iCompaas Support

Profile Applicability:
 Level 1

Description:
Soft Delete on Azure Recovery Services Vaults ensures that when backup data or recovery points are deleted, they are retained for a configurable retention period instead of being permanently deleted immediately. This feature protects against accidental or malicious deletion by allowing recovery of deleted backup data within the retention window.

Rationale:
 Enabling Soft Delete provides a safety net against data loss due to unintended deletions or ransomware attacks. It enhances data protection and supports business continuity by allowing recovery of deleted backups during the retention period, reducing the risk of permanent data loss.

Impact:

• Pros:
  

  • Protects backup data from accidental or malicious deletion.
    

  • Improves disaster recovery capabilities and compliance posture.
    

  • Supports data retention policies and audit requirements.
    

• Cons:
  

  • May increase storage costs due to retained deleted data during retention.
    

  • Requires monitoring and management of retention settings.
    

Default Value:
 Soft Delete is disabled by default on some Recovery Services Vaults and must be enabled explicitly.

Pre-requisites:

• Appropriate Azure permissions to configure Recovery Services Vault settings.
  

• Understanding of backup and retention policies.
  

Remediation

Test Plan:

Using Azure Portal:

1. Navigate to https://portal.azure.com.
   

2. Go to Recovery Services Vaults.
   

3. Select the target vault.
   

4. Under Properties or Backup Settings, locate the Soft Delete option.
   

5. Verify that Soft Delete is enabled and configured with an appropriate retention period.
   

Using Azure CLI:

1. Check Soft Delete status for a vault:

az backup vault show --name <vault-name> --resource-group <resource-group> --query properties.softDeleteFeatureState

2. Confirm the output is Enabled.

Implementation Plan

Using Azure Portal:

1. In the Recovery Services Vault settings, enable the Soft Delete feature.
   

2. Configure the retention period (default is 14 days, configurable).
   

3. Save changes and validate the configuration.
   

Using Azure CLI:

1. Enable Soft Delete on the vault:

az backup vault update --name <vault-name> --resource-group <resource-group> --set properties.softDeleteFeatureState=Enabled

2. Confirm the update by re-checking the vault properties.

Backout Plan

Using Azure Portal:

1. Disable Soft Delete if required by turning off the feature in vault settings.
   

2. Be cautious of potential data loss risks.
   

Using Azure CLI:

1. Disable Soft Delete:

az backup vault update --name <vault-name> --resource-group <resource-group> --set properties.softDeleteFeatureState=Disabled

References:

• Azure Backup Soft Delete Overview
  

• Manage Soft Delete for Recovery Services Vault