Azure-VirtualMachines-VM-Daily-Backup-Retention-Period

Severity : Medium

Description: This control ensures that Azure backup recovery service have recovery points retention period configured to keep all the VMs data intact for recovery. Azure backup service provides automatic daily backup which creates recovery points for the VM. The retention of these recovery points are driven by the retention periods for the backup. The initial backup is full backup and subsequent backups are incremental backup. When the recovery points have the retention periods expires, they are merged to next recovery points. If a recovery point is deleted before the next one created , the recovery mechanism will be broken as previous data has already been deleted. It is recommended to have the retention period long enough so that the next backup happens before the retention of previous recovery point expires.

Remediation Steps:

Perform following to configure retention period for recovery point :

1. Login to Azure Portal using https://portal.azure.com.

2. Navigate to All services.

3. In All services, enter Recovery Services to list Recovery Service Vaults.

4. Select the Recovery Vault dashboard.

5. Under Backup Items, Select Azure Virtual Machine.

6. Select Backup Policy to update.

7. Update the Daily backup Retention Range for the daily back up policy to make sure that it preserve the recovery points.

8. Select OK.

Important:

Reference:

• https://docs.microsoft.com/en-us/azure/backup/backup-azure-manage-vms