What's new in Azure Backup

Azure Backup is constantly improving and releasing new features that enhance the protection of your data in Azure. These new features expand your data protection to new workload types, enhance security, and improve the availability of your backup data. They also add new management, monitoring, and automation capabilities.

You can learn more about the new releases by bookmarking this page or by subscribing to updates here.

Updates summary

Multi-user authorization using Resource Guard for Backup vault (in preview)

Azure Backup now supports multi-user authorization (MUA) that allows you to add an additional layer of protection to critical operations on your Backup vaults. For MUA, Azure Backup uses the Azure resource, Resource Guard, to ensure critical operations are performed only with applicable authorization.

For more information, see MUA for Backup vault.

Enhanced soft delete for Azure Backup (preview)

Enhanced soft delete provides improvements to the existing soft delete feature. With enhanced soft delete, you can now make soft delete irreversible to prevent malicious actors from disabling it and deleting backups.

You can also customize soft delete retention period (for which soft deleted data must be retained). Enhanced soft delete is available for Recovery Services vaults and Backup vaults.

For more information, see Enhanced soft delete for Azure Backup.

Immutable vault for Azure Backup (in preview)

Azure Backup now supports immutable vaults that help you ensure that recovery points once created can't be deleted before their expiry as per the backup policy (expiry at the time at which the recovery point was created). You can also choose to make the immutability irreversible to offer maximum protection to your backup data, thus helping you protect your data better against various threats, including ransomware attacks and malicious actors.

For more information, see the concept of Immutable vault for Azure Backup (preview).

SAP HANA instance snapshot backup support (preview)

Azure Backup now supports SAP HANA instance snapshot backup that provides a cost-effective backup solution using Managed disk incremental snapshots. Because instant backup uses snapshot, the effect on the database is minimum.

You can now take an instant snapshot of the entire HANA instance and backup logs for all databases, with a single solution. It also enables you to instantly restore the entire instance with point-in-time recovery using logs over the snapshot.

For more information, see Back up databases' instance snapshots (preview).

SAP HANA System Replication database backup support (preview)

Azure Backup now supports backup of HANA database with HANA System Replication. Now, the log backups from the new primary node are accepted immediately; thus provides continuous database automatic protection,

This eliminates the need of manual intervention to continue backups on the new primary node during a failover. With the elimination of the need to trigger full backups for every failover, you can save costs and reduce time for continue protection

For more information, see Back up a HANA system with replication enabled (preview).

Built-in Azure Monitor alerting for Azure Backup is now generally available

Azure Backup now offers a new and improved alerting solution via Azure Monitor. This solution provides multiple benefits, such as:

  • Ability to configure notifications to a wide range of notification channels.
  • Ability to select specific scenarios to get notified.
  • Ability to manage alerts and notifications programmatically.
  • Ability to have a consistent alert management experience for multiple Azure services, including Azure Backup.

If you're currently using the classic alerts solution, we recommend you to switch to Azure Monitor alerts. Now, Azure Backup provides a guided experience via Backup center that allows you to switch to built-in Azure Monitor alerts and notifications with a few clicks.

For more information, see Switch to Azure Monitor based alerts for Azure Backup.

Multi-user authorization using Resource Guard for Recovery Services vault is now generally available

Azure Backup now supports multi-user authorization (MUA) that allows you to add an additional layer of protection to critical operations on your Recovery Services vaults. For MUA, Azure Backup uses the Azure resource, Resource Guard, to ensure critical operations are performed only with applicable authorization.

For more information, see how to protect Recovery Services vault and manage critical operations with MUA.

Archive tier support for Azure Virtual Machines is now generally available

Azure Backup now supports the movement of recovery points to the Vault-archive tier for Azure Virtual Machines from the Azure portal. This allows you to move the archivable/recommended recovery points (corresponding to a backup item) to the Vault-archive tier at one go.

Azure Backup also supports Vault-archive tier for SQL Server in Azure VM and SAP HANA in Azure VM. The support has been extended via Azure portal.

For more information, see Archive tier support in Azure Backup.

Multiple backups per day for Azure Files is now generally available

Low RPO (Recovery Point Objective) is a key requirement for Azure Files that contains the frequently updated, business-critical data. To ensure minimal data loss if a disaster or unwanted changes to file share content, you may prefer to take backups more frequently than once a day.

Using Azure Backup, you can create a backup policy or modify an existing backup policy to take multiple snapshots in a day. This capability allows you to define the duration in which your backup jobs will run. Therefore, you can align your backup schedule with the working hours when there are frequent updates to Azure Files content. With this release, you can also configure policy for multiple backups per day using Azure PowerShell and Azure CLI.

For more information, see how to configure multiple backups per day via backup policy.

Back up Azure Database for PostgreSQL is now generally available

Azure Backup and Azure Database services together help you to build an enterprise-class backup solution for Azure PostgreSQL (is now generally available). You can meet your data protection and compliance needs with a customer-controlled backup policy that enables retention of backups for up to 10 years.

With this, you've granular control to manage the backup and restore operations at the individual database level. Likewise, you can restore across PostgreSQL versions or to blob storage with ease. Besides using the Azure portal to perform the PostgreSQL database protection operations, you can also use the PowerShell, CLI, and REST API clients.

For more information, see Azure Database for PostgreSQL backup.

Archive Tier support for SQL Server/ SAP HANA in Azure VM from Azure portal

Azure Backup now supports the movement of recovery points to the Vault-archive tier for SQL Server and SAP HANA in Azure Virtual Machines from the Azure portal. This allows you to move the archivable recovery points corresponding to a particular database to the Vault-archive tier at one go.

Also, the support is extended via Azure CLI for the above workloads, along with Azure Virtual Machines (in preview).

For more information, see Archive Tier support in Azure Backup.

Multi-user authorization using Resource Guard for Recovery Services vault (in preview)

Azure Backup now supports multi-user authorization (MUA) that allows you to add an additional layer of protection to critical operations on your Recovery Services vaults. For MUA, Azure Backup uses the Azure resource, Resource Guard, to ensure critical operations are performed only with applicable authorization.

For more information, see how to protect Recovery Services vault and manage critical operations with MUA.

Multiple backups per day for Azure Files (in preview)

Low RPO (Recovery Point Objective) is a key requirement for Azure Files that contains the frequently updated, business-critical data. To ensure minimal data loss if a disaster or unwanted changes to file share content, you may prefer to take backups more frequently than once a day.

Using Azure Backup, you can now create a backup policy or modify an existing backup policy to take multiple snapshots in a day. With this capability, you can also define the duration in which your backup jobs would trigger. This capability empowers you to align your backup schedule with the working hours when there are frequent updates to Azure Files content.

For more information, see how to configure multiple backups per day via backup policy.

Azure Backup metrics and metrics alerts (in preview)

Azure Backup now provides a set of built-in metrics via Azure Monitor that allows you to monitor the health of your backups. You can also configure alert rules that trigger alerts when metrics exceed the defined thresholds.

Azure Backup offers the following key capabilities:

  • Ability to view out-of-the-box metrics related to the backup and restore health of your backup items along with associated trends.
  • Ability to write custom alert rules on these metrics to efficiently monitor the health of your backup items.
  • Ability to route fired metric alerts to various notification channels that Azure Monitor supports, such as email, ITSM, webhook, logic apps, and so on.

Currently, Azure Backup supports built-in metrics for the following workload types:

  • Azure VM
  • SQL databases in Azure VM
  • SAP HANA databases in Azure VM
  • Azure Files.

For more information, see Monitor the health of your backups using Azure Backup Metrics (preview).

Archive Tier support for SQL Server in Azure VM for Azure Backup is now generally available

Azure Backup allows you to move your long-term retention points for Azure Virtual Machines and SQL Server in Azure Virtual Machines to the low-cost Archive Tier. You can also restore from the recovery points in the Vault-archive tier.

In addition to the capability to move the recovery points:

  • Azure Backup provides recommendations to move a specific set of recovery points for Azure Virtual Machine backups that will ensure cost savings.
  • You have the capability to move all their recovery points for a particular backup item at one go using sample scripts.
  • You can view Archive storage usage on the Vault dashboard.

For more information, see Archive Tier support.

Backup for Azure Blobs is now generally available

Operational backup for Azure Blobs is a managed-data protection solution that lets you protect your block blob data from various data loss scenarios, such as blob corruptions, blob deletions, and accidental deletion of storage accounts.

Being an operational backup solution, the backup data is stored locally in the source storage account, and can be recovered from a selected point-in-time, giving you a simple and cost-effective means to protect your blob data. To do this, the solution uses the blob point-in-time restore capability available from blob storage.

Operational backup for blobs integrates with the Azure Backup management tools, including Backup Center, to help you manage the protection of your blob data effectively and at-scale. In addition to previously available capabilities, you can now configure and manage operational backup for blobs using the Data protection view of the storage accounts, also through PowerShell. Also, Backup now gives you an enhanced experience for managing role assignments required for configuring operational backup.

For more information, see Overview of operational backup for Azure Blobs.

Enhancements to encryption using customer-managed keys for Azure Backup (in preview)

Azure Backup now provides enhanced capabilities (in preview) to manage encryption with customer-managed keys. Azure Backup allows you to bring in your own keys to encrypt the backup data in the Recovery Services vaults, thus providing you a better control.

  • Supports user-assigned managed identities to grant permissions to the keys to manage data encryption in the Recovery Services vault.
  • Enables encryption with customer-managed keys while creating a Recovery Services vault.

    Note

    This feature is currently in limited preview. To sign up, fill this form, and write to us at AskAzureBackupTeam@microsoft.com.

  • Allows you to use Azure Policies to audit and enforce encryption using customer-managed keys.

Note

  • The above capabilities are supported through the Azure portal only, PowerShell is currently not supported.
    If you are using PowerShell for managing encryption keys for Backup, we do not recommend to update the keys from the portal.
    If you update the key from the portal, you can’t use PowerShell to update the encryption key further, till a PowerShell update to support the new model is available. However, you can continue updating the key from the Azure portal.
  • You can use the audit policy for auditing vaults with encryption using customer-managed keys that are enabled after 04/01/2021.
  • For vaults with the CMK encryption enabled before this date, the policy might fail to apply, or might show false negative results (that is, these vaults may be reported as non-compliant, despite having CMK encryption enabled). Learn more.

For more information, see Encryption for Azure Backup using customer-managed keys.

Azure Disk Backup is now generally available

Azure Backup offers snapshot lifecycle management to Azure Managed Disks by automating periodic creation of snapshots and retaining these for configured durations using Backup policy.

For more information, see Overview of Azure Disk Backup.

Backup center is now generally available

Backup center simplifies data protection management at-scale by enabling you to discover, govern, monitor, operate, and optimize backup management from one single central console.

For more information, see Overview of Backup Center.

Archive Tier support for Azure Backup (in preview)

Azure Backup now allows you to reduce the cost of long-term retention backups with the availability of Archive Tier for Azure virtual machines and SQL Server in Azure virtual machines.

For more information, see Archive Tier support (Preview).

Backup for Azure Blobs (in preview)

Operational backup for Blobs is a managed, local data protection solution that lets you protect your block blobs from various data loss scenarios like corruptions, blob deletions, and accidental storage account deletion. The data is stored locally within the source storage account itself and can be recovered to a selected point in time whenever needed. So it provides a simple, secure, and cost-effective means to protect your blobs.

Operational backup for Blobs integrates with Backup Center, among other Backup management capabilities, to provide a single pane of glass that can help you govern, monitor, operate, and analyze backups at scale.

For more information, see Overview of operational backup for Azure Blobs (in preview).

Next steps