Share via

Setting Immutability on an RSV and Microsoft's claim or protection

Rob McNees 281 Reputation points
2024-08-01T14:47:39.8566667+00:00

With reference to establishing immutability for recovery vaults as per the documentation found here: https://learn.microsoft.com/en-us/azure/backup/backup-azure-immutable-vault-concept?tabs=recovery-services-vault, it is noted that “However, in certain situations, you might want to render the backup data immutable to prevent operations that could allow bad actors to eliminate backups.” Is it accurate to interpret this as meaning that while immutability is active on RSV, malicious actors cannot delete the backups as well as encrypt over the backups during the backup policy period? 

Azure Backup
Azure Backup
An Azure backup service that provides built-in management at scale.
1,398 questions
0 comments
Accepted answer
  1. SadiqhAhmed-MSFT 48,456 Reputation points Microsoft Employee
    2024-08-02T04:40:51.07+00:00

    @Rob McNees Greetings!

    Yes, your interpretation is correct. When immutability is enabled on a Recovery Services Vault (RSV), it prevents certain operations that could compromise the backups. According to the documentation, once a vault is configured to be immutable, operations that could result in the loss of backups, such as deleting data or reducing retention, are disallowed. This means that during the backup policy period, malicious actors cannot delete the backups or encrypt over them, thus ensuring the integrity and immutability of the backup data. It's a protective measure to safeguard against ransomware and malicious insider attacks.

    Hope this answers your question. Please write back to us if you have any further questions.

    If the response helped, do "Accept Answer" and up-vote it

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.