Backup Your Data With Microsoft Azure Backup

Speakers: Saurabh Sensharma & Shivam Garg

Saurabh starts. He shows a real ransomware email. The ransom was 1.7 bitcoins for 1 PC or 29 bitcoins for all PCs. Part of the process to restore was to send files to the attacker to prove decryption works. The two files the customer sent contained customer data! Stuff like this has GDPR implications, brand, etc.

Secure Backup is Your Last Line of Defense

Azure Backup – a built-in service. Lower and predictable TCO. Can be zero-infrastructure. And it offers trust-no-one encryption and secure backups.

Shivam comes up. He’s going to play the role of the customer in this session.

Question: Backup is decades old – what has changed?

Digital transformation. People using the cloud to transform on-prem IT, even if it stays on-prem.

Shivam: Backup should be like a checkbox. Customers want a seamless experience. Backup should not be a distraction.

Azure Backup releases you from the management of a backup infrastructure. Azure Backup is built on:

  • Scalability
  • Availability
  • Resilience

Shivam: What does this “built-in” mean if I have a three-tier .Net app running in the cloud?

We see a demo of restoring a SQL Server database in an Azure VM. We see the point-in-time restore will be an option because there are log backups. Saurabh shows the process to backup SQL Server in Azure VMs. He highlights “auto-protect” – if the instance is being protected then all the databases (even new ones that are created later) are backed up.

Saurabh demos creating a new VM. He highlights the option to enable backup during the VM creation – something many didn’t know was possible when this option wasn’t in the VM creation process. VMs are backed up using a snapshot in local storage. 7 of those are kept, and the incremental is sent to the recovery services vault. If you want to restore from a recent backup, you can restore very quickly from the snapshot.

A new restore option is coming soon – Replace Existing (virtual machine). They place the existing disks of the VM into a staging location – this gives them a rollback if something goes wrong. Then the disks of the VM are replaced from backup. So this solves the availability set issue.

Under the Covers – SQL

Anything that has a native backup engine is referred to as enlightened. Azure Backup talks to the SQL Backup Engine using native APIs via Azure Backup plugin for SQL (VM extension). They ask SQL Backup Engine to create the backup APIs. Data is temporarily stored in VM storage. And then there is a HTTPS transfer using incremental backups to the RSV where they are encrypted at rest using SSE.

It’s all built-in. No manual agents, no backup servers, etc.

Non-Enlightened VM Workloads

E.g. MySQL in a VM. Azure Backup can call a pre-script. This can instruct MySQL to freeze transactions to disk. When you recover, there’s no need to do a fixup. A snapshot of the disks is taken, enabling a backup. And then a post-script is called and the database is thawed. Application providers typically share these on GitHub.

VM Backup

An extension is in every Azure VM. The extension associates itself to a backup policy that you select in the RSV. A command is sent to the backup extension. This executes a snapshot (VSS for Windows). It’s an Instant Recovery Snapshot in the VM storage. A HTTPS transfer to SSE storage as incremental blocks.

Azure Disk Encryption

KEK and BEK keys are stored in Azure Keyvault. These are also protected when you backup the VM. This ensures that the files can be unlocked when restored.

Up to 1000 VMs can be protected in a single RSV now.

Azure VM Restore

VM restore options:

  • Files
  • Disks
  • VM
  • Replace Disks

Replace Disks (new):

  1. They snapshot copy the VMs disks to a staging location. This allows roll backup if the process is broken.
  2. They replace the disks by restore.

This (confirmed) is how restoring a VM will allow you to keep availability set membership.

Azure File Sync

The MS sync/tiering solution. Everything is stored in the cloud. So you can move on-prem backup for file servers to the cloud. Demo of deleting a file and restoring it. Saurabh clicks Manage Backups in the Azure File Share and clicks File Recovery and goes through the process.

When the backup API triggers a backup of Files, it pauses sync to create a snapshot. After the snapshot, the sync resumes. Now they have a means to a file consistent backup.

On-Prem Resources

There is no Azure File Sync in this scenario, but they want to use cloud backup without a backup server. This scenario is Azure Backup MARS agent with Windows Admin Center. A demo of enabling Azure Backup protection via the WAC.

Deleting Backup

  1. Malware cannot delete your backups because this task requires you to manually generate a PIN in the Azure Portal (human authentication)
  2. If a human maliciously deletes a backup, Azure Backup retains backups for 14 days. And it will send an email to the registered notification address(es).


  • Security PIN for critical tasks
  • Azure Disk Encryption support
  • SSE encryption with TLS 1.2
  • RBAC for roles
  • Alerts in the portal and via notifications
  • On-server encryption (on-prem) before transport to Azure

Rich Management


  • What’s my storage consumption?
  • Are my backups healthy?
  • Can I get insights by looking at trends?

This is the sort of stuff that normally requires a lot of on-prem infrastructure. Azure leverages Azure features, such as a Storage Account. No infrastructure, enterprise-wide, and it uses an open data model (published online on that anyone can use (Kusto, etc). You can also integrate with Service Manager, ServiceNow, and more (ITSM).

Custom reports.

And ….. cross-tenant support! Yay! This is a big deal for partners. It’s a PowerBI solution. It’s a content pack that you can import. It ingests Azure reporting data from a storage account.

Once you set this up, it takes up to 24 hours to get data moving, and then it’s real-time after that.


Cloud resources:

  • Azure VM abckup – Standard SSD, resource improvements, 16+ disks, cross-region support
  • Azure Files Backup: Premium Files, 5 TB+ shares, ACL, secondary backups.
  • Workloads: SAP Hana, SQL in Azure VM GA.

Availability Zones:

  • ZRS
  • Recovery from cross-zone backups

And more that I couldn’t grab in time.

(SOLUTION) Azure File Sync–Tiering & Synchronisation Won’t Work

I recently had a problem where I could not get Azure File Sync (AFS) to work correctly for me. The two issues I had were:

  • I could not synchronise a share to a new file server (new office or disaster recovery) when I set the new server endpoint to be tiered.
  • When I enabled tiering to an existing server endpoint, the cloud tiering never occurred.

I ran FileSyncErrorsReport.ps1 from the sync agent installation folder. The error summary was:

0x80c80203 – There was a problem transferring a file but sync will try again later

Each file in the share had an additional message of:

0x80c80203 There was a problem transferring a file but sync will try again later.

Both problems seemed to indicate that there was an issue with tiering. I suspected that an old bug from the preview v2.3 sync agent had returned – I was wrong because it was something different. I decided to disable tiering on a new server endpoint that wasn’t synchronising – and the folder started to synchronise.

When this sort of thing happens in AFS, you suspect that there’s a problem with the storagesync filter, which you can investigate using fltmc.exe. I reached out to the AFS product group and they investigated over two nights (time zone differences). Eventually the logs identified the problem.

In my lab, I deployed 3 file servers as Hyper-V virtual machines. Each machine had Dynamic Memory enabled:

  • Startup Memory: 1024MB
  • Minimum Memory: 512MB
  • Maximum Memory: 4096MB

This means that each machine has access to up to 4 GB RAM. The host was far from contended so there should not have been an issue. But it turns out, there was an issue. The AfsDiag traces that I created showed that one of the machines had only 592 MB RAM free of 1907 MB free… remember that’s RAM free from the currently assigned RAM, not from the possible maximum RAM.

The storagesync filter requires more than that – the release notes for the sync agent that that the agent requires 2 GB of RAM. The team asked me to modify the dynamic memory settings of one of the file servers as follows to test. Shut down the VM and modified the memory settings to:

  • Startup Memory: 2048MB
  • Minimum Memory: 2048MB
  • Maximum Memory: 4096MB

I started up the VM and things immediately started to work as expected. The new server endpoints populated with files and the tiered endpoints started replacing cold files with reparse pointers to the cloud replicas.

The above settings might not work for you. Remember that the storage sync agent requires 2 GB RAM. Your settings might require more RAM. You’ll have to tune things specifically to your file server, particularly if you are using Dynamic Memory; tt might be worth exploring the memory buffer setting to ensure that there’s always enough free RAM for the sync agent, e.g. if the VM is set up as above set the buffer to 50% to add an extra 1 GB to the startup amount.

Thanks to Will, Manish, and Jeff in the AFS team for their help in getting to the bottom of this.

Video–Azure File Sync

I’ve produced and shared a short video (12:33 minutes) to explain what Azure File Sync is, what it will do for you, and there’s a quick demo at the end. If you want to:

  • Synchronise file shares between offices
  • Fix problems with full file servers by using tiered storage in the cloud
  • Use online backup
  • Get a DR solution for file servers, e.g. small business or branch office

… then Azure File Sync is for you!

Was This Post Useful?

If you found this information useful, then imagine what 2 days of training might mean to you. I’m delivering a 2-day course in Amsterdam on April 19-20, teaching newbies and experienced Azure admins about Azure Infrastructure. There’ll be lots of in-depth information, covering the foundations, best practices, troubleshooting, and advanced configurations. You can learn more here.

Windows Server 2019 Announced for H2 2018

Last night, Microsoft announced that Windows Server 2019 would be released, generally available, in the second half of 2018. I suspect that the big bash will be Ignite in Orlando at the end of September, possibly with a release that week, but maybe in October – that’s been the pattern lately.


Microsoft is referring to WS2019 as a “long term servicing channel release”. When Microsoft started the semi-annual channel, a Server Core build of Windows Server released every 6 months to Software Assurance customers that opt into the program, they promised that the normal builds would continue every 3 years. These LTSC releases would be approximately the sum of the previous semi-annual channel releases plus whatever new stuff they cooked up before the launch.

First, let’s kill some myths that I know are being spread by “someone I know that’s connected to Microsoft” … it’s always “someone I know” that is “connected to Microsoft” and it’s always BS:

  • The GUI is not dead. The semi-annual channel release is Server Core, but Nano is containers only since last year, and the GUI is an essential element of the LTSC.
  • This is not the last LTSC release. Microsoft views (and recommends) LTSC for non-cloud-optimised application workloads such as SQL Server.
  • No – Windows Server is not dead. Yes, Azure plays a huge role in the future, but Azure Stack and Azure are both powered by Windows, and hundreds of thousands, if not millions, of companies still are powered by Windows Server.

Let’s talk features now …

I’m not sure what’s NDA and what is not, so I’m going to stick with what Microsoft has publicly discussed. Sorry!

Project Honolulu

For those of you who don’t keep up with the tech news (that’s most IT people), then Project Honolulu is a huge effort by MS to replace the Remote Server Administration Toolkit (RSAT) that you might know as “Administrative Tools” on Windows Server or on an admin PC. These ancient tools were built on MMC.EXE, which was deprecated with the release of W2008!

Honolulu is a whole new toolset built on HTML5 for today and the future. It’s not finished – being built with cloud practices, it never will be – but but’s getting there!

Hybrid Scenarios

Don’t share this secret with anyone … Microsoft wants more people to use Azure. Shh!

Some of the features we (at work) see people adopt first in the cloud are the hybrid services, such as Azure Backup (cloud or hybrid cloud backup), Azure Site Recovery (disaster recovery), and soon I think Azure File Sync (seamless tiered storage for file servers) will be a hot item. Microsoft wants it to be easier for customers to use these services, so they will be baked into Project Honolulu. I think that’s a good idea, but I hope it’s not a repeat of what was done with WS2016 Essentials.

ASR needs more than just “replicate me to the cloud” enabled on the server; that’s the easy part of the deployment that I teach in the first couple of hours in a 2-day ASR class. The real magic is building a DR site, knowing what can be replicated and what cannot (see domain controllers & USN rollback, clustered/replicating databases & getting fired), orchestration, automation, and how to access things after a failover.

Backup is pretty easy, especially if it’s just MARS. I’d like MARS to add backup-to-local storage so it could completely replace Windows Server Backup. For companies with Hyper-V, there’s more to be done with Azure Backup Server (MABS) than just download an installer.

Azure File Sync also requires some thought and planning, but if they can come up with some magic, I’m all for it!


In Hyper-V:

  • Linux will be supported with Shielded VMs.
  • VMConnect supported is being added to Shielded VMs for support reasons – it’s hard to fix a VM if you cannot log into it via “console” access.
  • Encrypted Network Segments can be turned on with a “flip of a switch” for secure comms – that could be interesting in Azure!

Windows Defender ATP (Advanced Threat Protection) is a Windows 10 Enterprise feature that’s coming to WS2019 to help stop zero-day threats.


The big bet on Containers continues:

  • The Server Core base image will be reduced from 5GB by (they hope) 72% to speed up deployment time of new instances/apps.
  • Kubernetes orchestration will be natively supported – the container orchestrator that orginated in Google appears to be the industry winner versus Docker and Mesos.

In the heterogeneous world, Linux admins will be getting Windows Subsystem on Linux (WSL) for a unified scripting/admin experience.

Hyper-Converged Infrastructure (HCI)

Storage Spaces Direct (S2D) has been improved and more changes will be coming to mature the platform in WS2019. In case you don’t know, S2D is a way to use local (internal) disks in 2+ (preferably 4+) Hyper-V hosts across a high speed network (virtual SAS bus) to create a single cluster with fault tolerance at the storage and server levels. By using internal disks, they can use cheaper SATA disks, as well as new flash formats don’t natively don’t support sharing, such as NVME.

The platform is maturing in WS2019, and Project Honolulu will add a new day-to-day management UI for S2D that is natively lacking in WS2016.

The Pricing

As usual, I will not be answering any licensing/pricing questions. Talk to the people you pay to answer those questions, i.e. the reseller or distributor that you buy from.

OK; let’s get to the messy stuff. Nothing has been announced other than:

It is highly likely we will increase pricing for Windows Server Client Access Licensing (CAL). We will provide more details when available.

So it appears that User CALs will increase in pricing. That is probably good news for anyone licensing Windows Server via processor (don’t confuse this with Core licensing).

When you acquire Windows Server through volume licensing, you pay for every pair of cores in a server (with a minimum of 16, which matched the pricing of WS2012 R2), PLUS you buy User CALs for every user authenticating against the server(s).

When you acquire Windows Server via Azure or through a hosting/leasing (SPLA) program, you pay for Windows Server based only on how many cores that the machine has. For example, when I run an Azure virtual machine with Windows Server, the per-minute cost of the VM includes the cost of Windows Server, and I do not need any Windows Server CALs to use it (RDS is a different matter).

If CALs are going up in price, then it’s probably good news for SPLA (hosting/leasing) resellers (hosting companies) and Azure where Server CALs are not a factor.

The Bits

So you want to play with WS2019? The first preview build (17623) is available as of last night through the Windows Server Insider Preview program. Anyone can sign up.


Would You Like To Learn About Azure Infrastructure?

If you found this information useful, then imagine what 2 days of training might mean to you. I’m delivering a 2-day course in Amsterdam on April 19-20, teaching newbies and experienced Azure admins about Azure Infrastructure. There’ll be lots of in-depth information, covering the foundations, best practices, troubleshooting, and advanced configurations. You can learn more here.

Protect Your Data With Microsoft Azure Backup


  • Vijay Tandra Sistla, Principal PM Manager
  • Aruna Somendra, Senior Program Manager

Aruna is first to speak. It’s a demo-packed session. There was another session on AB during the week – that’s probably worth watching as well.

All the attendees are from diverse backgrounds, and we have one common denominator: data. We need to protect that data.

Impact of Data Loss

  • The impact can be direct, e.g. WannaCry hammering the UK’s NHS and patients.
  • It can impact a brand
  • It can impact your career

Azure Backup was built to:

  • Make backups simple
  • Keep data safe
  • Reduce costs

Single Solution

Azure Backup covers on-premises and Azure. It is one solution, with 1 pricing system no matter what you protect: instance size + storage consumed.

Protecting Azure Resources

A demo will show this in action, plus new features coming this year. They’ve built a website with some content on Azure Web Apps – images in Azure FIles and data in SQL in an IaaS VM. Vijay refreshes the site and the icons are ransomwared.

Azure Backup can support:

  • Azure IaaS VMs – the entire VM, disks, or file level recovery
  • Azure Files via Storage account snapshots (NEW)
  • SQL in an Azure IaaS VM (NEW)

Discovery of databases is easy. An agent in the guest OS is queried, and all SQL VMs are discovered. Then all databases are shown, and you back them up based on full / incremental / transaction log backups, using typical AB retention.

For Azure File Share, pick the storage account, select the file share, and then choose the backup/retention policy. It keeps up to 120 days in the preview, but longer term retention will be possible at GA.

When you create a new VM, the Enable Backup option is in the Settings blade. So you can enable backup during VM creation instead of trying to remember to do it later – no longer an afterthought.

Conventional Backup Approaches

What happens behind the scenes in AB. Instead of using on-prem SQL, file servers, you’re starting to use Azure Files and SQL in VMs. Instead of hacking backups into Azure storage (doesn’t scale, and messy) you enable Azure Backup which offers centralized management, In Azure, it is infrastructure-free. SQL is backed up using a backup extension, VM’s are backed up using a backup extension.

28-09-2017 14-34 Office Lens

Azure File Sync is supported too:

In preview, there is short-term retention using snpashots in the source storage account. After GA they will increase retention and enable backups to be storage in the RSV.

28-09-2017 14-38 Office Lens


When you backup a Linux VM, you can run a pre-script, do the backup, and then run a post-script. This can enable application-consistent backups in Linux VMs in Azure. Aruna logs into a Linux VM via SSH. There are Linux CLI commands in the guest OS, e.g. az backup. There is a JSON file that describes the pre-and post scripts. There’s some scripts by a company by a company called capside for MySQL. The pre-script creates database dumps and stops the databases.

28-09-2017 14-49 Office Lens

az backup recoverypoint list and some flags can be used to list the recovery points for the currently logged in VM. The results show if they are app or file consistent.

az backup restore files and some parameters can be used to mount the recovery point – you then copy files from the recovery point, and unmount the recovery point when done.

28-09-2017 14-45 Office Lens

Restore as a Service

28-09-2017 14-50 Office Lens


2/3 of customers keeping on-premises data.

Two solutions in AB for hybrid backup:

  • Microsoft Azure Backup Server (MABS) / DPM: Backup Hyper-V, VMware, SQL, SharePoint, Exchange, File Server & System State to local storage (short-term retention)  and to the cloud (long term retention)
  • MARS Agent: Files & Folders, and System State backed up directly to the cloud.

System State

Protects Active Directory, IIS metadata, file server metadata. registry, COM+ Cert Services, Cluster services info, AD, IIS metabase.

Went live in MARS agent last month.

In a demo, Vijay deletes users from AD. He restores system state files using MARS. Then you reboot the DC in AD restore mode. And then use the wbadmin tool to restore the system state. wbadmin start systemstaterecovery. You reboot again, and the users are restored.

Vijay shows MARS deployment, and shows the Project Honolulu implementation.

Next he talks about the ability to do an offline backup instead of an online full backup. This leverages the Azure storage import service, which can leverage the new Azure Data Box – a tamper proof storage solution of up to 100 TB.


Using cloud isolates backup data from the production data. AB includes free multi-approval process to protect destructive operations to hybrid backups. All backup data is encrypted. RBAC offers governance and control over Azure Backup.

There are email alerts (if enabled) for destructive operations.

If data is deleted, it is retained for 14 days so you can still restore your data, just in case.

Hybrid Backup Encryption

Data is encrypted before it leaves the customer site.

Customers want:

  • To be able to change keys
  • Keep the key secret from MS

A passphrase is used to create they key. This is a key encryption key process. And MS never has your KEK.

Azure VM Disk Encryption

You still need to be able to backup your VMs. If a disk is encrypted using a KEK/BEK combination in the Key Vault, then Azure Backup includes the keys in the backup so you can restore from any point in time in your retention policy.

Isolation and Access Control

Two levels of authorization:

  • You can control access/roles to individual vaults for users.
  • There are permissions or roles within a vault that you can assign to users.

Monitoring & Reporting

Typical questions:

  • How much storage am I using?
  • Are my backups healthy?
  • Can I see the trends in my system?

Vijay does a tour of information in the RSV. Next he shows the new integration with OMS Log Analytics. This shows information from many RSVs in a single tenant. You can create alerts from events in Log Analytics – emails, webhooks, runbooks, or trigger an ITSM action. The OMS data model, for queries, is shared on

For longer term reporting, you can export your tenant’s data to an AB Content Pack in PowerBI – note that this is 1 tenant per content pack import, so a CSP reseller will need 100 imports of the content pack for 100 customers. Vijay shows a custom graphical report showing the trends of data sources over 3 months – it shows growth for all sources, except one which has gone down.

Power BI is free up to 1 GB of data, and then it’s a per-user monthly fee after that.


  • Backup of SQL in IaaS – preview
  • Backup of Azure file – preview
  • Azure CLI
  • Backup of encrypted VMs without KEK
  • Backup of VMs with storage ACLs
  • Backup of large disk VMs
  • Upgrade of classic Backup Vault to ARM RSV
  • Resource move across RG and subscription
  • Removal of vault limits
  • System State Backup

Azure Files With Sync


  • Klaas Langhout, Principal Program Manager, Azure Storage
  • Mine Tanrinian Demir, Principal Program Manager, Azure Storage

This is the one feature that is announced this week that I know for certain will turn into business for my customers so I’ve been looking forward to it finally going public.


  • Simplify share management using the cloud.
  • Leverage snapshots to backup your data
  • Use files to sync between offices
  • Tier cold storage to the cloud.

Azure is a bunch of lego blogs that can be assembled to produce services. A keystone is Azure Storage. Hyperscale at >30 trillion transactions per second at the moment across trillions of objects. It’s durable, secure, highly available, and OpenSource friendly.

One distributed storage system system offers, blob, files, disks, tables and queues, across more regions than any other cloud.

Azure Files (Preview)

Originally launched for lift-and-shift. If you had a legacy LOB app that needed a file share, you deployed Files instead of a VM file server. It was not intended for end user access. Offers SMB 2.1 and SMB 3.0. And if offers encryption at rest.

Why File Servers?

People still do not store things in the cloud. OneDrive and SharePoint online aren’t for everyone. Reasons:

  • App compat: file path lengths, etc.
  • Performance: latency to the cloud is an issue for things like AutoCAD.

Customer Pain

They still want to use file servers, but they’re struggling:

  • Cold data that must be kept
  • Capacity management
  • DR
  • Backup/restore

Companies with branch offices have a multiplier effect of the above.

Value Prop

  • Centralize file services in a managed cloud service
  • Reduce complexity associated with server sprawl
  • Preserve the end user experience – keep the file servers and performance

What it Does

A customer with a file server and the disk storage is a problem. Join the file server to a sync group in Azure Files. Older (actually all) files are moved to the cloud (transparent tiering with “stubs” on prem). If you lose the file server, you build a new one, add it into the existing Files namespace, and the meta data is downloaded. That means users see the shares/data very quickly. Over time, hot data is downloaded as files are used.

You can add another file server and join it to the same sync group, or create more. This synchronizes the files between the file servers via Azure Files (the master now).

Coming soon, not in the current preview), you can synchronize Azure Files from one Azure region to another for DR/performance reasons. You can than hang servers close to that region off of that copy, with inter-region sync if you need it. If one region dies, the file servers associate with it fail over to the other region.

Existing file server access doesn’t change.

If you are using Work Folders (HTTPS access to file shares from Windows, iOS or Android) then this continues to work with the file server.

Users can access file shares ove3r SMB/REST directly via Azure Files.

There is Azure Backup integration so you can backup your file shares in Azure without doing any backup at all on-prem. Killer!

Demo – Setup

He’s in the Azure Portal and searches for Azure File Sync. He clicks Create. Simple creation of entering name and resource group. Supports West US, Souteast Asia, East Australia, and West Europe today, but more will be added.

He’s already downloaded the MSI for the agent. Installs this on a file server. Today, you must installed Azure RM PowerShell but this will be folded into the agent install later. The file server is registered via an Azure sign-in. Then picks a subscription, picks a resource group, selects the Storage Sync Service. This requires another sign-in and a trust is created between the file server and Azure Files.

Back in the portal, he opens the sync service resource, and the file server is shown as Online, with OS version and agent version info.

He creates a sync group and associates it with a pre-created Azure File Share. There are no server endpoints – things we sync to the cloud from a file server, e.g. a path. You can synchronize multiples sets of folders, using sync endpoints as policy objects. You cannot sync the system root.

In the Azure File Share – Storage Account > Files – we can see the contents of the file share are now in Azure. He renames a file on the file server, and 2 seconds later it’s renamed in Azure.


  • Multi-site sync
  • Cloud tiering
  • Direct cloud access
  • Integrated cloud backup
  • Rapid file server DR

Demo – Tiering & Rapid Restore

There are 2 sync groups. One of them has two file servers sycnrhonizing to it. One of them has a policy to keep 95% free space (not realistic but engineered for demo reasons). This means that you can control tiering, to ensure that there’s always at least a certain amount of free space on a file server. Server 2 has a policy to keep 10% free space.

Tiering takes time to quiesce. Attributes show if a file is offline (O) or in Azure. The icon also shows the file as being offline by being transparent.

Questions from the audience:

  • About synchronized locking. Today, there is no lock sync. It operates like OneDrive. If there are two clashing writes, both will succeed. But, one will be written as a copy. MS knows that lock sync is a hot request.
  • This has nothing to do with DFS-R. It uses something called the Microsoft Sync Framework that is around for over 5 years and is used by SQL Server.
  • How is StorSimple affected? StorSimple is intended as on-prem storage in a single site. It uses blob storage which isn’t user accessible. Azure File Sync
  • Is this in CSP? He’s not sure, but if it’s not, it will be soon.
  • Are there file size limits, etc? There are file size limits but there are things being done. They’re published in the release notes. 5 file servers per sync group in the preview. 1 TB per file. They’ve tested up to approx 30 million files. The maximums will grow as they test during the preview.

Back to demo. He added a blank server to the sync group with contents. Meta data of the share/files appears almost instantly. That’s “rapid restore” in action:

  • Add file share to a new file server
  • DR scenario.

Talon Storage – Charles Foley

Customer: TSK that designs & fits out workplaces. They want as little on-prem IT as possible. Not a huge company. They had people in multiple locations with file servers, collaborating. They used Talon FAST in front of Azure Files, enabling sites to see a single share across sites. And this supports file locks in Azure Files, preventing the overwrite scenario.

Azure Files Use Cases – What’s New

Mine from Microsoft takes over.

Top Use Cases:

  • Highly available FTP Server. Creating load balanced stateless FTP servers that use Azure Files to store shared content. Results in scalable and highly available FTP server.
  • Store scripts in Azure Files instead of on a file server VM. SMB 3.0 encryption should be used in hybrid scenarios. Output sent to Azure Files and can be processed later on-prem.

New in 2017

  • Security: Encryption At Rest using your own key (Key Vault), SMB encryption for Linux.
  • End-to-end integration: Data import, a new tamper proof 100 TB disk device announced yesterday. Getting start tools for Windows and Linux. Export is coming.

Announcing Today

  • Azure File Sync Preview
  • Network ACLs Preview – secure your storage account with layer 4 firewall rules.
  • Azure Monitor Preview to troubleshoot or manage performance

Coming soon:

  • Share Snapshots Preview – a data consistent share snapshot
  • Azure Backup Integration Preview – create policies to backup a storage account.
  • LRS price reduction of 25%

Demo – Storage Accounts

She opens Files in a storage account. There are some shares. She shows that you can use Net Use or Sudo to connect to a file share over the network. She creates a snapshot. Then she views snapshots. Loads of them there already because Azure Backup is enabled. In the recovery services vault, she opens Backup Items. We can see shares in there. She adds another in the same Backup wizard as usual. A backup policy is selected.  We see that we can manually restore a share or a file. On a VM file server, she shows a mounted file share with files in it. She has also mounted a snapshot. Because of this method, Previous Versions in the file share can be used to view/mount snapshots.

Azure Backup is Azure Files Sync aware.

Retention up to 120 days. Storage costs are incremental. You pay per storage account being backed up.


I met with some of the Azure Backup team later in the week to discuss backup of Azure File Sync because the above system worried me. Here’s what I learned. The above system is just for the preview. The system will change when Azure File Sync goes GA:

  • Backups will be to the recovery services vault
  • Longer retention will be possible


  • AD integration and ACLs
  • Larger shares (~100 TB instead of 5 TB)
  • Azure file sync GA
  • Cross region sync of storage
  • ZRS – sync writes across three availability zones


  • Supported OS for File Sync: WS2012 R2 and WS2016. PCs are not affected because they connect to file servers.
  • Expansion of file share max capacity will roll out to all existing shares.
  • Any road map on compliance and legal hold? Bit of a woolly answer.
  • Any character file path limits? Published publicly. Some characters are not supported, but they’re using telemetry to monitor that for future support. Non-compliant files are skipped, and an error is created on the server. Same happens with files that are too large.
  • You can do around 10-20 sync groups per file server … that can be lots of shares.
  • Deduplicated volumes are not support at this time, but they plan on adding support. They are investigating using dedupe to reduce transmission and storage costs.
  • Egress charges: The Talon guy talks up. Their customer’s egress charges are under 1% of their total bill, in the 10s or 100s of dollars range.
  • The file sync protocol is REST-based. for any feedback/questions.