File Level Backup From Encrypted VM or Encrypted Recovery Point

So being a global admin of EA subscription you have to check backup health ,  perform DR drill or you have test your DR capabilities periodically  . Means the RTO and RPO testing in real time . Whenever we talked about high availability we consider ( Availability Zone / Availability Set + Backup + DR ) . But does this strategy cover single file restoration from VM ? Ans is yes . So let me explain .

You can take VM backup in two way . First through the MARS agent – which will be component level backup and 2nd one is VM backup – where azure will take backup of your entire VM . 

Let’s consider you have taken backup of your VM from azure level and now you want to do file/folder level restoration . Which is absolutely possible . You can do File Recovery . Which is very simple and straight forward process .

Select recovery point and then Azure will guide you through the next step .

But here you will find an another story :

In real time your 99.99% VM will be encrypted through KEK/BEK etc . And if your VM is encrypted or if your VM disk is encrypted then you can’t do file/folder level backup from an encrypted VM . If you try to do so you will get this limitation massage . 

Message : The VM at this recovery point is encrypted. File/folder restore is currently not supported for encrypted VMs. Restore the VM via PowerShell cmdlets.

Ans : there are no powershell command available till date to recover file/folder from here . Unless you have taken backup through MARS agent . And this information is verified from Microsoft Backup Team . So solution is very simple . Restore the entire VM. How ?? Follow my post .