Securing Confidential VM Backups with Azure Recovery Services Vault and Private Endpoints

When working with Confidential VMs (CVMs) in Azure, ensuring secure backups is just as important as protecting workloads in use. Confidential VMs use hardware-based Trusted Execution Environments (TEEs) such as AMD SEV-SNP or Intel TDX to keep your data safe. But how do you securely back up this data without exposing it to the public internet? The answer lies in combining Azure Recovery Services Vault (RSV) with Private Endpoints.

In this blog, we’ll walk through why this setup matters, how to configure it, and what challenges you should watch out for.

Note: This blog specifically deals with CVMs encrypted with Confidential OS Encryption on the OS Disk. As of now, Azure Backup for CVMs is in Private Preview, so make sure to engage with your Microsoft Account Team or Product Team for access.

Why Use Private Endpoints for RSV?

By default, the Recovery Services vault communicates over public endpoints. With private endpoints, all traffic between your Confidential VM and RSV flows over the secure Microsoft backbone instead of the public internet. This adds an extra layer of isolation and protection — a perfect match for sensitive workloads.

What You’ll Need (Prerequisites)

Before jumping in, make sure you have:

• An Azure Subscription and appropriate permissions (Owner/Contributor for RSV, DNS Zone Contributor for DNS).
• A Confidential VM on supported SKUs.
• A Recovery Services Vault in the same or a peered region.
• A Virtual Network and Subnet:
  • Use a dedicated subnet for private endpoints.
  • A private endpoint connection for Backup uses 11 private IPs (including Azure Backup storage). This may be higher in certain regions.
  • Recommended subnet size: /25 to /27 to ensure sufficient private IP availability.
• Private DNS Zones:
  • privatelink.backup.windowsazure.com (for the vault itself)
  • privatelink.blob.core.windows.net (staging and recovery data)
  • privatelink.queue.core.windows.net (backup operations queue)
  • privatelink.table.core.windows.net (metadata storage)
• Azure Backup for CVMs supports only the 3-blob layout, which is now generally available. As a result, all new deployments on versions v5 and v6 SKUs will have 3-blob configuration by default instead of the previous 2-blob setup. Older deployments that did not enable the Preview Feature may need to be redeployed to align with this change.
• Azure Backup Private Preview Feature enabled on the subscription-level in collaboration with the Azure Product Team.
• Up-to-date Backup Extension on the VM.

Step-by-Step: Configuring Backup with Private Endpoints

1. Request Product Team Enablement:
   • Work with Microsoft support/product team to enable the Azure Backup Private Preview Feature for your subscription.
2. Create the Recovery Services Vault in the desired region.
3. Add a Private Endpoint:
   • Go to RSV → Networking → Private Endpoint connections.
   • Select your VNet and subnet (ensure enough private IPs: /25 to /27 recommended).
   • Link to the required private DNS zones.
4. Enable Backup on the Confidential VM:
   • Open the VM → Backup.
   • Select the RSV.
   • Choose or create an Enhanced policy (required for CVMs).
   • Trigger the initial backup.

Key Considerations for Confidential VM Backup

1. Enhanced Policies Only: CVM backup supports only Enhanced policies. Backup support for CVM with confidential OS disk encryption using CMK is only available with Enhanced policies.
2. Zone-Redundant Recovery Services Vault (ZRS): Consider deploying RSV as ZRS if you want to restore CVMs across zones. Restores from other zones are possible only via vault; snapshot restores are not supported across zones.
3. CVM Backup with CMK Support: Currently available only under Private Preview on an enrollment basis.
4. Key Vault and Managed HSM Permissions:
   • When configuring via Azure Portal, access to Key Vault/Managed HSM is granted automatically.
   • When using PowerShell, CLI, or REST API, access issues occur because Azure Backup requires explicit permissions.
   • Fix: Assign Permissions to Azure Backup:
     • For Key Vault: Grant Get, List, Backup key permissions (no secret permissions needed).
     • For Managed HSM:
       • Go to Managed HSM → Local RBAC → Add Role Assignment.
       • Assign one of the following:
         • Built-in Role: Managed HSM Crypto User
         • Custom Role: Ensure dataActions include:
           • Microsoft.KeyVault/managedHsm/keys/read/action
           • Microsoft.KeyVault/managedHsm/keys/backup/action
       • Set scope to the specific key (or All Keys).
       • Assign role to Backup Management Service.
     • Once permissions are configured, proceed with CVM backup setup as usual.

Restore Options and Limitations

When restoring a Confidential VM, Azure Backup provides several restore paths — each with certain caveats due to the confidential computing model:

1. Restore to Original Location
   • You can restore the CVM directly to the same subscription, resource group, and network configuration.
   • Ideal for operational recovery after accidental deletion or corruption.
2. Restore to Alternate Location
   • You can restore the backup to a different resource group, virtual network, or availability zone.
   • Limitations: Only supported when RSV is deployed as Zone-Redundant (ZRS). Snapshot restore is not supported when restoring to other zones.
3. Disk-Level Restore
   • Allows restoring specific managed disks (OS or data disks) from the backup vault.
   • Restored disks can be used to recreate CVMs manually.
   • Limitations: Replacement of OS Disk on the existing VM is not supported.
4. Point-in-Time Restore (Enhanced Policy Only)
   • Available for Enhanced Backup Policies with configurable retention settings.

Restore Limitations

• Encryption Constraints: Restores for CVMs with CMK require the same Key Vault access and permissions to be valid at restore time.
• Private DNS Dependency: Incorrect or missing DNS resolution for blob or backup endpoints can cause restore failures.
• Feature Availability: All restore capabilities mentioned above are still evolving under the Azure Backup Private Preview program.

Security Benefits

• Network Isolation: All communication between CVMs, the Recovery Services Vault, and backup storage occurs over private IPs using private endpoints — no exposure to the public internet.
• End-to-End Encryption: Backup data is encrypted both at rest and in transit. Use Customer-Managed Keys (CMK) in Azure Key Vault or Managed HSM for greater control over encryption.
• Role-Based Access Control (RBAC): Fine-grained access management ensures only authorized users and services can trigger or restore backups.
• Managed Identities for Authentication: Reduces key management complexity and enhances security posture.

Known Issues and Limitations

• DNS Misconfiguration: Missing or misconfigured private DNS zones for backup, blob, queue, or table endpoints often lead to failed backups or restores.
• Limited Regional Support: Confidential VM backups with private endpoints are currently available in selected Azure regions only.
• Extension Compatibility: Ensure that the latest Azure Backup extension version is installed on the CVM. Older versions may not support CVM encryption.
• Feature Dependencies: Azure Backup for CVMs (Private Preview) must be manually enabled at the subscription level by the Azure Product Team.
• Performance Overhead: Due to attestation and encryption validation, backup operations may experience slight latency.

Best Practices

• Test Restore Scenarios Regularly: Validate both backup and restore processes to ensure end-to-end functionality.
• Subnet Planning: Reserve adequate IP addresses in your subnet (/25 or /27) to accommodate private endpoints.
• ZRS Deployment: Use Zone-Redundant Recovery Services Vault (ZRS) for better resiliency and zone-to-zone restore capability.
• Use Enhanced Backup Policies: Enhanced policies ensure point-in-time recovery and support for CMK-based encryption.
• DNS Hygiene: Keep private DNS zones properly configured and linked to ensure uninterrupted connectivity.
• Permission Management: Verify Key Vault and Managed HSM permissions before initiating backup/restore through PowerShell or REST API.
• Network Segmentation: Use dedicated subnets for private endpoints to avoid IP conflicts and simplify network management.
• Automate with IaC: Use Bicep or Terraform templates for repeatable, auditable deployments of RSVs, private endpoints, and DNS configurations.
• Monitor Health and Alerts: Enable Azure Monitor and Backup Center to track job statuses, failures, and performance.
• Engage Product Team Early: Contact the Microsoft Product Team early in your project to ensure required preview feature (Azure Backup for CVMs) is enabled in time.

Final Thoughts

Backing up Confidential VMs with Azure Recovery Services vault over private endpoints gives you the best of both worlds: confidential computing protections for your workloads and secure, compliant backups that never leave the private network. By carefully planning DNS, subnet sizing, enabling subscription features with product team help, and configuring permissions properly, you can avoid common pitfalls and strengthen your data protection strategy.

Note: This blog specifically deals with CVMs encrypted with Confidential OS Encryption on the OS Disk.

Tip: If you’re just getting started, reach out to the Azure Product Team to enable the required features, deploy a test CVM, link it to an RSV with private endpoints, and run a backup/restore cycle to validate your configuration end-to-end.