You dont have javascript enabled! Please enable it!

6 Azure Backup Best Practices to Save Costs

11 Min. Read

Data protection in today’s world is becoming more critical than ever. With the increasing amounts of data in this all-connected world comes more data that needs to be protected. According to various reports, data protection is listed as one of the top 5 priorities that IT leaders and businesses continue to have in today’s world. However, storage backup costs are still a challenging factor for many organizations today.

This article will share with you 6 Azure Backup best practices to help you optimize and save costs, as well as show you how the new Vault Archive tier helps to reduce your backup costs even further.

Updated – 07/04/2022 – The Azure Backup’s archive Tier support for Azure Virtual Machines is now generally available in selected regions and will be slowly rolled out across other regions in the next few weeks.


Azure Backup ensures your backup data is stored securely by leveraging the built-in security capabilities of the Azure platform role-based access control (RBAC) and encryption. In addition, with the new capabilities for soft-delete, Azure Backup protects against any accidental and malicious attempts for deleting your backups.

With a powerful architecture built into Azure, Azure Backup does all this for you in a simple, secure, and cost-effective manner without needing you to worry about anything at all.

The Azure Backup team recently announced that you can now retain your backups for a longer duration in a cost-effective manner using the new Azure Backup’s Archive tier for your Azure Virtual Machines, SQL Server running in Azure Virtual Machines, and Azure Database for PostgreSQL (PaaS) service. Alongside moving your long-term retention (LTR) points to the low-cost Archive tier, you can also perform restores from the Archive tier using a simplified integrated approach.

In this article, we will share with you how to reduce costs using Azure Backup by leveraging the new Vault Archive tier so you can start optimizing your costs while using Azure Backup.

Azure Backup Pricing

Before we start talking about the new Vault Archive tier, let’s look at how Azure Backup pricing works today.

As you probably know, Azure Backup has two pricing components:

1) The first one is protected instances, this is like a management fee to enable and manage discovery configuration, auto protection policy, movement of data in a secure manner, and more. The definition of 1 instance varies across workloads, you can refer to the pricing page here for more details.

2) The second component is backup storage, this is a simple pay-as-you-go component you pay per GB to store your data.

Let’s discuss some of the details of each of these two components starting with the protected instances.

  • The protected instance is applicable for most workloads where your data is moved into the Recovery Services vault and it depends on the size of the data that you’re protecting. In some cases, like Azure Files, there is currently the option of an operational tier, also known as the snapshot management, where there is a flat fee only. Check the following detailed article about Azure Backup pricing for Azure Files. However, for the newer workloads like disks and blobs, you discover, configure and manage the operational tier backups for free. You only pay for the snapshots that are taken as part of the backups.
  • The second component is backup storage. With the recent changes announced by Microsoft, backup storage has two tiers, the standard tier, and the archive tier. In the standard tier, you can choose the availability of your backup data across a variety of options. The default option is Geo-Redundant storage (GRS), and if you enable ‘Cross Region Restore‘, Microsoft will automatically upgrade it to Read-access Geo-redundant storage (RA-GRS).

An important point to understand about Azure Backup pricing is, that there are no hidden or additional charges. This is a simple price per GB option without any additional transactions, geo-replication, restore, or egress charges. Microsoft has eliminated these components for you to ensure that you can have simple pricing.

Additionally, the newly added archive tier will help you save costs for your long-term retention needs (more on this in the next section), but before we go into the details of optimizing your storage backup costs, here’s a summary of Azure Backup pricing at the time of this writing.

The Vault – Archive Tier price is $0.0027 per GB for LRS and $0.0054 per GB for a backup vault set with GRS.

Azure Backup Pricing
Azure Backup Summary Pricing – [Image Credit Microsoft]
As shown in the figure above, the Azure Backup team has added multiple workloads in the last few months and they continue to add new features under the hood.

Optimize and save on storage costs

As illustrated in the previous section, we saw how Azure backup pricing works. It’s simple right? Microsoft wants to make it simpler by helping you optimize your backup costs even further with the introduction of the Azure Backup Vault-Archive tier.

In the next sections, I’m going to list 6 backup best practices that can help you save on backup costs, starting from budgeting your backup, using specific features, and choosing the right backup policy, there are multiple ways we can combine to reduce backup costs.

Optimize and save costs while using Azure Backup
Optimize and save costs while using Azure Backup

1) Azure Backup budgeting

Before you even start using Azure Backup for budgeting your backup costs, you should always start with the pricing calculator on the Azure website. However, if you need to get a customized elaborate estimate for a long duration, you can download the detailed pricing calculator excel sheet from the following link. This is a comprehensive tool that the Azure Backup team has built to help you estimate your backup storage needs in the long run.

Azure Backup Detailed Estimation Tool
Azure Backup Detailed Estimation Tool

The Azure Backup detailed estimation tool also provides you with trends to help you understand how your backup storage footprint could grow, depending on the amount of data that churn* in your environment, the policy used to backup, and multiple other options, you can customize more than 15 variables to help you estimate as accurately as possible. Microsoft will keep this tool updated (it’s version 8.2 at the time of this writing), and when they introduce new features you will see these added to the pricing calculator tool.

* The churn is the amount of new data every day (that is, written or appended to existing files).

2) Use Selective disk to backup

For one of your key scenarios, which is backing up Azure IaaS VMs, you can use Selective Disk Backup, which allows you to choose and backup only certain disks within your VM.

This helps reduce your backup storage footprint for two scenarios, when you need to protect only critical data in selected disks or when you need to backup only the operating system (OS) disk.

Use Selective Disk to backup
Use Selective Disk to backup

Currently, the ability to configure selective disks backup through the Azure Portal is limited to the Backup OS Disk as the only option. So you can configure the backup of your Azure VM with OS disk, and exclude all the data disks attached to it. However, using PowerShell or Azure CLI, you can configure selective disk backup of the Azure VM. By using a script, you can include or exclude data disks using their LUN numbers.

3) Choose the right storage redundancy

When you start protection with Azure Backup, you start with a Recovery Services vault. When you create a vault, the default is set to Geo-Redundant storage (GRS). However, for your dev-test workloads, you may choose to use Locally-redundant storage (LRS) vault if you do not need the same level of protection because LRS costs almost half of the GRS price.

Azure Backup Storage replication type
Azure Backup Storage replication type

Choosing the right storage redundancy for different types of backup data can help you optimize your costs.

4) Cleanup inactive data sources

Once you have all your backups configured, you can start managing all of them using the Backup center, which is a single pane of glass for all things backup in Azure.

Assuming you have already configured the Diagnostic settings for your Recovery Services vault to Log Analytics workspace as described in this article, then within the Backup center, you can choose Backup reports under the Monitoring + reporting section, and specifically, a tab called Optimize.

On the ‘Optimize‘ page, you have two different sections today, the Inactive Resources tab, and the Policy Optimizations tab.

Starting with Inactive Resources as shown in the figure below, this tab helps you provide the list of all deleted and inactive data sources in the chosen period for which you continue to store backups.

Backup Center | Inactive Resources
Backup Center | Inactive Resources

Going through this list, you can easily spot all the backup data that you do not need anymore and clean them up.

5) Use the right retention policy

The other option in the Backup center | Optimize tab is Policy Optimizations which can help you to make sure you’re using the right retention duration and type.

Withing the Policy Optimizations section as shown in the figure below, you have the Retention Optimizations tab to identify backup instances with a large retention duration, and the Backup Schedule Optimizations tab to identify databases configured for a daily full backup.

Backup Center | Policy Optimizations
Backup Center | Policy Optimizations

For example, as shown in the backup policy for SQL, you could choose to use weekly full backup instead of daily full backup for database backups, and then choose daily Differential Backup along with Log Backup for your databases with SQL Backup Compression enabled. This helps reduce your storage footprint significantly.

SQL Server in Azure VM Backup Policy
SQL Server in Azure VM Backup Policy

The restore experience is unaffected by this as Azure Backup automatically picks the right full, differential, log, and log backups then overlay them and provides you the exact restore point that you need at your chosen time down to a second.

Finally, you could also choose to have lower retention for your dev-test workloads if your compliance and business needs allow for it.

6) Move Long-Term Retention (LTR) data to the Archive Tier

As illustrated in the previous sections about all the best practices to save on backup costs, there’s a new effective way to reduce costs on your long-term retention (LTR) data using the new Azure Backup Vault Archive tier.

What is the Archive Tier and how does it work?

Since Azure Backup storage is built on top of Azure Blobs, if you are familiar with the access tiers for Azure Blob Storage – hot, cool, and archive, some of the characteristics of blobs manifest themselves in how it’s being used for backups. For example, the Archive tier being a super low-cost tier has high access costs when it comes to accessing the data. So we move data less frequently into the Archive tier compared to the Standard tier, thereby increasing the Recovery Point Objective (RPO).

Along similar lines, the Recovery Time Objective (RTO) is also higher for the Archive tier compared to the Standard tier. All of this is to ensure you have the option to pay less for the LTR data and hence the price is considerably cheaper.

A very important point to understand is that even though the Standard tier stores data as incremental for VM backups, they get converted into full backups when you move the data to the Archive tier. This provides a self-contained and secure recovery point, thereby removing any additional points of failure when you want to restore your critical data.

Let’s walk now through an example of an Azure VM that you want to protect using the Recovery Services vault, and see how much costs you can save by using the Archive tier. Please note that this will vary greatly based on the amount of data you have.

For example, as shown in the diagram below, you started protecting an Azure VM on the 1st of January 2020.

For the first backup, we take an application-consistent snapshot. The data from a snapshot is then moved to the Recovery Services vault as the First Full Copy. While the data transfer happens, you can still recover from the snapshot using the Azure Backup Instant Restore capability.

Vault Standard tier - First Full Copy
Vault Standard tier – First Full Copy

The next day, for the second backup, again we take an application-consistent snapshot. Inherently snapshots only store incremental data. This incremental data is then moved to the vault as the daily backup. As shown in the diagram below, I’ve chosen an example backup policy with 7 days of retention.

Please note that these daily backups could have different sizes depending on how many changes occur in the VM that you are protecting.

Vault Standard tier - Daily Backup for 7 days
Vault Standard tier – Daily Backup for 7 days

Fast forward to a month and the monthly backup is also taken as an incremental on the last backup, in this case, the previous day. Also, the daily backups get cleaned up based on the retention – 7 days in this example. So, at any point in time, you’ll see a maximum of 7 daily backups only.

Forward to the next month and you’ll see the previous month’s incremental backup now stores all the incremental changes over the last 1 month. This process continues with forever incremental.

Azure Backup Vault - Standard tier Incremental
Azure Backup Vault – Standard tier Incremental

As shown in the diagram below, you see a representation of all these monthly incremental backups. Since I chose 18 months retention as an example, you’ll see all the respective monthly backups and their potential sizes. Again, these sizes are completely based on how the data in your VM changes and hence it could have an unpredictable amount of differences between the different monthly backups.

Monthly Backup incremental for 18 months
Monthly Backup incremental for 18 months

Moving LTR Recovery Points to the Archive Tier

Let us now focus on the long-term retention (LTR) Recovery Points (RPs) to see how can we move them to the Archive tier.

First, we need to define an LTR policy for our Recovery Points as those that have spent at least 90 days in the Standard tier and have at least 180 days of retention left. Here’s where the new Archive tier becomes very helpful.

What this definition means is, first, the Recovery Point has crossed 90 days of age (old), second, it still has 180 days (6 months) left before it gets expired, then the Recovery Point becomes eligible to be moved to the Archive tier if both conditions are met.

At the time of this writing, the supported scope for the age and retention left for the Recovery Points are defined by Microsoft. In other words, we cannot move RPs to the Archive tier by reducing the value of the age and retention to lower than the currently supported values. Here are the officially supported workloads with their age and retention left (this might change in the future):

  • Azure virtual machines
    • Only monthly and yearly recovery points. Daily and weekly recovery points aren’t supported.
    • Age >= 3 months (90 days) in Vault-Standard Tier
    • Retention left >= 6 months (180 days)
    • No active daily and weekly dependencies
  • SQL Server in Azure virtual machines
    • Only full recovery points. Logs and differentials aren’t supported.
    • Age >= 45 days in Vault-Standard Tier
    • Retention left >= 6 months (180 days)
    • No dependencies

Please note that the long-term retention (LTR) data movement to the Archive Tier is under your full control and not automatically done by Microsoft.

Due to the low-cost nature of the Archive tier, you can reduce your costs considerably by moving your Recovery Points (RPs) to the Archive tier.

As shown in the top right corner of the diagram below, you can see the Total cost of what a sample bill looks like for standard storage usage ($22.4/month).

Total cost for Standard tier before moving to the Archive tier
Total cost for Standard tier before moving to the Archive tier

Before we move a Long-Term Retention (LTR) Recovery Point (RP) to the Archive tier, the RP is converted from an incremental to a synthetic full by stitching together the First Full Copy and all other subsequent incremental accruing to this RP. This ensures that once the data moves into the Archive tier, it is self-contained and does not have additional points of failure during restoration.

Let’s see how the total cost change when you move your backup data to the Archive tier.

As shown in the bottom half of the diagram below, the synthetic full backup is now moved to the Archive tier. When doing so, any unique incremental bits held on by the Recovery Point (RP) will be held by the next Recovery Point to maintain the incremental chain in the Standard tier.

Archive - Moving one synthetic full backup
Archive – Moving one synthetic full backup

Moving all your eligible LTR Recovery Points (RPs) to the Archive tier will convert them into full and independent copies. The retention for these RPs will be retained from what was set in the backup policy for the Standard tier. Any modifications to the existing policy will also apply to the RPs that were moved to the Archive tier.

Please note that moving data to the Archive tier may increase the total amount of backup data in GB because this tier is considerably cheaper, you will be able to save costs using the Archive tier. As shown in the top right corner of the diagram below, the Total cost sample bill has now changed to a lower value ($16.4/month) once you move your Recovery Points (RPs) to the Archive tier.

Reduce costs by moving all eligible LTR Recovery Points to the Archive tier
Reduce costs by moving all eligible LTR Recovery Points to the Archive tier

In the screenshot below, you can see an overview of the Azure Portal experience for moving all eligible recovery points to the vault archive tier for Azure IaaS VM, SQL Server, and SAP HANA in Azure Virtual Machines.

Azure Portal - Move Recovery points to archive
Azure Portal – Move Recovery points to the archive tier

That’s there you have it! Happy cost savings with Azure Backup!


In this article, I showed you how you can optimize your storage costs while using Azure Backup best practices, as well as using the new Vault-Archive tier to lower even further the costs for your long-term retention (LTR) data.

At the time of this writing, The Azure Backup Archive tier feature is generally available for SQL Server in Azure virtual machines and for Azure virtual machines in selected regions and will be slowly rolled out across other regions.

For the remaining regions, the feature will remain in limited public preview and you can sign up by filling out the preview interest form here. During the preview, you’ll be able to move your backup data of Azure IaaS VMs, SQL in Azure VMs, and Azure Database for PostgreSQL backups to the Archived tier.

The Archive tier feature is accessible through Azure PowerShell, Azure CLI, and the Azure portal, Microsoft has written some sample scripts to help you automate the archive tiering process. The support has been further extended through Azure Portal using a single click to move all the recommended archivable recovery points. Please refer to the following document for further details.

Last but not least, I want to thank Vishnu Charan, Senior Program Manager at the Microsoft Azure Backup team for his help and support in reviewing this article.

Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

Photo of author
About the Author
Charbel Nemnom
Charbel Nemnom is a Senior Cloud Architect, Swiss Certified ICT Security Expert, Certified Cloud Security Professional (CCSP), Certified Information Security Manager (CISM), Microsoft Most Valuable Professional (MVP), and Microsoft Certified Trainer (MCT). He has over 20 years of broad IT experience serving on and guiding technical teams to optimize the performance of mission-critical enterprise systems with extensive practical knowledge of complex systems build, network design, business continuity, and cloud security.

Related Posts


Getting Started with NFS v4.1 for Azure Files

This #SysAdmin Day, Win with @Hornetsecurity


Let me know what you think, or ask a question...

error: Alert: The content of this website is copyrighted from being plagiarized! You can copy from the \'Code Blocks\' in \'Black\' by selecting the Code. Thank You!