While preparing for the AZ-104: Microsoft Azure Administrator exam, many candidates struggle with Azure Backup eligibility and configuration. In the enterprise world, selecting which virtual machines can be backed up using Azure Recovery Services Vault often hinges on compliance with platform requirements versus operational simplicity. Let’s drill into a simulated migration scenario.
The Scenario #
Tailspin Electronics is a global manufacturing company moving parts of its legacy infrastructure to Azure. The IT operations team has set up a Recovery Services Vault named TailspinVault1 to protect critical workloads.
The current subscription contains the following Azure virtual machines:
| VM Name | OS Type | Disk Configuration | Region | Availability Set | Encryption |
|---|---|---|---|---|---|
| TM1 | Windows Server 2019 | Managed OS & Data Disks | East US | Yes | Azure Disk Encryption |
| TM2 | Linux Ubuntu 20.04 | Unmanaged Disks | East US 2 | No | None |
| TM3 | Windows Server 2016 | Managed Disks | West Europe | Yes | None |
| TM4 | Linux CentOS 7 | Managed Disks | East US | No | Azure Disk Encryption |
Backups are planned to run daily at 23:00.
Key Requirements #
Which virtual machines can be backed up using Azure Backup policies configured in the TailspinVault1 Recovery Services Vault?
The Options: #
- A) TM1 and TM3 only
- B) TM1, TM2, TM3, and TM4
- C) TM1 and TM2 only
- D) TM1 only
Correct Answer #
A) TM1 and TM3 only.
The Architect’s Analysis #
Correct Answer #
Option A: TM1 and TM3 only
Step-by-Step Winning Logic #
Azure Backup for IaaS VMs only supports VMs with managed disks or specially configured unmanaged disks, depending on region and OS compatibility. Both TM1 and TM3 use managed disks, supported OS versions, and reside in regions served by the Recovery Services Vault (East US and West Europe respectively). TM1 also has Azure Disk Encryption, which is supported.
- TM2 uses unmanaged disks, which are not supported by Azure Backup directly.
- TM4, although on managed disks, runs Linux with disk encryption enabled, which depending on configuration, can interfere with the backup snapshot process if Azure Disk Encryption is not fully compatible or enabled correctly for backup.
This aligns with the Reliability pillar of Microsoft’s Well-Architected Framework by ensuring backups happen consistently without failures.
The Traps (Distractor Analysis) #
- Why not B? Not all VMs with unmanaged disks or incompatible encryption are supported — TM2 and TM4 are invalid.
- Why not C? TM3 uses managed disks and is eligible; excluding it overlooks important eligibility criteria.
- Why not D? TM3 is also eligible and should be included.
The Architect Blueprint #
Diagram illustrating VM backup eligibility flow:
Diagram Note: Backup requests flow to the Recovery Services Vault only for VMs that meet disk and encryption support requirements.
The Decision Matrix #
| Option | Est. Complexity | Est. Monthly Cost | Pros | Cons |
|---|---|---|---|---|
| A | Low | Moderate | Supports latest Azure Backup features; managed disks; meets compliance | Limited to VMs with managed disks and supported OS/encryption |
| B | High | High | Attempts to back up all VMs regardless | Unsupported unmanaged disks cause backup failures or policy violations |
| C | Moderate | Moderate | Includes some Linux VMs | Excludes valid Windows VM TM3 |
| D | Very Low | Low | Simple; backs up only a single VM | Overly restrictive; misses backup coverage |
Real-World Practitioner Insight #
Exam Rule #
“For the AZ-104 exam, when configuring Azure Backup, always select VMs with managed disks and supported OS versions for backup eligibility.”
Real World #
“In enterprise migrations, many legacy VMs use unmanaged disks or have encryption settings incompatible with Azure Backup. It’s vital to redesign storage to managed disks and adjust encryption policies prior to backup enablement, preserving governance and operational excellence.”