Azure Azure Backup

Azure Backup: Create a Recovery Services vault with Azure PowerShell

A Recovery Services vault is an online storage entity used to backup workloads in or to Azure based on the Azure Resource Manager model.

You can use it to hold backup data for various Azure resources such as IaaS virtual machines (VMs), Windows or Linux, and SQL Server databases running in those VMs. It can also be used to backup your file share data in your Azure Files and with the use of the Microsoft Azure Recovery Services (MARS) agent it can backup and restore files, folders, and the system state of an on-premises server. With System Center Data Protection Manager (SCDPM) or Azure Backup Server (MABS) it also enables you to make cloud backups, in addition to disk backups from you on-premises servers.

These days it is quite easy to create or manage a Recovery Services vault through the Azure portal, but it is even faster when you make use of a scripting language like Azure PowerShell to automate the setup. Therefore, below you can find the Azure PowerShell script I mostly use to do all the work for me.

This Azure PowerShell script will do all of the following:

  • Checks if PowerShell is run as administrator, otherwise the PowerShell window will be closed (only applies when running the script in Windows Terminal or Windows PowerShell).
  • Import the Azure PowerShell AZ module into the PowerShell session.
  • Suppress breaking change warning messages.
  • Create a resource group.
  • Create a recovery services vault.
  • Add some resource tags for the resource group and the recovery services vault.
  • Specify the storage redundancy type for the recovery services vault. You can only use Locally Redundant Storage (LRS) or Geo Redundant Storage (GRS).
  • Set the resource group for storing instant recovery points of managed virtual machines (for the DefaultPolicy).

To use the script copy and save it as Create-an-Azure-Backup-Recovery-Services-vault.ps1 or download it from GitHub. First adjust all variables to your use and afterwards run the script with Administrator privileges from Windows Terminal, Windows PowerShell, Visual Studio Code or Azure Cloud Shell.

You can only change the Storage Replication type (Locally redundant/ Geo-redundant) for a Recovery Services vault when their is no backup data configured or stored in the vault. Once you configure any backup, the option to modify the replication type is disabled.

As a best practice you should use the default Geo-redundant setting when you use Azure Backup as your primary backup location.

Azure PowerShell script


A script used to create an Azure Backup Recovery Services vault.


A script used to create an Azure Backup Recovery Services vault in a resource group. When the Recovery Services vault is created with the necessary resource tags, the storage redundancy type will be set. Also the resource group for storing instant recovery points of managed virtual machines for the DefaultPolicy will be set.


Filename:       Create-an-Azure-Backup-Recovery-Services-vault.ps1
Created:        11/09/2020
Last modified:  11/09/2020
Author:         Wim Matthyssen
PowerShell:     Azure Cloud Shell or Azure PowerShell
Version:        Install latest modules if using Azure PowerShell
Action:         Change variables were needed to fit your needs. Before running the script logon with "Connect-AzAccount" and select the correct Azure Subscription
Disclaimer:     This script is provided "As IS" with no warranties.





## ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Prerequisites

## Check if running as Administrator, otherwise close the PowerShell window (if not run in Azure Cloud Shell)

$CurrentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
$IsAdministrator = $CurrentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
if ($IsAdministrator -eq $false) {
    Write-Host ($writeEmptyLine + "# Please run PowerShell as Administrator" + $writeSeperator + $time)`
    -foregroundcolor $foregroundColor1 $writeEmptyLine
    Start-Sleep -s 5

## Import Az module into the PowerShell session (if not run in Azure Cloud Shell)

Import-Module Az

## Suppress breaking change warning messages

Set-Item Env:\SuppressAzurePowerShellBreakingChangeWarnings "true"

## ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Variables

$global:currenttime= Set-PSBreakpoint -Variable currenttime -Mode Read -Action {$global:currenttime= Get-Date -UFormat "%A %m/%d/%Y %R"}
$foregroundColor1 = "Red"
$writeEmptyLine = "`n"
$writeSeperator = "-"
$writeSeperatorSpaces = " - "

$customerName ="myh"
$hub = "hub"
$location = "westeurope"
$rgBackupHub = "rg" + $writeSeperator + $customerName + $writeSeperator + $hub + $writeSeperator + "backup"
$vaultNumber = "01"
$vaultName = "rsv" + $writeSeperator + $customerName + $writeSeperator + $hub + $writeSeperator + $vaultNumber
$storageRedundancyLRS = "LocallyRedundant"
$storageRedundancyGRS = "GeoRedundant"
$rgBackupInstantRecoveryName= "rg" + $writeSeperator + $customerName + $writeSeperator + $hub + $writeSeperator + "backup" + $writeSeperator + "irp" + $writeSeperator + "0" 

$tagCostCenter = "it"
$tagBusinessCriticality1 = "critical"
$tagBusinessCriticality2 = "high"
$tagBusinessCriticality3 = "medium"
$tagBusinessCriticality4 = "low"
$tagBackup = "backup"

## ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

# Register the Azure Recovery Service provider with your subscription (only necessary if you use Azure Backup for the first time)

Register-AzResourceProvider -ProviderNamespace "Microsoft.RecoveryServices"

## ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

# Create resource group for the Recovery Services vault

New-AzResourceGroup -Name $rgBackupHub -Location $location `
-Tag @{env=$hub;costCenter=$tagCostCenter;businessCriticality=$tagBusinessCriticality1;applicationName=$tagBackup;region=$location}

Write-Host ($writeEmptyLine + "# Resource group " + $rgBackupHub + " created" + $writeSeperatorSpaces + $currentTime)`
-foregroundcolor $foregroundColor1 $writeEmptyLine

## ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Create the Recovery Services vault

New-AzRecoveryServicesVault -Name $vaultName -ResourceGroupName $rgBackupHub -Location $location `
-Tag @{env=$hub;costCenter=$tagCostCenter;businessCriticality=$tagBusinessCriticality1;applicationName=$tagBackup;region=$location}

Write-Host ($writeEmptyLine + "# Recovery Services vault " + $vaultName + " created" + $writeSeperatorSpaces + $currentTime)`
-foregroundcolor $foregroundColor1 $writeEmptyLine

## ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Specify the type of storage redundancy for the Recovery Services vault

$varVault = Get-AzRecoveryServicesVault –Name $vaultName -ResourceGroupName $rgBackupHub
$backupStorageRedundancy = $storageRedundancyLRS

Set-AzRecoveryServicesBackupProperty -Vault $varVault -BackupStorageRedundancy $backupStorageRedundancy

Write-Host ($writeEmptyLine + "# Redundancy for " + $vaultName + " set to " + $backupStorageRedundancy + $writeSeperatorSpaces + $currentTime)`
-foregroundcolor $foregroundColor1 $writeEmptyLine

## ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Set resource group for storing instant recovery points of managed virtual machines (for the DefaultPolicy)

Get-AzRecoveryServicesVault -Name $vaultName | Set-AzRecoveryServicesVaultContext

$bkpPol = Get-AzRecoveryServicesBackupProtectionPolicy -name "DefaultPolicy"
$bkpPol.AzureBackupRGName = $rgBackupInstantRecoveryName

Set-AzRecoveryServicesBackupProtectionPolicy -policy $bkpPol

Write-Host ($writeEmptyLine + "# Instant recovery points resource group set for the DefaultPolicy " + $writeSeperatorSpaces + $currentTime)`
-foregroundcolor $foregroundColor1 $writeEmptyLine

## ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

I hope this Azure PowerShell script is useful for you and provides you with a good starting point to get started with Azure Backup in your Azure environment(s). If you have any questions or recommendations about it, feel free to contact me through my Twitter handle or to leave a comment.

2 comments on “Azure Backup: Create a Recovery Services vault with Azure PowerShell

  1. Pingback: Azure Back to School: Azure Backup for Azure IaaS resources – Wim Matthyssen

  2. Pingback: Festive Tech Calendar 2020: Let’s help to get your Azure Backup implementation under control – Wim Matthyssen

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: