Share via

Security in Azure Files

Vannesa Alvarado 85 Reputation points
2025-11-18T16:25:23.74+00:00

Hello!

I ask for your help once again, this time is for Security in Azure Files.

I'm currently using Azure File Sync and Azure Files, also have Azure Backup for Files, but I'm worried that if my local file server is corrupted (because of a ransomware attack), my data in Azure Files can also be corrupted because of the sync (so azure backup for Files can be corrupted as well?). I was thinking of maybe using Azure Backup to directly backup my onpremise file server in Azure, but if it's the same scenario (corrupted data onpremise), my Azure Backup will also be corrupted?

I would like to know if it's just as I described or is there another way to protect my data in Azure Files and Azure Backup, considering I'm using Azure File Sync to synchronize with my onpremise file server, thank you!

Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
0 comments
Answer accepted by question author
  1. Venkatesan S 925 Reputation points Microsoft External Staff Moderator
    2025-11-18T18:58:06.4266667+00:00

    Hi Vannesa Alvarado,

    Thanks for reaching out, Microsoft Q&A,

    With Azure File Sync, ransomware on the on-premises server can propagate to the Azure Files share. However, your Azure File Share snapshots and Azure Backup recovery points remain protected and cannot be overwritten by ransomware. This is because:

    • Backups are stored in an isolated Recovery Services vault with built-in immutability
    • Previous recovery points are preserved even if the live share becomes encrypted or corrupted
    • Soft delete, backup immutability, and multi-user authorization (MUA) help prevent accidental or malicious deletion of backups.

    Reference:

    1 person found this answer helpful.
    0 comments
Answer accepted by question author
  1. Jose Benjamin Solis Nolasco 6,256 Reputation points
    2025-11-18T18:10:50.0333333+00:00

    @Vannesa Alvarado If your on-premises file server is encrypted or corrupted by ransomware, the Azure File Sync agent will see those corrupted files as "changes" and immediately synchronize them to your Azure File Share (Cloud Endpoint). This will, in turn, corrupt the live data in Azure Files.

    However, the native backup solutions built into Azure provide the necessary protection to break this synchronization chain and ensure recovery.

    Watch this video this would clarify what you are looking for https://www.youtube.com/watch?v=TOHaNJpAOfc

    User's image

    The key difference lies in how Azure Backup works for Azure File Shares. Azure Backup uses read-only snapshots and the Recovery Services Vault architecture to protect against ransomware.

    Component Ransomware Risk Protection Mechanism
    Azure File Sync High. Corrupted files on-premises sync to the cloud. None (it's a sync tool).
    Azure File Sync High. Corrupted files on-premises sync to the cloud. None (it's a sync tool).
    Azure Files (Data) High. The live data is corrupted by the sync. Read-Only Snapshots (taken by Azure Backup).
    Azure Backup Snapshots Low. Snapshots are read-only and cannot be encrypted by ransomware or by the sync agent. Snapshots are immutable. They are point-in-time copies that the ransomware cannot modify or delete, even if it compromises the sync agent or the storage account access key.
    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.