Secure Azure App Service Backup

MS Techie 2,681 Reputation points

What are the ways in which we can secure the Azure App Service Backup, like from ransomware attack .

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,994 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. SnehaAgrawal-MSFT 18,621 Reputation points

    Thanks for asking question and reaching here! The Backup and Restore feature in App Service lets you easily create app backups manually or on a schedule. You can configure the backups to be retained up to an indefinite amount of time. You can restore the app to a snapshot of a previous state by overwriting the existing app or restoring to another app.

    You might be aware that App Service can back up the following information to an Azure storage account and container, which you have configured your app to use:
    • App configuration
    • File content
    • Database connected to your app

    For security ensure that regular and automated back-ups are occurring at a frequency as defined by your organizational policies.

    Understand Azure App Service backup capability
    Customer-managed keys for Azure Storage encryption

    Check this link:

    Further to elaborate on this, Microsoft Defender for Cloud provides you the tools to detect and block ransomware, advanced malware and threats for your resources. Keeping your resources safe is a joint effort between your cloud provider, Azure, and you, the customer.

    You have to make sure your workloads are secure as you move to the cloud, and at the same time, when you move to IaaS (infrastructure as a service) there is more customer responsibility than there was in PaaS (platform as a service), and SaaS (software as a service).

    Check this document on Implement general PaaS security best practices recommendations

    Best practices for securing PaaS web and mobile applications using Azure Storage

    Ransomware details

    Let us know if further query or issue remains.

  2. SnehaAgrawal-MSFT 18,621 Reputation points

    Sure, As per your query on where it is stored: App Service back-up is stored on Azure Storage and you need an Azure storage account and container in the same subscription as the app that you want to back up.

    For more information on Azure storage accounts, see Azure storage account overview.

    Since it's on Azure Storage to great extent it's secured to elaborate on this:

    Azure Storage provides encryption at rest -Use system-provided keys or your own, customer-managed keys. This is where your application data is stored when it is not running in a web app in Azure.

    Data in Azure Storage is encrypted and decrypted transparently using 256-bit AES encryption, one of the strongest block ciphers available, and is FIPS 140-2 compliant. Azure Storage encryption is similar to BitLocker encryption on Windows.

    Azure Storage encryption is enabled for all storage accounts, including both Resource Manager and classic storage accounts. Azure Storage encryption cannot be disabled. Because your data is secured by default, you don't need to modify your code or applications to take advantage of Azure Storage encryption.

    Check this complete details mentioned as App service security baseline data-recovery

    Also, for additional security maybe Firewall and private endpoint supported storage account - will help. But as mentioned here it's not supported at this time.

    Further you may want to know that Recovery Services vaults is used to hold backup data for Azure services such as IaaS VMs (Linux or Windows) and Azure SQL databases.

    Let us know if further query.

    0 comments No comments