Limitations and Considerations

In this article

    When you plan to deploy Veeam Backup for Microsoft Azure and set up the backup infrastructure, keep in mind the following limitations and considerations.



    Recommended Azure VM size

    Backup appliance

    • Standard_B2s with 2 CPUs and 4 GB RAM
    • Standard_B2ms with 2 CPUs and 8 GB RAM


    • Standard_F2s_v2 with 2 CPUs and 4 GB RAM for standard backup
    • Standard_E2_v4 with 2 CPUs and 16 GB RAM for archived backup

    For more information on Azure VM sizes, see Microsoft Docs.


    Internet Explorer is not supported. To access Veeam Backup for Microsoft Azure, use Microsoft Edge (latest version), Mozilla Firefox (latest version) or Google Chrome (latest version).

    Network Settings for Worker Instances

    Before you start adding worker configurations, consider the following:

    • A service endpoint (routing) for the Microsoft.Storage service must be configured for virtual networks to which workers will be connected. To learn how to configure virtual network service endpoints, see Microsoft Docs.
    • A subnet to which workers will be connected must have at least one free IP address in the subnet range — Veeam Backup for Microsoft Azure will deploy and simultaneously run as many workers as many free IP addresses there are in the subnet range.
    • By default, workers use public endpoints to connect to Azure SQL Managed Instances through the port 3342. If a worker tries to connect to an Azure SQL Managed Instance and public endpoints are disabled for this instance, the worker will use a private endpoint to connect to the instance through the port 1433 instead. However, for the worker to be able to establish the connection, virtual networks to which the worker and the Azure SQL Managed Instance are connected must be peered on the Azure portal. To learn how to peer virtual networks, see Microsoft Docs.

    For more information on worker configurations, see Configuring Workers.


    Azure Disk Encryption is supported in the current Veeam Backup for Microsoft Azure version with the following limitations:

    • Veeam Backup for Microsoft Azure supports Azure Disk Encryption for backup and restore operations only within one Azure region. If you choose to backup or to restore your data to another region, you must first migrate Azure key vaults, cryptographic keys and secrets used to encrypt source Azure resources to the target region, as described in Microsoft Docs.
    • Veeam Backup for Microsoft Azure does not support file-level recovery for VMs whose virtual disks are encrypted using Azure Disk Encryption.

    For more information on Azure Disk Encryption, see Microsoft Docs.


    Before you start protecting Azure resources, consider the following:

    • Veeam Backup for Microsoft Azure does not support creation of backup repositories in storage accounts with enabled blob soft delete option.
    • Veeam Backup for Microsoft Azure does not support archive tiering of storage account with enabled data redundancy (ZRS, GZRS, RA-GZRS) option.
    • When Veeam Backup for Microsoft Azure backs up Azure VMs with IPv6 addresses assigned, it does not store the addresses. That is why if you plan to restore these VMs, keep in mind that you will have to assign IPv6 addresses to the restored VMs manually on the Microsoft Azure portal, after the restore process completes.
    • Veeam Backup for Microsoft Azure does not support back up of databases hosted by Azure Arc-enabled SQL managed instances and SQL Servers on Azure Arc-enabled servers.
    • If an Azure SQL database was migrated to a SQL Server or Azure SQL Managed Instance, be sure to clear legacy references, orphaned database users and credentials set up with authentication types not supported on Azure SQL, to avoid BACPAC export errors. BACPAC export of databases with external references is not supported.

    Security Certificates

    Veeam Backup for Microsoft Azure supports certificates only in the .PFX format.