Azure Backup Security Features

08 Aug Azure Backup Security Features

Concerns about security problems, like malware, ransomware, and intrusion, are increasing. These security problems can be expensive, in terms of both cash and data. To shield towards such attacks, Azure Backup now offers security capabilities to help protect hybrid backups. 

Prevention. A further layer of authentication is introduced every time a crucial operation like changing a passphrase is done. This validation is to ensure that such operations may be perform best by using users who have valid Azure credentials.

Alerting. An email notification is sent to the subscription admin every time a crucial operation like deleting backup data is performed. This email guarantees that the user is notified quickly about such actions.

Recovery. Deleted backup information is retained for an additional 14 days from the date of the deletion. This ensures recoverability of the data within a given time period, so there is no data loss even supposing an attack happens. additionally, an extra number of minimum recovery points are maintained to guard against corrupt data.

Enable security features

In case you are creating a recovery services vault, you may use all the security features. If you are working with an existing vault, enable security features by following these steps:

  • Sign in to the Azure portal by using your Azure credentials.
  • Select Browse, and type Recovery Services.

azure backup security 1

  • From this list, pick out a vault. the selected vault dashboard opens.
  • From the list of items that appears under the vault, under Settings, click Properties.

azure backpu security feature - 2

  • Under Security Settings, click Update.

ABSF - 3

  • The update link opens the Security Settings blade, which provides a summary of the features and lets you enable them.
  • From the drop-down list, ‘have you ever configured Azure Multi-Factor Authentication?’ select out a value to confirm if you have enabled Azure Multi-element Authentication. If it is enabled, you’re requested to authenticate from some other device (for example, a mobile phone) while signing in to the Azure portal.
  • when you perform crucial operations in Backup, you have to enter a security PIN, on the Azure portal. Enabling Azure Multi-Factor Authentication provides a layer of security. Only authorized users with valid Azure credentials, and authenticated from a device, can access the Azure portal.
  • when you perform crucial operations in Backup, you have to enter a security PIN, on the Azure portal. Enabling Azure Multi-Factor Authentication provides a layer of security. Only authorized users with valid Azure credentials, and authenticated from a device, can access the Azure portal.
  • To save security settings, select Enable and click Save. you can select Enable only after you select a value from the ‘Have you configured Azure Multi-Factor Authentication?’ list in the preceding step.


Recover deleted backup data

Backup retains deleted backup data for a further 14 days, and does not delete it straight away if the Stop backup with delete backup data operation is performed. To restore this data inside the 14-day duration, take the following steps, depending on what you’re using:

For Azure Recovery services agent users:

If the machine where backups had been going on is still available, use Recover data to the same machine in Azure Recovery services, to recover from all the old recovery points.

If this machine isn’t always available, use Recover to an alternate machine to use any other Azure Recovery services machine to get this data.

For Azure Backup Server users:

If the server where backups were backups were happening is still available, re-protect the deleted data sources, and use the Recover Data feature to recover from all the old recovery points.

If this server isn’t available, use Recover data from another Azure Backup Server to new Azure Backup Server instance to get this data.

For Data Protection Manager users:

If the server in which backups were taking place is still available, re-protect the deleted data sources, and use the Recover Data feature to recover from all the old recovery points.

If this server isn’t available, use add External DPM to use another Data Protection Manager server to get this data.

Prevent attacks

Checks have been added to make sure only valid users can perform various operations. These include adding an extra layer of authentication, and maintaining a minimum retention range for recovery purposes.

Authentication to perform crucial operations
As a part of including an additional layer of authentication for crucial operations, you are prompted to enter a security PIN when you perform Stop protection with Delete data and change Passphrase operations.

To obtain this PIN:

  • Sign in to the Azure portal.
  • Browse to Recovery Services vault > Settings > Properties.
  • Under Security PIN, click Generate. This opens a blade that contains the PIN to be entered inside the Azure Recovery Services agent user interface. This PIN is valid for only five minutes, and it gets generated automatically after that period.

Maintain a minimum retention range

To make sure that there are always a valid number of recovery points available, the following checks have been added:

  • For every day retention, at least seven days of retention should be done.
  • For weekly retention, at the least four weeks of retention should be done.
  • For monthly retention, at least three months of retention should be done.
  • For every year retention, at least one year of retention should be done.

Notifications for essential operations

normally, when a critical operation is performed, the subscription admin is sent an email notification with information about the operation. you could configure additional email recipients for these notifications by way of the usage of the Azure portal.

The safety features mentioned in this article offer defence mechanisms against targeted attacks. More importantly, if an attack occurs, those features give you the capability to recover your data.


Call an Expert Book a Demo
Nikhil Verma
No Comments

Post A Comment