How to Set Up Azure Backup Failure Alerts

Backup failures are operationally silent by default. Unless you configure alerts, a failed backup job completes without anyone being notified. The failure accumulates. Recovery points stop being created. When a recovery is actually needed, the most recent recovery point may be days or weeks old, or may not exist at all.

This guide covers the three alerting mechanisms for Azure Backup, how to configure each, and what a complete backup monitoring posture looks like.

Understand what needs alerting

Before configuring alerts, identify the failure conditions that matter:

Backup job failures: A scheduled backup job failed to complete. This is the highest-priority alert: it means a new recovery point was not created for that job's window.

Backup job warnings: A job completed but with warnings (e.g., VSS writer issues on a Windows VM, files skipped due to locks). Warnings may indicate the recovery point is incomplete.

Protection stopped: Backup protection was disabled for a protected item. An item removed from protection is no longer being backed up and no new recovery points will be created.

Recovery point age: A protected item has not had a successful backup in more than X hours. This detects failure scenarios that do not generate explicit job failure events (e.g., jobs that never start due to a scheduling issue).

Soft delete events: Backup items were deleted (now in soft-deleted state). This may indicate an accidental deletion, or a security incident.

Method 1: Built-in Azure Backup alerts (via Azure Monitor)

The Recovery Services vault generates Azure Monitor alerts natively. Navigate to your vault > Backup Alerts under Monitoring. The legacy alert experience shows recent alerts per category. For new deployments, use the Azure Monitor-based alerting experience, which provides more flexibility.

In the Azure Monitor-integrated experience (available in vaults created after 2021), navigate to Recovery Services vault > Properties > Monitor Settings > Alerts. Enable alerting for the scenarios you need. Configure the "Configure notifications" option to send alert emails to recipients.

For Action Group integration (Slack, Teams, webhook, ITSM), configure alerts via Azure Monitor:

  1. Navigate to Monitor > Alerts > Alert rules > Create
  2. Set the scope to the Recovery Services vault
  3. Select the signal: Azure Backup Job Failed from the vault's signal list
  4. Set the condition: Status = Failed
  5. Set the action group: the Action Group containing your Slack webhook or Teams connector
  6. Set the severity: use Sev1 for backup failures in production

Create separate alert rules for each condition type: job failures, job warnings, and protection-stopped events.

Method 2: Log Analytics query-based alerts

For more sophisticated alerting (e.g., alert if a VM has not had a successful backup in 25 hours, rather than just alerting on individual job failures), route backup diagnostic data to Log Analytics and create scheduled query alerts.

Enable diagnostic settings on the Recovery Services vault: Vault > Diagnostic settings > Add diagnostic setting. Enable the AddonAzureBackupJobs and AddonAzureBackupAlerts log categories and route to your Log Analytics workspace.

Once data is flowing, create a scheduled query alert rule in Azure Monitor:

Alert: No successful backup in 25 hours

AddonAzureBackupJobs
| where TimeGenerated > ago(25h)
| where JobStatus == "Completed"
| summarize SuccessfulJobs = count() by BackupItemUniqueId
| where SuccessfulJobs == 0
// Also check: items with no jobs at all in the window

Alert: Backup failures in the last hour

AddonAzureBackupJobs
| where TimeGenerated > ago(1h)
| where JobStatus == "Failed"
| summarize Failures = count(), 
            Items = make_set(BackupItemFriendlyName),
            Errors = make_set(ErrorTitle)
  by VaultName
| where Failures > 0

Schedule these queries to run every 30 minutes. Set the threshold to fire when the query returns any results. Route to an Action Group that posts to your on-call channel.

The Log Analytics approach is more flexible than built-in alerts: you can alert on compound conditions, filter by specific resource groups or VM tags, and customise the notification content.

Method 3: Azure Backup Reports (for trend visibility)

Individual job failure alerts handle the operational response. Azure Backup Reports in Azure Monitor Workbooks provide the trend visibility that catches systematic issues: a backup policy whose retention is misconfigured, a vault where job failures are increasing week-on-week, or protected items that have been failing intermittently for months.

Enable Backup Reports by routing backup diagnostic data to Log Analytics (same diagnostic settings as above, plus the CoreAzureBackup category). Navigate to Recovery Services vault > Backup Reports.

The Backup Reports workbook provides: - Job success rate by vault and policy - Recovery point health by protected item - Storage consumption trends - Backup instances with no successful jobs in a defined window

Review Backup Reports weekly as part of backup health governance, separately from operational incident alerts. Monthly trends in this report are the early warning system for systematic backup issues.

Alert routing for regulated businesses

For FCA, PCI DSS, and DORA regulated businesses, backup failure alerting must be treated as an operational resilience control. Document the alerting configuration, test it regularly, and ensure the alert routing reaches an accountable owner who acts on the alert.

Compliance evidence for backup monitoring typically requires: - Documentation of what is monitored and what thresholds trigger alerts - Records of alert events and the responses taken - Evidence of tested recovery from the backup data

The alerting configuration is the control; the evidence of it functioning is what satisfies the audit question.

Testing backup alerts

Configure at least one alert and then trigger it intentionally in a non-production vault. Stop backup protection on a test item, or force a manual backup job failure (by temporarily misconfiguring the target storage account). Confirm the alert fires, reaches the intended recipients, and contains enough information to act on.

An alert configuration that has never been tested is a paper control. Test quarterly and after any changes to the alert routing configuration.

Where Critical Cloud comes in

Backup monitoring is the discipline that means backup failures get fixed within hours, not discovered weeks later when a recovery is needed. We configure and operate backup alerting for regulated and technology-led businesses as part of the managed service, with backup job health monitored continuously alongside the rest of the Azure estate. As the world's first Powered by Datadog accredited partner, we surface backup job status and recovery point age in the same operational view as infrastructure and application health. See how Critical Support works.