepContent | Out-File -FilePath $bicepFilePath

      # Define the parameters (replace with your actual values)
      $backupPolicyName = "{policy-name}"
      $vaultName = "{vault-name}"
      $resourceGroupName = "{resource-group-name}"

      # Deploy the Bicep file
      az deployment group create --resource-group $resourceGroupName --template-file $bicepFilePath --parameters vms=$vms backupPolicyName=$backupPolicyName vaultName=$vaultName resourceGroupName=$resourceGroupName

Step 2: Verify the Resources

After deployment, verify that the Recovery Services vault, backup policy, and backup protection for all existing virtual machines have been created and are configured as expected. You can do this by navigating to the Azure portal and checking the resources under the Recovery Services vault section.

Conclusion

Azure Backup provides a comprehensive solution for protecting your data in the cloud. By using Bicep to define and deploy your backup resources, you can ensure consistency, simplify management, and leverage DevOps practices for continuous integration and deployment. Azure Backup enhances your ability to protect and manage your data assets seamlessly.

Learn More

For more detailed information and tutorials, visit the following Microsoft Learn resources: