If your business runs virtual machines in Microsoft Azure, backing them up is not optional — it is an essential part of your operational and compliance obligations. Azure virtual machines can fail, be corrupted by software errors, be damaged by ransomware attacks, or be accidentally deleted by administrators. Without proper backups, any of these events could result in permanent data loss, extended downtime, and significant financial impact.

The good news is that Azure provides a native, integrated backup service — Azure Backup — that makes protecting your virtual machines straightforward, reliable, and cost-effective. Unlike third-party backup solutions that require separate infrastructure, Azure Backup is built into the Azure platform and integrates seamlessly with your existing virtual machines, storage accounts, and security configurations.

This guide provides a complete, practical walkthrough of Azure VM backup for UK businesses. It covers the concepts you need to understand, the decisions you need to make, the steps to set up backup, and the best practices that ensure your backups are reliable, secure, and compliant with UK data protection requirements including GDPR.

93%

of businesses that lose their data centre for 10+ days file for bankruptcy within 12 months

£3,600

average hourly cost of IT downtime for UK SMEs

99.9%

Azure Backup service availability SLA

9,999 years

maximum retention period supported by Azure Backup

Understanding Azure Backup Concepts

Before configuring Azure Backup, it is important to understand the key concepts that underpin the service. These concepts determine how your backups work, where they are stored, and how you restore from them.

Recovery Services Vault

The Recovery Services Vault is the central management entity for all your backups. It is a storage container in Azure that holds your backup data, backup policies, and recovery points. When you set up Azure VM backup, you create a vault (or use an existing one) and associate your virtual machines with it.

The vault should be in the same Azure region as your virtual machines for optimal performance and to ensure that backup operations do not traverse regions unnecessarily. For UK businesses, this typically means creating a vault in the UK South or UK West region. Importantly, the vault also controls the redundancy level of your backup storage — you can choose between locally redundant storage (LRS), zone-redundant storage (ZRS), or geo-redundant storage (GRS).

Backup Policies

A backup policy defines the schedule and retention rules for your backups. It specifies when backups are taken (daily, weekly, or a custom schedule), how long each backup is retained, and what type of backup is performed. Azure Backup supports both snapshot-based backups (fast, stored locally in the same region) and vault-tier backups (more durable, transferred to the Recovery Services Vault).

Understanding Backup Consistency Levels

Azure VM backup supports three consistency levels. Application-consistent backups capture the VM in a fully consistent state, including all in-memory data and pending I/O operations — this is the gold standard and ensures applications like SQL Server resume without data loss. File-system-consistent backups ensure all files are written to disk but may not capture in-memory application state. Crash-consistent backups capture the disk state at the point in time, similar to an unexpected power-off — the VM will boot but applications may need to perform recovery. Always aim for application-consistent backups by ensuring the Azure Backup agent is properly installed and the VM extensions are functioning.

Setting Up Azure VM Backup: Step by Step

The process of enabling Azure Backup for a virtual machine is straightforward. Here is the high-level process, along with the key decisions at each step.

First, create a Recovery Services Vault in the Azure portal. Choose the same region as your VMs (UK South is the primary Azure UK region), and select your storage redundancy option. For most UK SMEs, geo-redundant storage (GRS) is recommended because it replicates your backup data to a secondary Azure region (UK West), protecting against a complete regional outage.

Second, create a backup policy or use the default policy. The default policy takes a daily backup at a time you specify and retains daily backups for 30 days, weekly backups for 12 weeks, monthly backups for 36 months, and yearly backups for 10 years. For many businesses, this default is more than adequate, but you can customise it to match your specific retention requirements.

Third, associate your virtual machines with the vault and apply the backup policy. This can be done from the VM blade in the Azure portal (under Operations > Backup) or from the Recovery Services Vault blade. Azure automatically installs a backup extension on the VM, and backups begin according to the policy schedule.

Choosing the Right Storage Redundancy

Redundancy Type	Data Copies	Protection Against	Cost	Recommended For
LRS (Locally Redundant)	3 copies in one data centre	Hardware failure	Lowest	Non-critical workloads, dev/test
ZRS (Zone Redundant)	3 copies across availability zones	Data centre failure	Medium	Production workloads in single region
GRS (Geo-Redundant)	6 copies across two regions	Regional disaster	Highest	Business-critical, compliance-driven

For UK businesses subject to GDPR, the choice of redundancy also has a data residency dimension. With GRS, your backup data is replicated from UK South to UK West (or vice versa), keeping all data within the United Kingdom. This satisfies the data residency requirements that many UK businesses need to meet, particularly those in regulated industries such as finance, healthcare, and legal services.

Backup Monitoring and Alerting

Setting up backups is only half the battle — you also need to ensure they are running successfully every day. A backup that has been silently failing for weeks is worse than no backup at all, because it creates a false sense of security.

Azure Backup provides built-in monitoring through the Recovery Services Vault dashboard, which shows the status of all backup jobs, alerts for failures, and compliance with your backup policy. However, you should also configure email alerts for backup failures so that someone is notified immediately when a backup does not complete successfully.

Additionally, you should perform regular test restores — at least quarterly — to verify that your backups can actually be restored successfully. A backup that cannot be restored is worthless. Test restores also help you measure your actual recovery time, which is critical for business continuity planning.

Businesses with automated backup

74%

Businesses monitoring backup success

52%

Businesses testing restores regularly

28%

Businesses with documented DR plan

35%

Businesses with geo-redundant backup

41%

Restoring Azure Virtual Machines

When you need to restore a VM, Azure Backup provides several options depending on what you need to achieve. You can create a new VM from a recovery point, which is the most common scenario for replacing a failed or corrupted VM. You can restore the VM disks to a storage account, then attach them to a new or existing VM — useful when you need to restore specific data files rather than the entire VM. You can replace existing VM disks, which swaps the current disks with the backed-up versions in place. Or you can use cross-region restore (if using GRS) to restore a VM in the secondary region during a regional disaster.

Restore times depend on the size of the VM and its disks. A typical VM with a 128 GB OS disk and a 256 GB data disk can be restored from the snapshot tier in 10 to 30 minutes, or from the vault tier in one to four hours. These timescales should be factored into your business continuity planning when defining your Recovery Time Objective (RTO).

Azure Backup Best Practices

Use geo-redundant storage for business-critical VMs
Enable backup before deploying production workloads
Configure email alerts for backup failures
Perform quarterly test restores
Document your recovery procedures
Use application-consistent backup settings
Review retention policies annually
Enable soft delete for ransomware protection

Common Backup Mistakes

Assuming Azure handles backup automatically
Never testing restores until a real disaster strikes
Ignoring backup failure alerts
Insufficient retention for compliance requirements
Using LRS for production data (no regional protection)
No documented recovery procedures
Backup policy not reviewed after VM changes
Soft delete disabled, leaving backups vulnerable

Azure Backup Security

Protecting your backups is as important as creating them. Ransomware attackers increasingly target backup infrastructure, knowing that if they can encrypt or delete backups as well as production data, the victim has no choice but to pay the ransom. Azure Backup includes several features specifically designed to defend against this threat.

Soft delete is enabled by default on Recovery Services Vaults and retains deleted backup data for 14 additional days. If an attacker (or an accidental action) deletes a backup, it can be recovered within this window. Multi-user authorisation (MUA) requires approval from a designated security administrator before critical operations like disabling backup or reducing retention — preventing a compromised admin account from destroying backups. And immutable vaults, available in preview, prevent backup data from being deleted before its retention period expires, regardless of who requests the deletion.

For UK businesses subject to GDPR, the ICO recommends that backup data is encrypted and protected with access controls. Azure Backup encrypts all data at rest using 256-bit AES encryption and in transit using TLS 1.2. Access to backup operations is controlled through Azure Role-Based Access Control (RBAC), allowing you to grant backup operators the minimum permissions they need.

Soft delete enabledEssential

RBAC roles configuredEssential

Multi-user authorisationRecommended

Immutable vault (where available)Recommended

Backup alerts to IT teamEssential

Cost Management

Azure Backup costs are based on two components: the size of the protected data (per GB per month for vault-tier storage) and the number of protected instances. As of current pricing for the UK South region, a standard VM backup instance costs approximately £8 per month, plus storage costs of around £0.02 to £0.05 per GB per month depending on the redundancy level chosen.

For a typical UK SME running five Azure VMs with an average of 200 GB of data each, the monthly backup cost would be approximately £40 for instances plus £50 to £100 for storage, totalling £90 to £140 per month for full geo-redundant protection. This is a remarkably small price to pay for the peace of mind that your business can recover from any disaster.

To optimise costs, review your retention policies to ensure you are not retaining backups longer than necessary. Use tiered storage options where available to move older recovery points to cheaper archive storage. And tag your VMs consistently so that backup costs can be tracked and allocated to the appropriate cost centre.

Need Help with Azure Backup?

Cloudswitched provides Azure backup configuration and management for UK businesses. From initial setup and policy design to ongoing monitoring, test restores, and disaster recovery planning, we ensure your Azure virtual machines are fully protected. Contact us to discuss your backup requirements.

GET IN TOUCH

Tags:Azure BackupVirtual MachinesCloud Backup

CloudSwitched

Centrally located in London, Shoreditch, we offer a range of IT services and solutions to small/medium sized companies.

How to Back Up Azure Virtual Machines