Automatically backup Azure resources to an Azure Storage Account in JSON

  • last updated: Mon, 12 Sep 2022 07:07:30

In this quick blog post I will explain a way how to backup Azure resources and how to restore them with PowerShell, in JSON format, to an Azure Storage Account which is “deployment ready”.

Main idea

The main idea is to export the resource configuration into a JSON file, with the parameters included. In case of emergency or when you like to setup the same resource to an another resourcegroup or subscription the JSON file can be download and deployed.

Backup Azure Resources

Before creating backups we need a backup location. Of course the file can be stored at every place you like. I’m using an Azure Storage Account. Because I like to have my backups all at the same place I will put all the resources into the same Storage Account. I recommend using low costs storage with Cool access tier and Standard performance. (in this example it is Hot)

In this case I am using a Network Security Group (NSG) for example. First I will check if there is already a container for this resource type, if not it will be created.

image-13 The next step is creating a JSON output for each NSG. The -IncludeParameterDefaultValue switch in the Export-AzResourceGroup PowerShell command will take care of the resource specific parameters. Without this switch only an empty ARM template will be returned. So you better be use it :).

The export automatically download the file into the current folder where the script is at. Next I will create a blobname (filename at the storage account). The last step is to upload the file to the storage account. This can be achieved by executing the Set-AzStorageBlobContent command.

$Resources = Get-AzNetworkSecurityGroup
if ($Resources) {
    $StorageAccount = get-AzStorageAccount | ? { $_.StorageAccountName -eq "satestsrbackup" }
    $ContainerName = ($Resources.Id).Split("/")[-2].ToLower()
    $StorageAccountContainer = $StorageAccount | Get-AzStorageContainer | Where { $_.Name -match $ContainerName }
    if ($null -eq $StorageAccountContainer){
        $StorageAccount | New-AzStorageContainer $ContainerName.ToLower()
    foreach ($Resource in $Resources) {
        $BlobName = $($Resource).Name + ".json"
        $Export = $Resource | Export-AzResourceGroup -IncludeParameterDefaultValue -Force
        Set-AzStorageBlobContent -File $Export.Path -Container $ContainerName -Blob $BlobName  -Context $StorageAccount.context -Force

image-14 image-15 image-16


When a restore is needed just download the file from the storage account and use it as input for the New-AzResourceGroupDeployment command.

New-AzResourceGroupDeployment -TemplateParameterFile [file]

Now you are able to backup Azure resources and to restore them fully automatically.

Thank you for reading my blog automatically backup azure resources to an azure storage account in json.
I hope you got a bit inspired. Enjoy your day and happy automating 👋

comments powered by Disqus

Related Posts

Disaster recovery plan for Azure Key Vault using tags, PowerShell and Azure Function

By default the Azure Key Vault has softdelete enabled with a 90 day retention. This option will protect Key Vault items when deleted by accident. When deleted you are able to restore that item through the portal or PowerShell.

Read more

Enable Screen Capture Protection for Azure Virtual Desktop Automated

Working remotely has a lot of advantages like less travel time, more focus to work (when the house is not full of kids :)), which contributes to working efficiently.

Read more

How to use Key Vault ARM templates and deal with sensitive parameters

At October 14, 2020 Mircosoft announced the public preview of ARM templates for adding secrets to Azure Key Vault. In this article I will explain a way how to use these templates.

Read more