You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/backup/security-overview.md
+10-9Lines changed: 10 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -21,26 +21,27 @@ With Azure Backup, which includes virtual machine backup and SQL and SAP HANA in
21
21
22
22
Azure Backup enables you to manage fine-grained access using [Azure Role-Based Access Control (RBAC)](https://docs.microsoft.com/azure/role-based-access-control/built-in-roles). RBAC allows you to segregate duties within your team and grant only the amount of access to users necessary to do their jobs.
23
23
24
-
* Azure Backup provides three built-in roles to control backup management operations:
25
-
* Backup Contributor - to create and manage backups, except deleting Recovery Services vault and giving access to others
26
-
* Backup Operator - everything a contributor does except removing backup and managing backup policies
27
-
* Backup Reader - permissions to view all backup management operations
24
+
Azure Backup provides three built-in roles to control backup management operations:
28
25
29
-
[Learn more about Role-Based Access control to manage Azure Backup](https://docs.microsoft.com/azure/backup/backup-rbac-rs-vault).
26
+
* Backup Contributor - to create and manage backups, except deleting Recovery Services vault and giving access to others
27
+
* Backup Operator - everything a contributor does except removing backup and managing backup policies
28
+
* Backup Reader - permissions to view all backup management operations
30
29
31
-
* Azure Backup has several security controls built into the service to prevent, detect, and respond to security vulnerabilities. [Learn more about security controls for Azure Backup](https://docs.microsoft.com/azure/backup/backup-security-controls).
30
+
Learn more about [Role-Based Access control to manage Azure Backup](https://docs.microsoft.com/azure/backup/backup-rbac-rs-vault).
31
+
32
+
Azure Backup has several security controls built into the service to prevent, detect, and respond to security vulnerabilities. Learn more about [security controls for Azure Backup](https://docs.microsoft.com/azure/backup/backup-security-controls).
32
33
33
34
## Encryption of data in transit and at rest
34
35
35
36
Encryption protects your data and helps you to meet your organizational security and compliance commitments. Within Azure, data in transit between Azure storage and the vault is protected by HTTPS. This data remains on the Azure backbone network.
36
37
37
-
* Backup data is automatically encrypted using Microsoft-managed keys. You also can encrypt your backed up managed disk VMs in the Recovery Services Vault using [customer managed keys](https://docs.microsoft.com/azure/backup/backup-azure-security-feature-cloud#encryption-of-backup-data-using-customer-managed-keys) stored in the Azure Key Vault. You don't need to take any explicit action to enable this encryption. It applies to all workloads being backed up to your Recovery Services vault.
38
+
* Backup data is automatically encrypted using Microsoft-managed keys. You can also encrypt your backed up managed disk VMs in the Recovery Services Vault using [customer managed keys](https://docs.microsoft.com/azure/backup/backup-azure-security-feature-cloud#encryption-of-backup-data-using-customer-managed-keys) stored in the Azure Key Vault. You don't need to take any explicit action to enable this encryption. It applies to all workloads being backed up to your Recovery Services vault.
38
39
39
40
* Azure Backup supports backup and restore of Azure VMs that have their OS/data disks encrypted with Azure Disk Encryption (ADE). [Learn more about encrypted Azure VMs and Azure Backup](https://docs.microsoft.com/azure/backup/backup-azure-vms-encryption).
40
41
41
-
## Protection of backup data from accidental or malicious deletes
42
+
## Protection of backup data from unintentional deletes
42
43
43
-
Azure Backup provides security features to help protect backup data even after deletion. One such feature is soft delete. With soft delete, if a malicious actor deletes the backup of a VM (or backup data is accidentally deleted), the backup data is retained for 14 additional days, allowing the recovery of that backup item with no data loss. The additional 14 days retention of backup data in the "soft delete" state doesn't incur any cost to the customer. [Learn more about soft delete](https://docs.microsoft.com/azure/backup/backup-azure-security-feature-cloud#soft-delete).
44
+
Azure Backup provides security features to help protect backup data even after deletion. With soft delete, if user deletes the backup of a VM, the backup data is retained for 14 additional days, allowing the recovery of that backup item with no data loss. The additional 14 days retention of backup data in the "soft delete" state doesn't incur any cost to the customer. [Learn more about soft delete](https://docs.microsoft.com/azure/backup/backup-azure-security-feature-cloud#soft-delete).
0 commit comments