Hello @MS Techie ,
Thank you for reaching out to the Microsoft Q&A platform. Happy to answer your question.
The backup data is stored in Azure storage and the guest or attacker has no direct access to backup storage or its contents. With virtual machine backup, the backup snapshot creation and storage is done by Azure fabric where the guest or attacker has no involvement other than quiescing the workload for application consistent backups. With SQL and SAP HANA, the backup extension gets temporary access to write to specific blobs. In this way, even in a compromised environment, existing backups can't be tampered with or deleted by the attacker.
Azure Backup provides built-in monitoring and alerting capabilities to view and configure actions for events related to Azure Backup. Backup Reports serve as a one-stop destination for tracking usage, auditing of backups and restores, and identifying key trends at different levels of granularity. Using Azure Backup's monitoring and reporting tools can alert you to any unauthorized, suspicious, or malicious activity as soon as they occur.
Checks have been added to make sure only valid users can perform various operations. These include adding an extra layer of authentication. As part of adding an extra layer of authentication for critical operations, you're prompted to enter a security PIN before modifying online backups.
Learn more about the security features built into Azure Backup. Overview of Security Features in Azure Backup
For more details, please review the following document
ransomware-protection-with-azure-firewall
backup-plan-to-protect-against-ransomware
Please "Accept as Answer" and Upvote if any of the above helped to help others in the community looking for remediation for similar issues.