oncerns about security issues, like malware, ransomware, and intrusion, are increasing. These security issues can be costly, in terms of both money and data. To guard against such attacks, Azure Backup now provides security features to help protect hybrid backups.
oncerns about security issues, like malware, ransomware, and intrusion, are increasing. These security issues can be costly, in terms of both money and data. To guard against such attacks, Azure Backup now provides security features to help protect hybrid backups.
oncerns about security issues, like malware, ransomware, and intrusion, are increasing. These security issues can be costly, in terms of both money and data. To guard against such attacks, Azure Backup now provides security features to help protect hybrid backups.
https://docs.microsoft.com/en-us/azure/backup/backup-azure-security- feature#prevent-attacks Create the Recovery Services Vault Note several Security Settings cannot be changed once enabled Create a Backup Policy for Domain Controllers
From the documentation – these settings were created when
the added security policy was selected. Associate the VM with the Backup Policy Review the protected Domain Controller Restoring to a separate network is fast and straight forward. Conducting attack forensics to excise the compromised accounts can begin quickly. Azure Storage Ransomware Defense Immutable Blob Containers https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage Create the Storage Account and Blob Container Set the Access Policy Add an Immutable Policy with Time Based Retention The Policy must be locked to become enforced Once the Policy is Locked the data cannot be changed or deleted until the time interval is reached Container or Storage Account Deletion attempts will fail until time retention period is reached and the objects in the container are removed – even with elevated administrator credentials Sensible Retention Policy Settings
• 90 days should be adequate to defend against attacks
• A much longer interval can be set if desired • Likely a different RPO Recovery Point Objective than regular backups • An Example: • Create Storage Account(s) with 90-day retention policy containers • Place a copy of weekly backup files in containers • Domain Controllers – File Servers – Data Servers – App Servers – etc. • Age the storage for a quarter and delete the old data & containers quarterly • Adjust for longer RPO if there is discomfort in 90-day policy • Integration with third party backup solutions such as Commvault http://documentation.commvault.com/commvault/v11/article?p=9251.htm http://documentation.commvault.com/commvault/v11/article?p=9236.htm Tony DeVolk – Architect Microsoft State & Local Government