Azure Introduction
Azure Pricing
Azure Threats
Enable Automated Backups
More Info:
Ensure that Backup and Restore feature is enabled and configured to create automated (scheduled) backups for your Microsoft Azure App Services applications.
Risk Level
High
Address
Security
Compliance Standards
HIPAA, SOC2, HITRUST, NISTCSF, PCIDSS
Triage and Remediation
Remediation
To enable automated backups in Azure using the Azure console, follow these steps:
-
Log in to the Azure portal and select the virtual machine you want to enable automated backups for.
-
In the virtual machine’s menu, select “Backup” under the “Operations” section.
-
In the “Backup” pane, click on the “Backup” button.
-
In the “Backup policy” pane, select the “Azure VM backup” option.
-
In the “Backup policy details” pane, select the “Daily” backup frequency and set the retention period as per your requirement.
-
In the “Backup policy details” pane, select the storage account where you want to store the backups.
-
Click “OK” to save the backup policy.
-
Once the backup policy is saved, click “Enable Backup” to enable automated backups for your virtual machine.
-
Azure will start backing up your virtual machine according to the policy you set.
That’s it! Your virtual machine is now configured to automatically backup on a daily basis.
To enable automated backups for Azure using Azure CLI, follow these steps:
Step 1: Open the Azure CLI
Step 2: Run the following command to enable automated backups for the virtual machine:
az backup enable-for-vm --resource-group <resource-group-name> --vault-name <backup-vault-name> --vm <vm-name> --policy-name DefaultPolicy
Here, replace <resource-group-name> with the name of the resource group that contains the virtual machine, <backup-vault-name> with the name of the backup vault where you want to store the backups, and <vm-name> with the name of the virtual machine that you want to enable backups for.
Step 3: Once the command is executed successfully, automated backups will be enabled for the virtual machine.
Note: You need to ensure that you have the necessary permissions to enable backups for the virtual machine.
To enable automated backups in Azure using Python, you can use the Azure SDK for Python. Here are the steps to remediate this misconfiguration:
- Install the Azure SDK for Python using pip:
pip install azure
- Import the necessary modules:
from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.compute import ComputeManagementClient
from azure.mgmt.recoveryservicesbackup import RecoveryServicesBackupClient
from azure.mgmt.recoveryservicesbackup.models import ProtectionPolicyResource, DailyRetentionSchedule, WeeklyRetentionSchedule, RetentionPolicy, SimpleRetentionPolicy, RetentionDuration
- Authenticate with Azure using a service principal:
credentials = ServicePrincipalCredentials(
client_id='<client_id>',
secret='<client_secret>',
tenant='<tenant_id>'
)
Replace <client_id>, <client_secret>, and <tenant_id> with your actual values.
- Create a
ComputeManagementClientandRecoveryServicesBackupClient:
compute_client = ComputeManagementClient(credentials, '<subscription_id>')
backup_client = RecoveryServicesBackupClient(credentials, '<subscription_id>')
Replace <subscription_id> with your actual subscription ID.
- Get the resource group and virtual machine name:
resource_group_name = '<resource_group_name>'
vm_name = '<vm_name>'
Replace <resource_group_name> and <vm_name> with your actual values.
- Enable backup for the virtual machine:
# Get the virtual machine
vm = compute_client.virtual_machines.get(resource_group_name, vm_name)
# Set the backup policy
policy = ProtectionPolicyResource(
retention_policy=RetentionPolicy(
daily_retention=SimpleRetentionPolicy(
retention_duration=RetentionDuration(
count=30,
duration_type='Days'
)
),
weekly_retention=SimpleRetentionPolicy(
retention_duration=RetentionDuration(
count=4,
duration_type='Weeks'
)
)
),
daily_schedule=DailyRetentionSchedule(
retention_duration=RetentionDuration(
count=30,
duration_type='Days'
)
),
weekly_schedule=WeeklyRetentionSchedule(
days_of_week=['Sunday'],
retention_duration=RetentionDuration(
count=4,
duration_type='Weeks'
)
)
)
# Enable backup for the virtual machine
result = backup_client.protection_policies.create_or_update(
resource_group_name,
'DefaultPolicy',
policy
)
backup_client.protection_containers.trigger(
resource_group_name,
'Azure',
'VirtualMachine',
vm.id
)
This code sets a backup policy with a daily retention of 30 days and a weekly retention of 4 weeks, with backups occurring on Sundays. It then enables backup for the virtual machine and triggers the backup job.
Note that you may need to modify the backup policy according to your specific requirements.
- Verify that backup is enabled for the virtual machine:
# Get the backup status for the virtual machine
backup_status = backup_client.protection_status.get(
resource_group_name,
'Azure',
'VirtualMachine',
vm.id
)
# Check if backup is enabled
if backup_status.protection_status == 'Protected':
print('Backup is enabled for the virtual machine')
else:
print('Backup is not enabled for the virtual machine')
This code gets the backup status for the virtual machine and checks if backup is enabled.
That’s it! With these steps, you can enable automated backups for a virtual machine in Azure using Python.