I always like to create some automation tasks to replace the tedious manual click job. This can be very helpful for customers with large environment. In this blog, I want to share the Azure Runbook which I made to run at the Azure background and automatically back up the VMs with tag@{backup = ‘true’}. This can standardize the VM backup with certain backup policy and automatically audit the environment and make sure to back up the required computing VM resources.

In order to run the runbook, add below modules into your Azure automation account environment:

  • RecoveryServices Version 4.1.4
  • RecoveryServices.backup Version 4.3.0


Below is the Runbook PS script file:

#define login


function Login() {

$connectionName = "AzureRunAsConnection"



Write-Verbose "Acquiring service principal for connection '$connectionName'" -Verbose


$servicePrincipalConnection = Get-AutomationConnection -Name $connectionName


Write-Verbose "Logging in to Azure..." -Verbose


Add-AzureRmAccount `

-ServicePrincipal `

-TenantId $servicePrincipalConnection.TenantId `

-ApplicationId $servicePrincipalConnection.ApplicationId `

-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint | Out-Null


catch {

if (!$servicePrincipalConnection)


$ErrorMessage = "Connection $connectionName not found."

throw $ErrorMessage

} else{

Write-Error -Message $_.Exception

throw $_.Exception







#define global variables


$rsVaultName = "myRsVault"

$rgName = "edmond-guo-rg"

$location = "Australia Southeast"

$keyvault = "edkeyvault1"

$vmrg = "VMs"

$backupvms = (Get-AzureRmResource -Tag @{ backup="true"} -ResourceGroupName edmond-guo-rg -ResourceType Microsoft.Compute/virtualMachines).Name


# Register the Recovery Services provider and create a resource group


Register-AzureRmResourceProvider -ProviderNamespace "Microsoft.RecoveryServices"


# Create a Recovery Services Vault and set its storage redundancy type


New-AzureRmRecoveryServicesVault `

-Name $rsVaultName `

-ResourceGroupName $rgName `

-Location $location

$vault1 = Get-AzureRmRecoveryServicesVault –Name $rsVaultName

Set-AzureRmRecoveryServicesBackupProperties -Vault $vault1 -BackupStorageRedundancy LocallyRedundant


# Set Recovery Services Vault context and create protection policy


Get-AzureRmRecoveryServicesVault -Name $rsVaultName | Set-AzureRmRecoveryServicesVaultContext

$schPol = Get-AzureRmRecoveryServicesBackupSchedulePolicyObject -WorkloadType "AzureVM"

$retPol = Get-AzureRmRecoveryServicesBackupRetentionPolicyObject -WorkloadType "AzureVM"




foreach($backupvm in $backupvms)


# Provide permissions to Azure Backup to access key vault and enable backup on the VM


Set-AzureRmKeyVaultAccessPolicy -VaultName $keyvault -ResourceGroupName $rgName -PermissionsToKeys backup,get,list -PermissionsToSecrets backup,get,list -ServicePrincipalName 17078714-cbca-45c7-b486-5d9035fae0b5

$pol = Get-AzureRmRecoveryServicesBackupProtectionPolicy -Name "NewPolicy"

Enable-AzureRmRecoveryServicesBackupProtection -Policy $pol -Name $backupvm -ResourceGroupName $vmrg


# Modify protection policy


$retPol = Get-AzureRmRecoveryServicesBackupRetentionPolicyObject -WorkloadType "AzureVM"

$retPol.DailySchedule.DurationCountInDays = 365

$pol = Get-AzureRmRecoveryServicesBackupProtectionPolicy -Name "NewPolicy"

Set-AzureRmRecoveryServicesBackupProtectionPolicy -Policy $pol -RetentionPolicy $RetPol


# Trigger a backup and monitor backup job


$namedContainer = Get-AzureRmRecoveryServicesBackupContainer -ContainerType "AzureVM" -Status "Registered" -FriendlyName $backupvm

$item = Get-AzureRmRecoveryServicesBackupItem -Container $namedContainer -WorkloadType "AzureVM"

$job = Backup-AzureRmRecoveryServicesBackupItem -Item $item

$joblist = Get-AzureRmRecoveryservicesBackupJob –Status "InProgress"

Wait-AzureRmRecoveryServicesBackupJob `

-Job $joblist[0] `

-Timeout 43200


So this runbook job will run every day at 5AM and taking the VM snapshot and save the VM backup images in your Backup Vault which is defined in the script.


Hopefully this runbook script can help you with the day to day operations task. 😉


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: