Encryption

How to change backup encryption passphrase on Azure

If you lost your Azure backup encryption passphrase, or you need to update this information, you can use these steps to get a new key.

Change encryption passphrase for Azure backup

On Windows 10, if you’re using Microsoft Azure to backup your files in the cloud, during the setup process you must also create a passphrase to encrypt and decrypt data leaving your device.

If you’re recovering the data from the original device, it’s not necessary to use a passphrase, but it’s a requirement to restore the data when using a different computer or server.

Although Microsoft doesn’t store your passphrase for security and privacy reasons, if you lost this information, it’s still possible to ensure that you can recover your data by changing the existing configuration.

In this guide, you’ll learn the steps to change the passphrase that Microsoft Azure uses to encrypt and decrypt your data stored in the cloud.

How to change encryption passphrase for Azure backup

To change the current passphrase to encrypt and decrypt your Azure backup in the cloud, use these steps:

Important: You can follow these steps only when you still have access to the computer or server. If you lost the passphrase, and you can’t access your backup data, it’s not possible to recover the decryption passphrase.
  1. Open Start.

  2. Search for Microsoft Azure Backup and click the top result to open the console.

  3. Click the “Actions” menu and select the Change properties option.

    Microsoft Azure backup console, Action menu
    Microsoft Azure backup console, Action menu
  4. Click the Encryption tab.

  5. Check the Change Passphrase option.

  6. Click the Generate Passphrase button. (Or create a custom decryption key of your own.)

    Change Azure backup encryption key
    Change Azure backup encryption key
  7. Click the Browse button.

  8. Select a folder to save the new passphrase.

  9. Click the OK button.

  10. Open the Azure portal on your web browser.

  11. Click on All services on the left pane.

  12. Search for Recovery Services vaults and click the top result.

    Azure portal service search
    Azure portal service search
  13. Click on the vault that contains the backup.

  14. Under the “Settings” section, on the left pane, click on Properties.

  15. Under the “Backup” section, use the option to generate a new “Security PIN.”

    Azure backup generate security PIN
    Azure backup generate security PIN
  16. Copy the security PIN.

  17. Paste the security PIN into the prompt of the Azure backup console on your device.

    Azure backup console security PIN
    Azure backup console security PIN
  18. Click the OK button.

  19. Click the OK button again.

Once you complete the steps, the Azure backup console will update the settings on your device and cloud. Just remember that Microsoft doesn’t store your encryption passphrase. If you lose it, you may not be able to recover your data, as such make sure to save the file with the new information in a save place.

While this guide focuses on Windows 10, you can also use these instructions on Windows Server 2019, Windows Server 2016, 2012, and even 2008.

To use Microsoft Azure services, you’ll need a subscription, but if you don’t want to commit, there’s a pay-as-go option and you only get charged for the resources you use with no termination fees or up-front cost.

Also, if you’re a Microsoft MVP, remember that you get free credits to use Azure services, including for backup and restore devices and data.