Prepare Azure Environment for Virtual Machine Restore

Configure your Azure environment before restoring disk images or VM backups to Azure VM.

The following entities:

  • Resource Group
  • Storage account
  • Azure Virtual Network
  • Storage Container
  • Network Security Group

must be configured in your Azure profile.

Follow the instructions below to pass the preparations through:

Create a Resource Group

Resource groups enable you to manage all your resources in an application together.

  1. Open the Azure Portal. Click Create a resource".

  1. Find the required Resource Group and select it.
  2. Click Create.
  3. Specify the Resource group name. Select the subscription and the Resource group location.

For faster uploads and downloads, select the closest location. You can check the location latency on

Create Storage Account and Container to Keep Restored VM Disks

Azure Storage is a service that you can use to store unstructured and partially structured data. IT professionals that practice Azure virtual machine deployment rely on Azure Storage to keep the virtual machine operating systems and data disks.

Blobs typically represent unstructured files such as media content, virtual machine disks, backups, or logs. There are three types of blobs.

  • block blob is optimized for sequential access, which is ideal for media content
  • page blob offers superior random access capabilities, which is only suited for virtual machine disks
  • append blob applies to data append operations, without the need to modify existing content. This works best with logging and auditing activities.

Recommended storage configuration:

VM HDD container:

  • Deployment model: Resource manager
  • Account Kind: StorageV1 or StorageV2
  • Replication: LRS, GRS, RA-GRS
  • Performance: Standard or Premium
  • Access tear: Hot

Boot diagnostic storage (if required):

  • Deployment model: Resource manager
  • Account Kind: StorageV1 or StorageV2
  • Replication: LRS, GRS, ZRS, RA-GRS
  • Performance: Standard
  • Access tear: Hot

Create New Storage Account

To create a new Azure storage account, proceed as follows:

  1. Open your Resource Group.

  1. Click +Add.
  2. Find Storage Account, then click Create.
  3. Specify options according to your requirements and recommended storage configuration. Click Create.

  1. Create a container to keep your VMs in blobs. A container organizes a set of blobs, similar to a folder in a file system. All blobs reside within this container. A storage account can contain an unlimited number of containers, and a container can store an unlimited number of blobs.

Note that the container name must be in lowercase

  1. Open the Resource GroupYour Storage accountBlob Service.
  2. To add a new container, click +Container.
  3. Specify the container name and click OK.

Create Virtual Network with Correct Subnet

If you use Static IP addresses in your backed-up Virtual Machine, you should use a similar or the same subnet in the Azure Virtual Network. In this case, you will be able to connect to your restored VM through the Internet.

Note that Azure reserves the first three IP addresses in a subnet for internal usage

  1. Open the required Resource Group.
  2. Click +Add.
  3. Find Virtual Network, then click Create.

  1. Specify the virtual network name, select region, then click Next: IP addresses.
  2. Specify IP addresses for the new virtual network. Add subnet if needed.
  3. Once you are done with the ID address and subnet settings, click Next: Security.
  4. Specify security options. To learn about security settings, use the tooltips beside the settings.

  1. Once you are done, click Review&Create.

Create a Network Security Group

For security reasons, it is strongly recommended to create a Network Security Group and associate it with a Subnet. You can allow incoming connections for TCP ports like 22 or 3389 in the Inbound security rules tab

  1. Open the required Resource Group.
  2. Click +Add.
  3. Find Network Security Group, select it, then click Create.

  1. Specify the required Network Security Group settings, then click Create.
  2. Open the created Network Security Group, then navigate to Inbound Security Rules which is part of the Settings group.
  3. To add a new security rule, click +Add.
  4. Click Basic.
  5. In the Port ranges, specify 443 and name, for example as https.
  6. Click Add to add a new security rule.

Add as many inbound security rules as you need to allow access to services hosted on the VM.

Note that the following outgoing connections (IP addresses and ports) associated with the portal must be allowed:

Make sure you allow access to all required ports

Associate Network Security Group With a Subnet

Once all required rules are added, associate the Network Security Group with the previously created subnet.

  1. Click Subnets in the Settings group.
  2. Click Associate. Select the required virtual network and the required subnet, then click OK.

Enable Serial Console

For testing or troubleshooting purposes, it is recommended to enable Serial Console in your Linux or Windows Machine. Then you will be able to configure and troubleshoot your Azure VM in the Azure Portal command line.

To learn more, follow the links below:

For troubleshooting refer to the following knowledge base article