Skip to content

Commit 9cd8b65

Browse files
author
AbhishekMallick-MS
committed
Freshness - Security DAdata isolation
1 parent 967355d commit 9cd8b65

File tree

1 file changed

+10
-1
lines changed

1 file changed

+10
-1
lines changed

articles/backup/backup-architecture.md

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,11 @@
22
title: Architecture Overview
33
description: Provides an overview of the architecture, components, and processes used by the Azure Backup service.
44
ms.topic: conceptual
5-
ms.date: 12/24/2021
5+
ms.date: 03/19/2024
66
ms.service: backup
77
author: AbhishekMallick-MS
88
ms.author: v-abhmallick
9+
ms.custom: engagement-fy24
910
---
1011

1112
# Azure Backup architecture and components
@@ -223,6 +224,14 @@ When you restore VMs with managed disks, you can restore to a complete VM with m
223224
- During the restore process, Azure handles the managed disks. If you're using the storage account option, you manage the storage account that's created during the restore process.
224225
- If you restore a managed VM that's encrypted, make sure the VM's keys and secrets exist in the key vault before you start the restore process.
225226

227+
## DaData isolation with Azure Backup
228+
229+
With Azure Backup, the vaulted backup data is stored in Microsoft-managed Azure subscription and tenant. External users or guests have no direct access to this backup storage or its contents, ensuring the isolation of backup data from the production environment where the data source resides.
230+
231+
In Azure, all communications and data in transit is securely transferred with *HTTPS* and *TLS 1.2+* protocols. This data remains on the Azure backbone network ensuring reliable and efficient data transmission. The backup data at rest is encrypted by default using *Microsoft-managed keys*. You can also bring your own keys for encryption if you require greater control over the data. To enhance protection, you can use [immutability](security-overview.md#immutable-vaults), which prevents data from being altered or deleted before its retention period. Azure Backup gives you diverse options such as [soft delete](security-overview.md#soft-delete), stop backup and delete data or retain data if you need to stop backups at any time. To protect critical operations, you can add [Multi-User Authorization (MUA)](security-overview.md#multi-user-authorization) that adds additional layer of protection by using an Azure resource called Azure Resource Guard (ARG).
232+
233+
This robust approach ensures that even in a compromised environment, existing backups cannot be tampered with or deleted by unauthorized users.
234+
226235
## Next steps
227236

228237
- Review the support matrix to [learn about supported features and limitations for backup scenarios](backup-support-matrix.md).

0 commit comments

Comments
 (0)