In my previous article, I talked about Trusted Launch VM and why should we use it. In continuation to the same topic I explain how we can use enhanced policy to backup a virtual machine that has trusted launch enabled. Microsoft now lets you use Enhanced policy to configure Multiple Backups Per Day and back up Trusted Launch VMs with Azure Backup service.

Enhanced policy provides the following features:

  • Supports Multiple Backups Per Day (in preview).
  • Instant Restore tier is zonally redundant using Zone-redundant storage (ZRS) resiliency. 

How to create an Enhanced policy and configure VM backup?

Follow these steps:

  1. In the Azure portal, select a Recovery Services vault to back up the VM.
  2. Under Backup, select Backup Policies.

Select Enhanced policy option while creating new policy

Current status and limitations for enhanced policy

  • The support for Enhanced policy is available in all Azure public regions, and not in US Sovereign regions.
  • We support Enhanced policy configuration through Recovery Services vault and VM Manage blade only. Configuration through Backup center is currently not supported.
  • For hourly backups, the last backup of the day is transferred to vault. If backup fails, the first backup of the next day is transferred to vault.
  • Enhanced policy is only available to unprotected VMs that are new to Azure Backup. Note that Azure VMs that are protected with existing policy can’t be moved to Enhanced policy.
  • Back up an Azure VM with disks that has public network access disabled is not supported.
  • Enhanced policy currently doesn’t support protecting Ultra SSD.
  • Default policy will not support protecting newer Azure offerings, such as Trusted Launch VM, Ultra SSD, Shared disk, and Confidential Azure VMs.