MicrosoftDocs
diff --git a/‎articles/backup/backup-azure-auto-enable-backup.md
Lines changed: 52 additions & 0 deletions b/‎articles/backup/backup-azure-auto-enable-backup.md
Lines changed: 52 additions & 0 deletions
diff --git a/‎articles/backup/backup-azure-policy-supported-skus.md
Lines changed: 86 additions & 0 deletions b/‎articles/backup/backup-azure-policy-supported-skus.md
Lines changed: 86 additions & 0 deletions
diff --git a/‎articles/backup/media/backup-azure-auto-enable-backup/policy-assignment-basics.png
39.4 KB b/‎articles/backup/media/backup-azure-auto-enable-backup/policy-assignment-basics.png
39.4 KB
diff --git a/‎articles/backup/media/backup-azure-auto-enable-backup/policy-assignment-parameters.png
33.6 KB b/‎articles/backup/media/backup-azure-auto-enable-backup/policy-assignment-parameters.png
33.6 KB
diff --git a/‎articles/backup/media/backup-azure-auto-enable-backup/policy-dashboard.png
37 KB b/‎articles/backup/media/backup-azure-auto-enable-backup/policy-dashboard.png
37 KB
diff --git a/‎articles/backup/media/backup-azure-auto-enable-backup/policy-definition-blade.png
118 KB b/‎articles/backup/media/backup-azure-auto-enable-backup/policy-definition-blade.png
118 KB
diff --git a/‎articles/backup/toc.yml
Lines changed: 7 additions & 1 deletion b/‎articles/backup/toc.yml
Lines changed: 7 additions & 1 deletion
@@ -0,0 +1,52 @@
+---
+title: Auto-Enable Backup on VM Creation using Azure Policy
+description: 'An article describing how to use Azure Policy to auto-enable backup for all VMs created in a given scope'
+ms.topic: conceptual
+ms.date: 11/08/2019
+---
+
+# Auto-Enable Backup on VM Creation using Azure Policy
+
+One of the key responsibilities of a Backup or Compliance Admin in an organization is to ensure that all business-critical machines are backed up with the appropriate retention.
+
+Today, Azure Backup provides a built-in policy (using Azure Policy) that can be assigned to **all Azure VMs in a specified location within a subscription or resource group**. When this policy is assigned to a given scope, all new VMs created in that scope are automatically configured for backup to an **existing vault in the same location and subscription**. The user can specify the vault and the retention policy to which the backed up VMs should be associated.
+
+## Supported Scenarios 
+
+* The built-in policy is currently supported only for Azure VMs. Users must take care to ensure that the retention policy specified during assignment is a VM retention policy. Refer to [this](https://aka.ms/PolicySupportedSKUs) document to see all the VM SKUs supported by this policy.
+
+* The policy can be assigned to a single location and subscription at a time. To enable backup for VMs across locations and subscriptions, multiple instances of the policy assignment need to be created, one for each combination of location and subscription.
+
+* The specified vault and the VMs configured for backup can be under different resource groups.
+
+* Management Group scope is currently unsupported.
+
+## Using the built-in policy
+
+To assign the policy to the required scope, please follow the below steps:
+
+1. Sign in to the Azure Portal and navigate to the **Policy** Dashboard.
+2. Select **Definitions** in the left menu to get a list of all built-in policies across Azure Resources.
+3. Filter the list for **Category=Backup**. You will see the list filtered down to a single policy named 'Configure backup on VMs of a location to an existing central Vault in the same location'.
+![Policy Dashboard](./media/backup-azure-auto-enable-backup/policy-dashboard.png)
+4. Click on the name of the policy. You will be redirected to the detailed definition for this policy.
+![Policy Definition Blade](./media/backup-azure-auto-enable-backup/policy-definition-blade.png)
+5. Click on the **Assign** button at the top of the blade. This redirects you to the **Assign Policy** blade.
+6. Under **Basics**, click on the three dots next to the **Scope** field. This opens up a right context blade where you can select the subscription for the policy to be applied on. You can also optionally select a resource group, so that the policy is applied only for VMs in a particular resource group.
+![Policy Assignment Basics](./media/backup-azure-auto-enable-backup/policy-assignment-basics.png)
+7. In the **Parameters** tab, choose a location from the drop-down, and select the vault and backup policy to which the VMs in the scope must be associated.
+![Policy Assignment Parameters](./media/backup-azure-auto-enable-backup/policy-assignment-parameters.png)
+8. Ensure that **Effect** is set to deployIfNotExists.
+9. Navigate to **Review+create** and click **Create**.
+
+> [!NOTE]
+>
+> Azure Policy can also be used on existing VMs, using [remediation](https://docs.microsoft.com/azure/governance/policy/how-to/remediate-resources).
+
+> [!NOTE]
+>
+> It is recommended that this policy is not assigned to more than 200 VMs at a time. If the policy is assigned to more than 200 VMs, it can result in the backup getting triggered a few hours later than that specified by the schedule.
+
+## Next Steps
+
+[Learn more about Azure Policy](https://docs.microsoft.com/azure/governance/policy/overview)
@@ -0,0 +1,86 @@
+---
+title: Supported VM SKUs for Azure Policy
+description: 'An article describing the supported VM SKUs (by Publisher, Image Offer and Image SKU) which are supported for the built-in Azure Policies provided by Backup'
+ms.topic: conceptual
+ms.date: 11/08/2019
+---
+
+# Supported VM SKUs for Azure Policy
+
+Azure Backup provides a built-in policy (using Azure Policy) that can be assigned to **all Azure VMs in a specified location within a subscription or resource group**. When this policy is assigned to a given scope, all new VMs created in that scope are automatically configured for backup to an **existing vault in the same location and subscription**. The table below lists all the VM SKUs supported by this policy.
+
+### **Supported VMs**
+
+**Policy Name:** Configure backup on VMs of a location to an existing central vault in the same location
+
+Image Publisher | Image Offer | Image SKU
+--- | --- | ---
+MicrosoftWindowsServer | WindowsServer | Windows Server 2008 R2 SP1 (2008-R2-SP1)
+MicrosoftWindowsServer | WindowsServer | [smalldisk] Windows Server 2008 R2 SP (2008-R2-SP1-smalldisk)
+MicrosoftWindowsServer | WindowsServer | Windows Server 2012 Datacenter (2012-Datacenter)
+MicrosoftWindowsServer | WindowsServer | [smalldisk] Windows Server 2012 Datacenter (2012-Datacenter-smalldisk)
+MicrosoftWindowsServer | WindowsServer | Windows Server 2012 R2 Datacenter (2012-R2-Datacenter)
+MicrosoftWindowsServer | WindowsServer | [smalldisk] Windows Server 2012 R2 Datacenter (2012-R2-Datacenter-smalldisk)
+MicrosoftWindowsServer | WindowsServer | Windows Server 2016 Datacenter (2016-Datacenter)
+MicrosoftWindowsServer | WindowsServer | Windows Server 2016 Datacenter - Server Core (2016-Datacenter-Server-Core)
+MicrosoftWindowsServer | WindowsServer | [smalldisk] Windows Server 2016 Datacenter - Server Core (2016-Datacenter-Server-Core-smalldisk)
+MicrosoftWindowsServer | WindowsServer | [smalldisk] Windows Server 2016 Datacenter (2016-Datacenter-smalldisk)
+MicrosoftWindowsServer | WindowsServer | Windows Server 2019 Datacenter Server Core with Containers (2016-Datacenter-with-Containers)
+MicrosoftWindowsServer | WindowsServer | Windows Server 2016 Remote Desktop Session Host 2016 (2016-Datacenter-with-RDSH)
+MicrosoftWindowsServer | WindowsServer | Windows Server 2019 Datacenter (2019-Datacenter)
+MicrosoftWindowsServer | WindowsServer | Windows Server 2019 Datacenter Server Core (2019-Datacenter-Core)
+MicrosoftWindowsServer | WindowsServer | [smalldisk] Windows Server 2019 Datacenter Server Core (2019-Datacenter-Core-smalldisk)
+MicrosoftWindowsServer | WindowsServer | Windows Server 2019 Datacenter Server Core with Containers (2019-Datacenter-Core-with-Containers)
+MicrosoftWindowsServer | WindowsServer | [smalldisk] Windows Server 2019 Datacenter Server Core with Containers (2019-Datacenter-Core-with-Containers-smalldisk)
+MicrosoftWindowsServer | WindowsServer | [smalldisk] Windows Server 2019 Datacenter (2019-Datacenter-smalldisk)
+MicrosoftWindowsServer | WindowsServer | Windows Server 2019 Datacenter with Containers (2019-Datacenter-with-Containers)
+MicrosoftWindowsServer | WindowsServer | [smalldisk] Windows Server 2019 Datacenter with Containers (2019-Datacenter-with-Containers-smalldisk)
+MicrosoftWindowsServer | WindowsServer | Windows Server 2019 Datacenter (zh-cn) (2019-Datacenter-zhcn)
+MicrosoftWindowsServer | WindowsServerSemiAnnual | Datacenter-Core-1709-smalldisk
+MicrosoftWindowsServer | WindowsServerSemiAnnual | Datacenter-Core-1709-with-Containers-smalldisk
+MicrosoftWindowsServer | WindowsServerSemiAnnual | Datacenter-Core-1803-with-Containers-smalldisk
+MicrosoftWindowsServerHPCPack | WindowsServerHPCPack | All Image SKUs
+MicrosoftSQLServer | SQL2016SP1-WS2016 | All Image SKUs
+MicrosoftSQLServer | SQL2016-WS2016	 | All Image SKUs
+MicrosoftSQLServer | SQL2016SP1-WS2016-BYOL | All Image SKUs
+MicrosoftSQLServer | SQL2012SP3-WS2012R2 | All Image SKUs
+MicrosoftSQLServer | SQL2016-WS2012R2 | All Image SKUs
+MicrosoftSQLServer | SQL2014SP2-WS2012R2 | All Image SKUs
+MicrosoftSQLServer | SQL2012SP3-WS2012R2-BYOL | All Image SKUs
+MicrosoftSQLServer | SQL2014SP1-WS2012R2-BYOL | All Image SKUs
+MicrosoftSQLServer | SQL2014SP2-WS2012R2-BYOL | All Image SKUs
+MicrosoftSQLServer | SQL2016-WS2012R2-BYOL | All Image SKUs
+MicrosoftRServer | MLServer-WS2016 | All Image SKUs
+MicrosoftVisualStudio | VisualStudio | All Image SKUs
+MicrosoftVisualStudio | Windows	| All Image SKUs
+MicrosoftDynamicsAX | Dynamics	| Pre-Req-AX7-Onebox-U8
+microsoft-ads | windows-data-science-vm	| All Image SKUs
+MicrosoftWindowsDesktop | Windows-10 | All Image SKUs
+RedHat | RHEL | 6.7, 6.8, 6.9, 6.10, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7
+RedHat | RHEL-SAP-HANA | 6.7, 7.2, 7.3
+SUSE | SLES | 12.X
+SUSE | SLES-HPC | 12.X
+SUSE | SLES-HPC-Priority | 12.X
+SUSE | SLES-SAP | 12.X
+SUSE | SLES-SAP-BYOS | 12.X
+SUSE | SLES-Priority | 12.X
+SUSE | SLES-BYOS | 12.X
+SUSE | SLES-SAPCAL | 12.X
+SUSE | SLES-Standard | 12.X
+Canonical | UbuntuServer | 14.04.0-LTS
+Canonical | UbuntuServer | 14.04.1-LTS
+Canonical | UbuntuServer | 14.04.2-LTS
+Canonical | UbuntuServer | 14.04.3-LTS
+Canonical | UbuntuServer | 14.04.4-LTS
+Canonical | UbuntuServer | 14.04.5-DAILY-LTS
+Canonical | UbuntuServer | 14.04.5-LTS
+Canonical | UbuntuServer | 16.04-DAILY-LTS
+Canonical | UbuntuServer | 16.04-LTS
+Canonical | UbuntuServer | 16.04.0-LTS
+Canonical | UbuntuServer | 18.04-DAILY-LTS
+Canonical | UbuntuServer | 18.04-LTS
+Oracle | Oracle-Linux | 6.8, 6.9, 6.10, 7.3, 7.4, 7.5, 7.6
+OpenLogic | CentOS | 6.X, 7.X
+OpenLogic | CentOS–LVM | 6.X, 7.X
+OpenLogic | CentOS–SRIOV | 6.X, 7.X
+cloudera | cloudera-centos-os | 7.X
@@ -56,6 +56,8 @@
       href: backup-support-matrix-mars-agent.md
     - name: SAP HANA Backup support matrix
       href: sap-hana-backup-support-matrix.md
+    - name: Supported VM SKUs for Azure Policy  
+      href: backup-azure-policy-supported-skus.md
   - name: Security
     items:
     - name: Role-Based Access Control
@@ -174,6 +176,10 @@
         href: backup-azure-vms-encryption.md
       - name: Restore keys and secret for encrypted VMs
         href: backup-azure-restore-key-secret.md
+  - name: Built-in Azure Policy for Azure Backup
+    items:
+    - name: Auto-Enable Backup on VM Creation using Azure Policy
+      href: backup-azure-auto-enable-backup.md
   - name: Diagnostics Events for Recovery Services Vaults
     items:
     - name: Using Diagnostics Settings for Recovery Services Vaults
@@ -323,4 +329,4 @@
   - name: Service updates
     href: https://azure.microsoft.com/updates/?product=backup
   - name: Videos
-    href: https://azure.microsoft.com/documentation/videos/index/?services=backup
+    href: https://azure.microsoft.com/documentation/videos/index/?services=backup