To create a key vault, you must log in to the Azure portal and search for “key vault”. Once done, you will see the above screen. Click “Create Key Vault” to continue.
In the above screen, you are asked to choose a resource group or create one. Again, in this case, I chose to create a new resource group. Then you are asked to create a unique key vault name and choose a region, and pricing tier. I chose the East US region and the standard pricing tier. There is no need to use the premium tier in this case. Once your choices are made, click “Review + Create” to create the key vault.
Step 2: Add Secret to Vault
Once the key vault has been deployed, click “Secrets” from the menu on the left side of the screen.
Now you can add the recovery services vault secret (or any secret for that matter) to the Key Vault. Be sure to label it something that makes sense and click “Create”
Finally, you should be able to see your secret in the recovery services vault.
Conclusion
This is a really simple way to start working with Azure Key Vault. Now you have your secret saved in a location that is not easily compromised or exposed to failure as your home PC.
Over the past few months, I have built a new PC, a home lab, and an Azure environment. Over the next few weeks, I will work to better integrate all three. One of the first steps in this process is setting up Azure Backup for my Windows 11 PC.
Prerequisites
An existing Azure subscription
A Windows PC
Step 1: Create a Recovery Services Vault in the Azure Portal
Login to your azure portal and search for the “Recovery Services Vault”. If you do not have a recovery services vault, you will create one here.
From there you are taken through a wizard to create the Recovery Services Vault. Here you will need to either choose an existing resource group or create a new one. I decided to create a new one because all my resource groups contain related items that can be deleted together. Additionally, you are asked to choose a unique name for the Recovery Services Vault. Once these two things are done, you can click “Review + Create”, and in a few moments, the Recovery Services Vault will be created.
Once your Recovery Services Vault has been created, you can click on the resource and see a menu on the left side. From that menu, you will click Backup. Then you have two choices to make: “Where is the workload running?” and “What do you want to backup?” In my setup, I chose “On-Premises” and “Files and Folders”. Note that it is currently not possible to back up the system state for Windows 11 machines.
Once you click the “Prepare Infrastructure” button, you’ll be brought to the above screen. At this point, is important that you both download the Azure Recovery Services Agent and MOST IMPORTANTLY, the vault credentials. In this example, I am saving the vault credentials to my desktop, but they can and should be saved to Azure Key Vault.
Step 2: Install the Azure Recovery Services Agent
You’ll first need to download the Azure recovery services agent from the previous screen.
The install screen for the Azure recovery services agent should look like the one above.
The Installation will need .Net Framework 4.5 and Windows Powershell. You will need to install these items to proceed with the installation.
As shown in the above screen, this is where you will use the saved vault credentials from the earlier step.
Next, you will be asked to enter a passphrase and a location to save it. You can use your own passphrase generator, but I found it easier to use the passphrase generator provided here. You may also save the passphrase on your local machine as I did here. Once done, click Finish to complete the installation.
Step 3: Configure Your Backup Settings
Now that the installation has finished, you will be able to schedule your first backup.
Open the Azure Backup client on your PC and click “Schedule Backup” on the right side of the screen.
From the screen, as shown above, you will choose which drives you will backup.
You also have the option to exclude some folders and files.
You can specify the times of the backup up to three times a day.
Here you can choose the retention schedule. Initially, I was given what I believed was too many restore points, I adjusted mine accordingly as you can see above.
This is one of the final screens. You are given the choice to send the data online or offline by sending the disks directly to Azure. I chose to send my data online. After this screen, you will click next a few more times and then you are ready to start your first backup at the scheduled time.
Once my download has started, I can verify it is working from the Azure Backup App.
I can also go to my Recovery Services Vault, click the Backup Dashboard, and verify that the job is running.
Conclusion
While there are other ways to backup a PC, this is one of the better ways to get started working with Azure backups and Site Recovery.