Share via

Threat detection in Azure Backup architecture

Azure検証ユーザー 80 Reputation points
2025-12-26T00:37:35.8233333+00:00

I apologize if this was difficult to understand, as it was translated from Japanese.

Please explain the architecture of the feature described in the following link: https://learn.microsoft.com/en-us/azure/backup/threat-detection-overview

I am also planning to create an architecture diagram, so if there is a link that contains an architecture diagram, please share it with me. If no such diagram exists, I would appreciate it if you could create a simple architecture diagram for me. The restore will be performed using the link below.
https://learn.microsoft.com/ja-jp/azure/backup/backup-azure-arm-restore-vms#create-a-vm

Azure Backup
Azure Backup
An Azure backup service that provides built-in management at scale.
0 comments
Answer accepted by question author
  1. Suchitra Suregaunkar 5,820 Reputation points Microsoft External Staff Moderator
    2025-12-26T06:27:54.5133333+00:00

    Hello Azure検証ユーザー

    Thank you for posting your query on Microsoft Q&A platform.

    Azure Backup supports Threat Detection for Azure virtual machines by integrating with Microsoft Defender for Cloud (Defender for Servers). This integration helps users to identify potentially compromised restore points during a VM recovery scenario.

    Architectural behavior:

    1. Threat detection is performed on the source VM, not on the backup data
      • Microsoft Defender for Servers continuously monitors the protected VM for threats such as ransomware and suspicious activity.
      • Azure Backup does not scan backup data and does not run malware scans on restore points.
    2. Security signals are shared with Azure Backup
      • Azure Backup queries Defender for Cloud for security signals related to the VM at the time backup snapshots are taken.
      • These signals reflect the security health of the VM at backup time, based on Defender observations.
    3. Restore points are tagged, not modified
      • Azure Backup associates Defender threat signals as metadata with each restore point.
      • Restore points are marked as:
      • Healthy
      • Potentially compromised
      • The backup data itself remains unchanged.
    4. Backup storage remains Microsoft‑managed
      • Restore points are stored in Microsoft‑managed Blob Storage behind the Recovery Services vault.
      • Customers do not have direct access to this storage and cannot run scans on it.
    5. Restore uses the standard Azure Backup VM restore workflow

    Important points to know:

    1. Azure Backup does not perform antivirus or malware scans on backups
    2. Backup data is not inspected during restore
    3. Threat indicators come only from Defender for Servers on the source VM
    4. Azure Backup tags restore points using Defender signals so customers can make informed restore decisions

    If you have any other questions, please do let us know.

    Thanks,

    Suchitra.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-12-26T00:37:43.12+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The architecture of threat detection in Azure Backup is designed to enhance the security of backup data. It incorporates various components and practices to identify and respond to potential threats effectively. While specific architecture diagrams are not provided in the context, the general features of Azure Backup include:

    1. Independent and Isolated Backups: Azure Backup provides a secure backup solution that is independent of the primary data source, ensuring that backups are isolated from potential threats affecting the original data.
    2. Integration with Security Services: Azure Backup can work in conjunction with other Azure security services, such as Microsoft Defender for Cloud, to provide advanced threat protection and monitoring capabilities.
    3. Monitoring and Alerts: The architecture includes monitoring tools that can detect suspicious activities and generate alerts for any anomalies in backup operations.
    4. Data Encryption: Data is encrypted both at rest and in transit, adding an additional layer of security against unauthorized access.

    For creating an architecture diagram, you may consider illustrating these components and their interactions, focusing on how Azure Backup integrates with security services and monitoring tools to provide a comprehensive threat detection framework.

    References:

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.