Reducing the backup retention duration can reduce an organization’s ability to re-establish service in case of a security incident.
Data backups allow to overcome corruption or unavailability of data by recovering as efficiently as possible from a security incident.
Backup retention duration, coverage, and backup locations are essential criteria regarding functional continuity.
There is a risk if you answered yes to any of those questions.
Increase the backup retention period to an amount of time sufficient enough to be able to restore service in case of an incident.
For Azure App Service:
resource webApp 'Microsoft.Web/sites@2022-03-01' = {
name: 'webApp'
}
resource backup 'config@2022-03-01' = {
name: 'backup'
parent: webApp
properties: {
backupSchedule: {
frequencyInterval: 1
frequencyUnit: 'Day'
keepAtLeastOneBackup: true
retentionPeriodInDays: 2 // Sensitive
}
}
}
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Web/sites",
"apiVersion": "2022-03-01",
"name": "webApp",
},
{
"type": "Microsoft.Web/sites/config",
"apiVersion": "2022-03-01",
"name": "webApp/backup",
"properties": {
"backupSchedule": {
"frequencyInterval": 1,
"frequencyUnit": "Day",
"keepAtLeastOneBackup": true,
"retentionPeriodInDays": 2
}
},
"dependsOn": [
"[resourceId('Microsoft.Web/sites', 'webApp')]"
]
}
]
}
For Azure Cosmos DB accounts:
resource cosmosDb 'Microsoft.DocumentDB/databaseAccounts@2023-04-15' = {
properties: {
backupPolicy: {
type: 'Periodic'
periodicModeProperties: {
backupIntervalInMinutes: 1440
backupRetentionIntervalInHours: 8 // Sensitive
}
}
}
}
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"name": "example",
"type": "Microsoft.DocumentDB/databaseAccounts",
"apiVersion": "2023-04-15",
"properties": {
"backupPolicy": {
"type": "Periodic",
"periodicModeProperties": {
"backupIntervalInMinutes": 1440,
"backupRetentionIntervalInHours": 8
}
}
}
}
]
}
For Azure Backup vault policies:
resource vault 'Microsoft.RecoveryServices/vaults@2023-01-01' = {
name: 'testVault'
resource backupPolicy 'backupPolicies@2023-01-01' = {
name: 'backupPolicy'
properties: {
backupManagementType: 'AzureSql'
retentionPolicy: {
retentionPolicyType: 'SimpleRetentionPolicy'
retentionDuration: {
count: 2 // Sensitive
durationType: 'Days'
}
}
}
}
}
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.RecoveryServices/vaults",
"apiVersion": "2023-01-01",
"name": "testVault",
"resources": [
{
"type": "backupPolicies",
"apiVersion": "2023-01-01",
"name": "testVault/backupPolicy",
"properties": {
"backupManagementType": "AzureSql",
"retentionPolicy": {
"retentionPolicyType": "SimpleRetentionPolicy",
"retentionDuration": {
"count": 2,
"durationType": "Days"
}
}
}
}
]
}
]
}
For Azure App Service:
resource webApp 'Microsoft.Web/sites@2022-03-01' = {
name: 'webApp'
}
resource backup 'config@2022-03-01' = {
name: 'backup'
parent: webApp
properties: {
backupSchedule: {
frequencyInterval: 1
frequencyUnit: 'Day'
keepAtLeastOneBackup: true
retentionPeriodInDays: 8
}
}
}
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Web/sites",
"apiVersion": "2022-03-01",
"name": "webApp",
},
{
"type": "Microsoft.Web/sites/config",
"apiVersion": "2022-03-01",
"name": "webApp/backup",
"properties": {
"backupSchedule": {
"frequencyInterval": 1,
"frequencyUnit": "Day",
"keepAtLeastOneBackup": true,
"retentionPeriodInDays": 30
}
},
"dependsOn": [
"[resourceId('Microsoft.Web/sites', 'webApp')]"
]
}
]
}
For Azure Cosmos DB accounts:
resource cosmosDb 'Microsoft.DocumentDB/databaseAccounts@2023-04-15' = {
properties: {
backupPolicy: {
type: 'Periodic'
periodicModeProperties: {
backupIntervalInMinutes: 1440
backupRetentionIntervalInHours: 192
}
}
}
}
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"name": "example",
"type": "Microsoft.DocumentDB/databaseAccounts",
"apiVersion": "2023-04-15",
"properties": {
"backupPolicy": {
"type": "Periodic",
"periodicModeProperties": {
"backupIntervalInMinutes": 1440,
"backupRetentionIntervalInHours": 720
}
}
}
}
]
}
For Azure Backup vault policies:
resource vault 'Microsoft.RecoveryServices/vaults@2023-01-01' = {
name: 'testVault'
resource backupPolicy 'backupPolicies@2023-01-01' = {
name: 'backupPolicy'
properties: {
backupManagementType: 'AzureSql'
retentionPolicy: {
retentionPolicyType: 'SimpleRetentionPolicy'
retentionDuration: {
count: 8
durationType: 'Days'
}
}
}
}
}
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.RecoveryServices/vaults",
"apiVersion": "2023-01-01",
"name": "testVault",
"resources": [
{
"type": "backupPolicies",
"apiVersion": "2023-01-01",
"name": "testVault/backupPolicy",
"properties": {
"backupManagementType": "AzureSql",
"retentionPolicy": {
"retentionPolicyType": "SimpleRetentionPolicy",
"retentionDuration": {
"count": 30,
"durationType": "Days"
}
}
}
}
]
}
]
}