You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/backup/security-overview.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,17 +17,17 @@ Storage accounts used by Recovery Services vaults are isolated and can't be acce
17
17
18
18
Azure Backup provides three [built-in roles](../role-based-access-control/built-in-roles.md) to control backup management operations:
19
19
20
-
* Backup Contributor - to create and manage backups, except deleting Recovery Services vault and giving access to others
21
-
* Backup Operator - everything a contributor does except removing backup and managing backup policies
22
-
* Backup Reader - permissions to view all backup management operations
20
+
***Backup Contributor**: To create and manage backups, except deleting Recovery Services vault and giving access to others
21
+
***Backup Operator**: Everything a contributor does except removing backup and managing backup policies
22
+
***Backup Reader**: permissions to view all backup management operations
23
23
24
24
Learn more about [Azure role-based access control to manage Azure Backup](./backup-rbac-rs-vault.md).
25
25
26
26
Azure Backup has several security controls built into the service to prevent, detect, and respond to security vulnerabilities. Learn more about [security controls for Azure Backup](./security-baseline.md).
27
27
28
28
## Separation between guest and Azure storage
29
29
30
-
With Azure Backup, which includes virtual machine backup and SQL and SAP HANA in VM backup, the backup data is stored in Azure storage and the guest has no direct access to backup storage or its contents. With the virtual machine backup, the backup snapshot creation and storage are done by Azure fabric where the guest has no involvement other than quiescing the workload for application consistent backups. With SQL and SAP HANA, the backup extension gets temporary access to write to specific blobs. In this way, even in a compromised environment, existing backups can't be tampered with or deleted by the guest.
30
+
With Azure Backup, which includes virtual machine backup and SQL and SAP HANA in VM backup, the backup data is stored in Azure storage and the guest has no direct access to backup storage or its contents. With the virtual machine backup, the backup snapshot creation and storage are done by Azure fabric where the guest has no involvement other than quiescing the workload for application consistent backups. With SQL and SAP HANA, the backup extension gets temporary access to write to specific blobs. In this way, even in a compromised environment, existing backups can't be tampered with or deleted by the guest.
31
31
32
32
## Internet connectivity not required for Azure VM backup
33
33
@@ -45,7 +45,7 @@ Encryption protects your data and helps you to meet your organizational security
45
45
46
46
* Within Azure, data in transit between Azure storage and the vault is [protected by HTTPS](backup-support-matrix.md#network-traffic-to-azure). This data remains on the Azure backbone network.
47
47
48
-
* Backup data is automatically encrypted using [platform-managed keys](backup-encryption.md), and you don't need to take any explicit action to enable it. You can also encrypt your backedup data using [customer managed keys](encryption-at-rest-with-cmk.md) stored in the Azure Key Vault. It applies to all workloads being backed up to your Recovery Services vault.
48
+
* Backup data is automatically encrypted using [platform-managed keys](backup-encryption.md), and you don't need to take any explicit action to enable it. You can also encrypt your backed-up data using [customer managed keys](encryption-at-rest-with-cmk.md) stored in the Azure Key Vault. It applies to all workloads being backed up to your Recovery Services vault.
49
49
50
50
* Azure Backup supports backup and restore of Azure VMs that have their OS/data disks encrypted with [Azure Disk Encryption (ADE)](backup-azure-vms-encryption.md#encryption-support-using-ade) and [VMs with CMK encrypted disks](backup-azure-vms-encryption.md#encryption-using-customer-managed-keys). For more information, [learn more about encrypted Azure VMs and Azure Backup](./backup-azure-vms-encryption.md).
0 commit comments