Azure Backup File Restore

Using Microsoft Azure Recovery Services (MARS) Client to verify file restore.

Relevance

Last Review: February 4, 2021

Product(s): Azure, Windows Server

Author(s): Cameron Smith

Delta

A cyberist created this article using the patented Delta Method by modernizing a typical approach.

Summary

Backup is one of the most fallible technologies that is rarely tested with the false sense of security from completion alerts or logs.

A common malicious tactic is configuring the back jobs to run without any folders or files checked for backup, then deploying ransomware after a month with no ability to recover.

Outside of normal operations, restore should be scheduled quarterly to verify the data is available and not corrupt.

Requirements

  • Microsoft Azure Recovery Services (MARS) Client.
  • Administrator access to the server where the MARS client is installed.
  • Azure backup administrator credentials for troubleshooting.
  • Completed backup jobs with no warnings that cover the desired restore point date.
  • DO NOT overwrite current data with old files or forget to unmount the restore job which will prevent backup jobs from running.
  • 15-30 minutes to complete, depending on the amount of data.

Steps

  1. Launch the MARS client on the server.
  2. From the Actions menu in the top right, select Recover Data.
  3. Select which server to restore data from and click Next.
  4. Select the type of data like files, database, or system state to recover and click Next.
  5. Select the volume that contains the data to restore.
  6. Select the date and time of the backup to restore from and click Mount.
  7. Click Browse and navigate to the fodders/files to restore.
  8. Copy the data to restore and move it the desired area on the network and Unmount the backup volume.

Follow-up

Access the restored data to ensure that it is available to users with security permissions.

Permissions must be verified and may need to be updated if restore with permissions was not checked.

If files cannot be restored, settings must be verified on the Azure Portal and the MARS client may need to be reinstalled or reconfigured.