Proposed Pull Request Change

📄 Document Links

View on GitHub View on Microsoft Learn

--- title: Back up Azure Disks using Azure Data Protection REST API. description: In this article, learn how to configure, initiate, and manage backup operations of Azure Disks using REST API. ms.topic: how-to ms.date: 06/11/2025 ms.assetid: 6050a941-89d7-4b27-9976-69898cc34cde author: AbhishekMallick-MS ms.author: v-mallicka ms.custom: engagement-fy24 # Customer intent: "As a cloud administrator, I want to configure and manage backups for Azure Disks using a REST API, so that I can automate snapshot lifecycle management and ensure data protection without incurring infrastructure costs or performance impact." --- # Back up Azure Disks using Azure Data Protection via REST API This article describes how to manage backups for Azure Disks via REST API. Azure Disk Backup simplifies snapshot lifecycle management for managed disks by automating periodic snapshots and retention based on backup policies. It eliminates infrastructure costs, custom scripting, and management overhead, providing a crash-consistent, point-in-time backup via incremental snapshots—supporting multiple backups per day. This agentless solution ensures zero impact on production performance and enables backup and restore of both OS and data disks (including shared disks), irrespective of whether they're attached to an Azure VM. For information on the Azure Disk backup region availability, supported scenarios and limitations, see the [support matrix](disk-backup-support-matrix.md). ## Prerequisites Before you back up disks, review the following prerequisites: - [Create a Backup vault](backup-azure-dataprotection-use-rest-api-create-update-backup-vault.md) - [Create a disk backup policy](backup-azure-dataprotection-use-rest-api-create-update-disk-policy.md) ## Configure backup Once the vault and policy are created, there are two critical points that the user needs to consider to protect all Azure blobs within a storage account. - Key entities - Permissions ### Key entities Once the vault and policy are created, there are three critical points that you need to consider to protect an Azure Disk. - **Disk to be protected**: Note the ARM ID and the location of the disk to be protected. This will serve as the identifier of the disk. ```http "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx/resourcegroups/RG-DiskBackup/providers/Microsoft.Compute/disks/msdiskbackup" ``` - **Snapshot resource group**: The disk snapshots are stored in a resource group within your subscription. As a guideline, we recommend creating a dedicated resource group as a snapshot datastore to be used by the Azure Backup service. Having a dedicated resource group allows restricting access permissions on the resource group, providing safety and ease of management of the backup data. Note the ARM ID for the resource group where you wish to place the disk snapshots. ```http "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/snapshot-rg" ``` - **Backup vault**: The Backup vault requires permissions on the disk to enable backups. The system-assigned managed identity of the vault is used for assigning such permissions. ### Assign permissions You need to assign a few permissions via RBAC to the vault (represented by vault MSI) and the relevant disk and/or the disk RG. These can be performed via Azure portal or CLI. To assign related permissions, see the [prerequisites to configure backup of managed disks](./backup-managed-disks-ps.md#assign-permissions). ### Prepare the request to configure backup Once the relevant permissions are set to the vault and the disk, and the vault and policy are configured, prepare the request to configure backup. The following is the request body to configure backup for an Azure Disk. The Azure Resource Manager ID (ARM ID) of the Azure Disk and its details are mentioned in the `datasourceinfo` section and the policy information is present in the `policyinfo` section where the snapshot resource group is provided as one of the policy parameters. ```json { "backupInstance": { "dataSourceInfo": { "datasourceType": "Microsoft.Compute/", "objectType": "Datasource", "resourceID": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/RG-DiskBackup/providers/Microsoft.Compute/disks/msdiskbackup", "resourceLocation": "westUS", "resourceName": "msdiskbackup", "resourceType": "Microsoft.Compute/disks", "resourceUri": "" }, "policyInfo": { "policyId": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/TestBkpVaultRG/providers/Microsoft.DataProtection/backupVaults/testBkpVault/backupPolicies/DiskBackup-Policy", "policyParameters": { "dataStoreParametersList": [ { "dataStoreType": "OperationalStore", "objectType": "AzureOperationalStoreParameters", "resourceGroupId": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/snapshot-rg" } ] } }, "objectType": "BackupInstance" } } ``` ### Validate the request to configure backup To validate if the request to configure backup will be successful, use [the validate for backup API](/rest/api/dataprotection/backup-instances/validate-for-backup). You can use the response to perform the required prerequisites, and then submit the configuration for backup request. Validate for backup request is a _POST_ operation and the URI contains `{subscriptionId}`, `{vaultName}`, `{vaultresourceGroupName}` parameters. ```http POST https://management.azure.com/Subscriptions/{subscriptionId}/resourceGroups/{vaultresourceGroupname}/providers/Microsoft.DataProtection/backupVaults/{backupVaultName}/validateForBackup?api-version=2021-01-01 ``` For example, this API translates to: ```http POST https://management.azure.com/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/TestBkpVaultRG/providers/Microsoft.DataProtection/backupVaults/testBkpVault/validateForBackup?api-version=2021-01-01 ``` The [request body](#prepare-the-request-to-configure-backup) that we prepared earlier will be used to provide details of the Azure Disk to be protected. **Example request body** ```json { "backupInstance": { "dataSourceInfo": { "datasourceType": "Microsoft.Compute/disks", "objectType": "Datasource", "resourceID": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/RG-DiskBackup/providers/Microsoft.Compute/disks/msdiskbackup", "resourceLocation": "westUS", "resourceName": "msdiskbackup", "resourceType": "Microsoft.Compute/disks", "resourceUri": "" }, "policyInfo": { "policyId": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/TestBkpVaultRG/providers/Microsoft.DataProtection/backupVaults/testBkpVault/backupPolicies/DiskBackup-Policy", "policyParameters": { "dataStoreParametersList": [ { "dataStoreType": "OperationalStore", "objectType": "AzureOperationalStoreParameters", "resourceGroupId": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/snapshot-rg" } ] } }, "objectType": "BackupInstance" } } ``` #### Responses for backup request validation Backup request validation is an [asynchronous operation](../azure-resource-manager/management/async-operations.md). So, this operation creates another operation that needs to be tracked separately. It returns two responses: 202 (Accepted) when another operation is created and 200 (OK) when that operation completes. |Name |Type |Description | |---------|---------|---------| |202 Accepted | | The operation will be completed asynchronously | |200 OK | [OperationJobExtendedInfo](/rest/api/dataprotection/backup-instances/validate-for-backup#operationjobextendedinfo) | Accepted | | Other Status codes | [CloudError](/rest/api/dataprotection/backup-instances/validate-for-backup#clouderror) | Error response describing why the operation failed | **Example responses for validate backup request** ##### Error response If the given disk is already protected, it returns the response as HTTP 400 (Bad request) and states that the given disk is protected to a backup vault along with details. ```http HTTP/1.1 400 BadRequest Content-Length: 1012 Content-Type: application/json Expires: -1 Pragma: no-cache X-Content-Type-Options: nosniff x-ms-request-id: Strict-Transport-Security: max-age=31536000; includeSubDomains x-ms-ratelimit-remaining-subscription-writes: 1199 x-ms-correlation-request-id: 0c99ff0f-6c26-4ec7-899f-205435e89894 x-ms-routing-request-id: CENTRALUSEUAP:20210830T142949Z:0be72802-02ad-485d-b91f-4aadd92c059c Cache-Control: no-cache Date: Mon, 30 Aug 2021 14:29:49 GMT X-Powered-By: ASP.NET { "error": { "additionalInfo": [ { "type": "UserFacingError", "info": { "message": "Datasource is already protected under the Backup vault /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/TestBkpVaultRG/providers/Microsoft.DataProtection/backupVaults/testBkpVault.", "recommendedAction": [ "Delete the backup instance SharedDataDisk from the Backup vault /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/TestBkpVaultRG/providers/Microsoft.DataProtection/backupVaults/testBkpVault to re-protect the datasource in any other vault." ], "details": null, "code": "UserErrorDppDatasourceAlreadyProtected", "target": "", "innerError": null, "isRetryable": false, "isUserError": false, "properties": { "ActivityId": "0c99ff0f-6c26-4ec7-899f-205435e89894" } } } ], "code": "UserErrorDppDatasourceAlreadyProtected", "message": "Datasource is already protected under the Backup vault /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/TestBkpVaultRG/providers/Microsoft.DataProtection/backupVaults/testBkpVault.", "target": null, "details": null } } ``` ##### Track response If the datasource is unprotected, then the API proceeds for further validations and creates a tracking operation. ```http HTTP/1.1 202 Accepted Content-Length: 0 Expires: -1 Pragma: no-cache Retry-After: 10 Azure-AsyncOperation: https://management.azure.com/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/providers/Microsoft.DataProtection/locations/westus/operationStatus/ZmMzNDFmYWMtZWJlMS00NGJhLWE4YTgtMDNjYjI4Y2M5OTExOzM2NDdhZDNjLTFiNGEtNDU4YS05MGJkLTQ4NThiYjRhMWFkYg==?api-version=2021-01-01 X-Content-Type-Options: nosniff x-ms-request-id: Strict-Transport-Security: max-age=31536000; includeSubDomains x-ms-ratelimit-remaining-subscription-writes: 1197 x-ms-correlation-request-id: 3e7cacb3-65cd-4b3c-8145-71fe90d57327 x-ms-routing-request-id: CENTRALUSEUAP:20210707T124850Z:105f2105-6db1-44bf-8a34-45972a8ba861 Cache-Control: no-cache Date: Wed, 07 Jul 2021 12:48:50 GMT Location: https://management.azure.com/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/providers/Microsoft.DataProtection/locations/westus/operationResults/ZmMzNDFmYWMtZWJlMS00NGJhLWE4YTgtMDNjYjI4Y2M5OTExOzM2NDdhZDNjLTFiNGEtNDU4YS05MGJkLTQ4NThiYjRhMWFkYg==?api-version=2021-01-01 X-Powered-By: ASP.NET ``` Track the resulting operation using the _Azure-AsyncOperation_ header with a simple *GET* command. ```http GET https://management.azure.com/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/providers/Microsoft.DataProtection/locations/westus/operationStatus/ZmMzNDFmYWMtZWJlMS00NGJhLWE4YTgtMDNjYjI4Y2M5OTExOzM2NDdhZDNjLTFiNGEtNDU4YS05MGJkLTQ4NThiYjRhMWFkYg==?api-version=2021-01-01 { "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/providers/Microsoft.DataProtection/locations/westus/operationStatus/ZmMzNDFmYWMtZWJlMS00NGJhLWE4YTgtMDNjYjI4Y2M5OTExOzM2NDdhZDNjLTFiNGEtNDU4YS05MGJkLTQ4NThiYjRhMWFkYg==", "name": "ZmMzNDFmYWMtZWJlMS00NGJhLWE4YTgtMDNjYjI4Y2M5OTExOzM2NDdhZDNjLTFiNGEtNDU4YS05MGJkLTQ4NThiYjRhMWFkYg==", "status": "Inprogress", "startTime": "2021-07-07T12:48:50.3432229Z", "endTime": "0001-01-01T00:00:00" } ``` It returns 200 (OK) once it completes and the response body lists further requirements to be fulfilled, such as permissions. ```http GET https://management.azure.com/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/providers/Microsoft.DataProtection/locations/westus/operationStatus/ZmMzNDFmYWMtZWJlMS00NGJhLWE4YTgtMDNjYjI4Y2M5OTExOzM2NDdhZDNjLTFiNGEtNDU4YS05MGJkLTQ4NThiYjRhMWFkYg==?api-version=2021-01-01 { "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/providers/Microsoft.DataProtection/locations/westus/operationStatus/ZmMzNDFmYWMtZWJlMS00NGJhLWE4YTgtMDNjYjI4Y2M5OTExOzM2NDdhZDNjLTFiNGEtNDU4YS05MGJkLTQ4NThiYjRhMWFkYg==", "name": "ZmMzNDFmYWMtZWJlMS00NGJhLWE4YTgtMDNjYjI4Y2M5OTExOzM2NDdhZDNjLTFiNGEtNDU4YS05MGJkLTQ4NThiYjRhMWFkYg==", "status": "Failed", "error": { "additionalInfo": [ { "type": "UserFacingError", "info": { "message": "Appropriate permissions to perform the operation is missing.", "recommendedAction": [ "Grant appropriate permissions to perform this operation as mentioned at https://aka.ms/UserErrorMissingRequiredPermissions and retry the operation." ], "code": "UserErrorMissingRequiredPermissions", "target": "", "innerError": { "code": "UserErrorMissingRequiredPermissions", "additionalInfo": { "DetailedNonLocalisedMessage": "Validate for Protection failed. Exception Message: The client '00001111-aaaa-2222-bbbb-3333cccc4444' with object id 'aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb' does not have authorization to perform action 'Microsoft.Authorization/roleAssignments/read' over scope '/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/RG-DiskBackup/providers/Microsoft.Compute/disks/msdiskbackup/providers/Microsoft.Authorization' or the scope is invalid. If access was recently granted, please refresh your credentials." } }, "isRetryable": false, "isUserError": false, "properties": { "ActivityId": "3e7cacb3-65cd-4b3c-8145-71fe90d57327" } } } ], "code": "UserErrorMissingRequiredPermissions", "message": "Appropriate permissions to perform the operation is missing." }, "startTime": "2021-07-07T12:48:50.3432229Z", "endTime": "2021-07-07T12:49:22Z" } ``` If you grant all permissions, then resubmit the validate request, track the resulting operation, and it'll return the success response as 200 (OK) if all the conditions are met. ```http GET https://management.azure.com/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/providers/Microsoft.DataProtection/locations/westus/operationStatus/ZmMzNDFmYWMtZWJlMS00NGJhLWE4YTgtMDNjYjI4Y2M5OTExOzlhMjk2YWM2LWRjNDMtNGRjZS1iZTU2LTRkZDNiMDhjZDlkOA==?api-version=2021-01-01 { "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/providers/Microsoft.DataProtection/locations/westus/operationStatus/ZmMzNDFmYWMtZWJlMS00NGJhLWE4YTgtMDNjYjI4Y2M5OTExOzlhMjk2YWM2LWRjNDMtNGRjZS1iZTU2LTRkZDNiMDhjZDlkOA==", "name": "ZmMzNDFmYWMtZWJlMS00NGJhLWE4YTgtMDNjYjI4Y2M5OTExOzlhMjk2YWM2LWRjNDMtNGRjZS1iZTU2LTRkZDNiMDhjZDlkOA==", "status": "Succeeded", "startTime": "2021-07-07T13:03:54.8627251Z", "endTime": "2021-07-07T13:04:06Z" } ``` ### Configure backup request Once the request is validated, then you can submit the same to the [create backup instance API](/rest/api/dataprotection/backup-instances/create-or-update). A Backup instance represents an item protected with data protection service of Azure Backup within the Backup vault. Here, the Azure Disk is the backup instance and you can use the same request body, which was validated above, with minor additions. Use a unique name for the backup instance. So, we recommend you use a combination of the resource name and a unique identifier. For example, in the following operation, we'll use _msdiskbackup-2dc6eb5b-d008-4d68-9e49-7132d99da0ed_ and mark it as the backup instance name. To create or update the backup instance, use the following ***PUT*** operation. ```http PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DataProtection/{BkpvaultName}/backupInstances/{UniqueBackupInstanceName}?api-version=2021-01-01 ``` For example, this API translates to: ```http PUT https://management.azure.com/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/TestBkpVaultRG/providers/Microsoft.DataProtection/backupVaults/testBkpVault/backupInstances/msdiskbackup-2dc6eb5b-d008-4d68-9e49-7132d99da0ed?api-version=2021-01-01 ``` #### Create the request for configure backup To create a backup instance, following are the components of the request body: |Name |Type |Description | |---------|---------|---------| |properties | [BackupInstance](/rest/api/dataprotection/backup-instances/create-or-update#backupinstance) | BackupInstanceResource properties | ##### Example request for configure backup We'll use the same request body that we used to validate the backup request with a unique name as we mentioned [above](#configure-backup). ```json { "name": "msdiskbackup-2dc6eb5b-d008-4d68-9e49-7132d99da0ed", "type": "Microsoft.DataProtection/backupvaults/backupInstances", "properties": { "dataSourceInfo": { "datasourceType": "Microsoft.Compute/disks", "objectType": "Datasource", "resourceID": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/RG-DiskBackup/providers/Microsoft.Compute/disks/msdiskbackup", "resourceLocation": "westUS", "resourceName": "msdiskbackup", "resourceType": "Microsoft.Compute/disks", "resourceUri": "" }, "policyInfo": { "policyId": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/TestBkpVaultRG/providers/Microsoft.DataProtection/backupVaults/testBkpVault/backupPolicies/DiskBackup-Policy", "policyParameters": { "dataStoreParametersList": [ { "dataStoreType": "OperationalStore", "objectType": "AzureOperationalStoreParameters", "resourceGroupId": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/snapshot-rg" } ] } }, "objectType": "BackupInstance" } } ``` #### Responses to configure backup request The _create backup instance request_ is an [asynchronous operation](../azure-resource-manager/management/async-operations.md). So, this operation creates another operation that needs to be tracked separately. It returns two responses: 201 (Created) when backup instance is created and the protection is being configured, and then 200 (OK) when that configuration completes. |Name |Type |Description | |---------|---------|---------| |201 Created | [Backup instance](/rest/api/dataprotection/backup-instances/create-or-update#backupinstanceresource) | Backup instance is created and protection is being configured | |200 OK | [Backup instance](/rest/api/dataprotection/backup-instances/create-or-update#backupinstanceresource) | Protection is configured | | Other Status codes | [CloudError](/rest/api/dataprotection/backup-instances/validate-for-backup#clouderror) | Error response describing why the operation failed | ##### Example responses to configure backup request Once you submit the *PUT* request to create a backup instance, the initial response is 201 (Created) with an Azure-asyncOperation header. Note that the request body contains all the backup instance properties. ```http HTTP/1.1 201 Created Content-Length: 1149 Content-Type: application/json Expires: -1 Pragma: no-cache Retry-After: 15 Azure-AsyncOperation: https://management.azure.com/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/providers/Microsoft.DataProtection/locations/westus/operationStatus/ZmMzNDFmYWMtZWJlMS00NGJhLWE4YTgtMDNjYjI4Y2M5OTExOzI1NWUwNmFlLTI5MjUtNDBkNy1iMjMxLTM0ZWZlMDA3NjdkYQ==?api-version=2021-01-01 X-Content-Type-Options: nosniff x-ms-request-id: Strict-Transport-Security: max-age=31536000; includeSubDomains x-ms-ratelimit-remaining-subscription-writes: 1199 x-ms-correlation-request-id: 5d9ccf1b-7ac1-456d-8ae3-36c93c0d2427 x-ms-routing-request-id: CENTRALUSEUAP:20210707T170219Z:9e897266-5d86-4d13-b298-6561c60cf043 Cache-Control: no-cache Date: Wed, 07 Jul 2021 17:02:18 GMT Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET { "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/TestBkpVaultRG/providers/Microsoft.DataProtection/backupVaults/testBkpVault/backupInstances/msdiskbackup-2dc6eb5b-d008-4d68-9e49-7132d99da0ed", "name": "msdiskbackup-2dc6eb5b-d008-4d68-9e49-7132d99da0ed", "type": "Microsoft.DataProtection/backupVaults/backupInstances", "properties": { "friendlyName": "msdiskbackup", "dataSourceInfo": { "datasourceType": "Microsoft.Compute/disks", "objectType": "Datasource", "resourceID": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/RG-DiskBackup/providers/Microsoft.Compute/disks/msdiskbackup", "resourceLocation": "westUS", "resourceName": "msdiskbackup", "resourceType": "Microsoft.Compute/disks", "resourceUri": "" }, "policyInfo": { "policyId": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/TestBkpVaultRG/providers/Microsoft.DataProtection/backupVaults/testBkpVault/backupPolicies/DiskBackup-Policy", "policyParameters": { "dataStoreParametersList": [ { "dataStoreType": "OperationalStore", "objectType": "AzureOperationalStoreParameters", "resourceGroupId": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/snapshot-rg" } ] }, "protectionStatus": { "status": "ConfiguringProtection" }, "currentProtectionState": "ConfiguringProtection", "provisioningState": "Provisioning", "objectType": "BackupInstance" } } ``` Then track the resulting operation using the _Azure-AsyncOperation_ header with a simple *GET* command. ```http GET https://management.azure.com/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/providers/Microsoft.DataProtection/locations/westus/operationStatus/ZmMzNDFmYWMtZWJlMS00NGJhLWE4YTgtMDNjYjI4Y2M5OTExOzI1NWUwNmFlLTI5MjUtNDBkNy1iMjMxLTM0ZWZlMDA3NjdkYQ==?api-version=2021-01-01 ``` Once the operation completes, it returns 200 (OK) with the success message in the response body. ```json { "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/providers/Microsoft.DataProtection/locations/westus/operationStatus/ZmMzNDFmYWMtZWJlMS00NGJhLWE4YTgtMDNjYjI4Y2M5OTExOzI1NWUwNmFlLTI5MjUtNDBkNy1iMjMxLTM0ZWZlMDA3NjdkYQ==", "name": "ZmMzNDFmYWMtZWJlMS00NGJhLWE4YTgtMDNjYjI4Y2M5OTExOzI1NWUwNmFlLTI5MjUtNDBkNy1iMjMxLTM0ZWZlMDA3NjdkYQ==", "status": "Succeeded", "startTime": "2021-07-07T17:02:19.0611871Z", "endTime": "2021-07-07T17:02:20Z" } ``` ### Stop protection and delete data To remove the protection on an Azure Disk and delete the backup data as well, perform a [delete operation](/rest/api/dataprotection/backup-instances/delete). Stopping protection and deleting data is a *DELETE* operation. ```http DELETE https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.DataProtection/backupVaults/{vaultName}/backupInstances/{backupInstanceName}?api-version=2021-01-01 ``` For example, this API translates to: ```http DELETE "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/TestBkpVaultRG/providers/Microsoft.DataProtection/backupVaults/testBkpVault/backupInstances/msdiskbackup-2dc6eb5b-d008-4d68-9e49-7132d99da0ed?api-version=2021-01-01" ``` #### Responses for delete protection *DELETE* protection is an [asynchronous operation](../azure-resource-manager/management/async-operations.md). So, this operation creates another operation that needs to be tracked separately. It returns two responses: 202 (Accepted) when another operation is created, and 200 (OK) when that operation completes. |Name |Type |Description | |---------|---------|---------| |200 OK | | Status of delete request | |202 Accepted | | Accepted | ##### Example responses for delete protection Once you submit the *DELETE* request, the initial response will be 202 (Accepted) with an Azure-asyncOperation header. ```http HTTP/1.1 202 Accepted Content-Length: 0 Expires: -1 Pragma: no-cache Retry-After: 30 Azure-AsyncOperation: https://management.azure.com/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/providers/Microsoft.DataProtection/locations/westus/operationStatus/ZmMzNDFmYWMtZWJlMS00NGJhLWE4YTgtMDNjYjI4Y2M5OTExOzE1ZjM4YjQ5LWZhMGQtNDMxOC1iYjQ5LTExMDJjNjUzNjM5Zg==?api-version=2021-01-01 X-Content-Type-Options: nosniff x-ms-request-id: Strict-Transport-Security: max-age=31536000; includeSubDomains x-ms-ratelimit-remaining-subscription-deletes: 14999 x-ms-correlation-request-id: fee7a361-b1b3-496d-b398-60fed030d5a7 x-ms-routing-request-id: CENTRALUSEUAP:20210708T071330Z:5c3a9f3e-53aa-4d5d-bf9a-20de5601b090 Cache-Control: no-cache Date: Thu, 08 Jul 2021 07:13:29 GMT Location: https://management.azure.com/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/providers/Microsoft.DataProtection/locations/westus/operationResults/ZmMzNDFmYWMtZWJlMS00NGJhLWE4YTgtMDNjYjI4Y2M5OTExOzE1ZjM4YjQ5LWZhMGQtNDMxOC1iYjQ5LTExMDJjNjUzNjM5Zg==?api-version=2021-01-01 X-Powered-By: ASP.NET ``` Track the _Azure-AsyncOperation_ header with a simple *GET* request. When the request is successful it returns 200 OK with a success status response. ```http GET "https://management.azure.com/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/providers/Microsoft.DataProtection/locations/westus/operationStatus/ZmMzNDFmYWMtZWJlMS00NGJhLWE4YTgtMDNjYjI4Y2M5OTExOzE1ZjM4YjQ5LWZhMGQtNDMxOC1iYjQ5LTExMDJjNjUzNjM5Zg==?api-version=2021-01-01" { "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/providers/Microsoft.DataProtection/locations/westus/operationStatus/ZmMzNDFmYWMtZWJlMS00NGJhLWE4YTgtMDNjYjI4Y2M5OTExOzE1ZjM4YjQ5LWZhMGQtNDMxOC1iYjQ5LTExMDJjNjUzNjM5Zg==", "name": "ZmMzNDFmYWMtZWJlMS00NGJhLWE4YTgtMDNjYjI4Y2M5OTExOzE1ZjM4YjQ5LWZhMGQtNDMxOC1iYjQ5LTExMDJjNjUzNjM5Zg==", "status": "Succeeded", "startTime": "2021-07-08T07:13:30.23815Z", "endTime": "2021-07-08T07:13:46Z" } ``` ## Next steps Restore Managed Disk using [Azure portal](restore-managed-disks.md), [Azure PowerShell](restore-managed-disks-ps.md), [Azure CLI](restore-managed-disks-cli.md), [REST API](backup-azure-dataprotection-use-rest-api-restore-disks.md). For more information on the Azure Backup REST APIs, see the following articles: - [Azure Data Protection Provider REST API](/rest/api/dataprotection/) - [Get started with Azure REST API](/rest/api/azure/) - [Manage backup and restore jobs](backup-azure-arm-userestapi-managejobs.md)