Discussions related to using object storage as a backup target.
Post Reply
frankive
Service Provider
Posts: 1092
Liked: 134 times
Joined: May 14, 2013 8:35 pm
Full Name: Frank Iversen
Location: Norway
Contact:

Azure - Soft delete

Post by frankive »

We were doing a deletion of a customer in Azure today, deleted all the resources.
We eventually came to the Recovery Vault for the Backup VMs. It had of course soft delete enabled.
"Well, we just have to disable it and then wait for 14 days before we can delete it, I said".
BUT..
my colleague then just tried to delete the backups and recovery vaults anyway, AND, he succeded....

What on earth did just happen, I said, and we started to read about Azure Backup and soft delete.
And actually; even when its a part of Microsoft Randsomware protection for Azure backup, it actually cannot stop an owner account of the tenant to delete the backup, even when in soft delete. Eventually it is also possible to delete the backup, remove soft delete, undelete, and then undelete to delete the backup data..
I have since 2019 always treated soft-delete like a "ok alternative" to immutable backup in Azure..

Is my understaing correct? There is actually many ways to buypass the soft delete for a potentical hacker with an owner account with Azure native backup of VMs?

(Cant wait to get Veeam Agents with direct backup to immutable object storage........)
HannesK
Product Manager
Posts: 14287
Liked: 2877 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: Azure - Soft delete

Post by HannesK »

Hello,
to me, everything looks expected and that technology cannot be used as alternative to immutability. The name is "soft-delete" and not "immutable". "Soft" means for me the opposite of "hard". Soft-limit vs. Hard-Limit etc.

Best regards,
Hannes
frankive
Service Provider
Posts: 1092
Liked: 134 times
Joined: May 14, 2013 8:35 pm
Full Name: Frank Iversen
Location: Norway
Contact:

Re: Azure - Soft delete

Post by frankive »

More I read it seems like you are right, but I think Microsoft never should have included Ransomware-protection as part of soft delete. This doesnt seem to be ransomware-protection at all. The first thing a hacker would do is disable this soft delete, and if you can even delete the soft-deleted files.... well....

Will the veeam agent be able to backup to object storage (amazon s3 immutable) in the next version?
veremin
Product Manager
Posts: 20270
Liked: 2252 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: Azure - Soft delete

Post by veremin » 1 person likes this post

Yes, it will. Thanks!
Post Reply

Who is online

Users browsing this forum: No registered users and 10 guests