Share via

Ensuring Secure Backup and Restore for Azure Virtual Machine

Adam G 40 Reputation points
2025-11-25T05:26:21.07+00:00
  1. What are the best practices to protect Azure VM Backup and Restore from ransomware attacks?
  2. Are there built-in features that provide alerts or detection of ransomware activities for Azure VM backups?
Azure Backup
Azure Backup
An Azure backup service that provides built-in management at scale.
0 comments
Answer accepted by question author
  1. Naveena Patlolla 7,500 Reputation points Microsoft External Staff Moderator
    2025-11-25T05:35:39.9933333+00:00

    Hi Adam G

    Backup data is stored in Azure Storage, where neither guests nor attackers have direct access to the backup storage or its contents. For virtual machine backups, snapshot creation and storage are handled entirely by the Azure fabric, with the guest’s only role being workload quiescing for application-consistent backups. For SQL and SAP HANA, the backup extension receives temporary, limited access to write to specific blobs. As a result, even in a compromised environment, existing backups cannot be altered or deleted by an attacker.

    Azure Backup also includes built-in monitoring and alerting features that allow you to track events, configure automated responses, and detect unauthorized, suspicious, or malicious activities in real time. Backup Reports provide a unified view for analyzing usage, auditing backup and restore operations, and identifying trends at various levels of detail.

    Additional validation checks ensure that only authorized users can perform sensitive actions. Critical operations require an extra layer of authentication, prompting users to enter a security PIN before https://learn.microsoft.com/en-us/azure/backup/backup-azure-security-feature#prevent-attacks

    For more details, please review the following document

    ransomware-protection-with-azure-firewall

    backup-plan-to-protect-against-ransomware

    Please let me know if you face any challenge here, I can help you to resolve this issue further

    Provide your valuable Comments.

    Please do not forget to "Accept the answer” and “upvote it” wherever the information provided helps you, this can be beneficial to other community members.it would be greatly appreciated and helpful to others.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-11-25T05:26:30.28+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more
    1. To protect Azure VM Backup and Restore from ransomware attacks, the following best practices are recommended:
    • Immutable Backups: Utilize Azure Backup's immutable features, which prevent deletion or modification of backup data for a specified retention period.
    • Soft Delete: Enable soft delete for Azure Backup, which allows you to recover deleted backup data within a retention period.
    • Multi-Factor Authentication (MFA): Implement MFA for critical operations to add an extra layer of security.
    • Just-In-Time Access: Use Just-In-Time access on Resource Guard with Privileged Identity Management to limit access to backup resources.
    • Alerts and Notifications: Set up alerts and notifications for critical backup operations to ensure timely responses to any issues.
    • Secure Network Connectivity: Ensure that network connectivity between backup services and workloads is secure, using private connections where possible.
    1. Yes, Azure Backup has built-in features that provide alerts and detection of ransomware activities for Azure VM backups. It integrates with Microsoft Defender for Cloud to offer advanced threat detection, which proactively identifies compromised restore points and validates snapshot health. This integration helps in quickly locating clean restore points during a ransomware attack, enhancing recovery confidence.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.