Blob Daily Backup Snapshot and Verify
Each night the flow enumerates a critical Blob container, server-side copies every blob into a dated folder on a separate backup account, records an integrity manifest with ETags, reads back a sample to prove retrievability, and reports success/failure to Teams and email. Provides verifiable, scheduled backups for Blob data.
Provided as-is, without warranty of any kind. Review and test each pattern in a non-production environment before deploying it to live automations. See our Terms.
Overview
This flow delivers verifiable, scheduled backups for Azure Blob Storage. Each night it enumerates a critical source container, server-side copies every blob into a dated folder on a separate backup account, records an integrity manifest (per-blob ETag), reads back a sample blob to prove the copy is retrievable, and reports success or failure to a Teams channel and by email.
Why it matters: storage replication is not a backup against accidental deletion or corruption. A dated, immutable snapshot plus an integrity manifest and an active restore-verify step give true, auditable recoverability. The flow treats an empty backup as a failure so a silent zero-blob run is never mistaken for a healthy backup.
Ships Off (Stopped).
Use Case
IT/Operations want nightly, verified backups of important blob data with proof of integrity and a clear pass/fail signal each morning.
Flow Architecture
Nightly Backup Window
RecurrenceRuns in the low-activity window (01:00 UTC).
Initialize Trace, Config & Accumulators
Initialize variableMints a correlation id; binds source/backup accounts + containers, critical-containers list, verify sample percent, Teams ids, report recipient; computes the yyyy-MM-dd dated folder; seeds the manifest array and backup counter.
List Source Blobs
Azure Blob - ListFolder_V4Enumerates the real source blobs (no fixtures).
For Each Critical Blob
Apply to eachServer-side copies each blob to the backup account/dated folder (overwrite, idempotent), appends a manifest entry (name, size, last-modified, ETag integrity token, backup path, correlation id), and increments the backup counter.
Compose Manifest + Branch
Compose + ConditionMaterializes the manifest and branches on backupCount > 0.
Verify + Report (success)
Azure Blob GetFileMetadataByPath_V2 + Teams + OutlookReads back a sample backed-up blob to prove retrievability, posts a success summary to Teams, and emails the report + full manifest.
Alert (empty backup = failure)
Teams + OutlookPosts a zero-source-blob alert and sends a high-importance failure email.
Environment Variables
| Schema name | Type | Default | Description |
|---|---|---|---|
| flowlibs_SourceStorageAccount | String | criticaldatastore | Source account holding the critical containers. |
| flowlibs_BackupAccount | String | backupvaultstore | Backup storage account that receives the copies. |
| flowlibs_SourceContainer | String | /critical-data | Source container/folder path enumerated each night. |
| flowlibs_BackupContainer | String | /nightly-backups | Destination container/folder path. |
| flowlibs_CriticalContainers | String | critical-data,app-config,audit-logs | Full critical scope (documentation/expansion). |
| flowlibs_VerifySamplePct | String | 5 | Target percent of blobs to sample for restore-verify. |
| flowlibs_BackupReportRecipient | String | itadmin@yourcompany.com | Email recipient for the nightly report. |
| flowlibs_AdminTeamsGroupId | String | <your-team-id> | Teams team (group) id for the status post. |
| flowlibs_AdminTeamsChannelId | String | <your-channel-id> | Teams channel id for the status post. |
Connectors & Connections
| Connector | API name | Actions used |
|---|---|---|
| Azure Blob Storage | shared_azureblob | ListFolder_V4 CopyFile_V2 GetFileMetadataByPath_V2 |
| Microsoft Teams | shared_teams | PostMessageToConversation |
| Office 365 Outlook | shared_office365 | SendEmailV2 |
Note — All connections are referenced as solution connection references; the flow is portable between environments as long as a connection is mapped at import time.
Customization Guide
Almost every realistic variant of this flow can be implemented by changing environment variable values. A few cases require small edits inside the flow definition — those are called out explicitly below.
- Multi-container scope
- Expand the loop to split the critical-containers list and list/copy each container instead of the single source container.
- Incremental backups
- Before copying, compare each blob's ETag/last-modified to the previous run's manifest and skip unchanged blobs.
- Real sample restore
- Raise the verify step from metadata to a content read and sample N blobs where N = ceil(count x VerifySamplePct / 100) rather than the first blob.
- Cross-region / cross-account
- Point the backup account at a different region; enable immutability/legal-hold on the backup container.
- Retention pruning
- Add a scheduled cleanup that deletes dated backup folders older than the retention window.
Key Expressions
The flow is intentionally light on Power Fx / WDL gymnastics — the heaviest expressions are the branch-name concatenation and the approval outcome check. They are listed below in the order they appear in the flow.
EXPR.01Dated backup folder
The night's dated sub-folder.
EXPR.02Backup path
Copy destination and manifest path.
EXPR.03Integrity token (per blob)
Recorded in the manifest for integrity.
EXPR.04Success branch test
Empty backup is treated as a failure.
Comments
Sign in to join the conversation.
Sign inNo comments yet. Be the first to share your experience with this flow.