File Level Backup From Encrypted VM or Encrypted Recovery Point
So being a global admin of EA subscription you have to check backup health , perform DR drill or you have test your DR capabilities periodically . Means the RTO and RPO testing in real time . Whenever we talked about high availability we consider ( Availability Zone / Availability Set + Backup + DR ) . But does this strategy cover single file restoration from VM ? Ans is yes . So let me explain .
You can take VM backup in two way . First through the MARS agent – which will be component level backup and 2nd one is VM backup – where azure will take backup of your entire VM .
Let’s consider you have taken backup of your VM from azure level and now you want to do file/folder level restoration . Which is absolutely possible . You can do File Recovery . Which is very simple and straight forward process .
Select recovery point and then Azure will guide you through the next step .
But here you will find an another story :
In real time your 99.99% VM will be encrypted through KEK/BEK etc . And if your VM is encrypted or if your VM disk is encrypted then you can’t do file/folder level backup from an encrypted VM . If you try to do so you will get this limitation massage .
Message : The VM at this recovery point is encrypted. File/folder restore is currently not supported for encrypted VMs. Restore the VM via PowerShell cmdlets.
Ans : there are no powershell command available till date to recover file/folder from here . Unless you have taken backup through MARS agent . And this information is verified from Microsoft Backup Team . So solution is very simple . Restore the entire VM. How ?? Follow my post .