With the increasing focus on protection of enterprise cloud assets, especially in the face of growing ransomware threats, having a proper backup strategy in place is key to ensuring minimal disruption to your business. This includes not just the ability to take backups regularly, but also making sure that you have scalable processes in place to govern, secure, monitor and analyze backups so that there are no irregularities in your last line of defense.
At Spring Ignite ‘21, we announced the general availability of Backup center, a single unified management experience in Azure for enterprises to manage backups at scale. Since then, we have continued to release more features to enhance your backup management experience. Some of the key enhancements are described in this blog.
Enhanced alerting capabilities
As a backup admin, it is important to stay on top of all critical incidents and ensure that these are routed to the right channels so that timely action can be taken. Azure Backup now offers a new and improved alerting solution built on Azure Monitor to aid you in this regard. The different types of Azure Monitor alerts available (in preview) via Backup center are:
- Built-in Azure Monitor Alerts: To help you monitor critical security operations (for example, disabling of soft-delete settings, either accidentally or maliciously), Azure Backup provides a set of built-in alerts that can be managed at scale from Backup center. You can also create Action Rules to receive notifications for the alert scenarios that you are interested in. Learn more about built-in Azure Monitor alerts for Azure Backup
- Azure Monitor Metric Alerts: To help you monitor backup and restore health by tracking job failures and successes, Azure Backup now provides standard metrics that are available out of the box for consumption. You can configure alert rules on these metrics for the scenarios that you are interested in and manage fired alerts via Backup center. Learn more about metric alerts for Azure Backup
Note that you can also configure alerts on Azure Monitor Logs and Resource Health (for Recovery Services vaults) - however these alerts are not displayed in Backup center today and will be added in the future. You can refer to this article for a comprehensive view of the different monitoring and reporting options available for Azure Backup today.
Alerts in Backup center
With Azure Monitor Alerts and Metrics, you get the following key benefits:
- Configure notifications to a wide range of notification channels - Azure Monitor supports a wide range of notification channels such as email, ITSM, webhooks, logic apps, and so on. You can configure notifications for backup alerts to any of these channels without needing to spend too much time creating custom integrations.
- Select which scenarios to get notified about - With Azure Monitor alerts, you can choose which scenarios to get notified about. You also have the flexibility to choose whether to enable notifications for test subscriptions or not.
- Manage alerts and notifications programmatically - You can leverage Azure Monitor’s REST APIs to manage alerts and notifications via non-portal clients as well.
- Have a consistent alerts management experience for multiple Azure services including backup - Azure Monitor is the established paradigm for monitoring resources across Azure. With the integration of Azure Backup and Azure Monitor, backup alerts can be managed in the same way as alerts for other Azure services without requiring a separate paradigm.
Simple management of backups across distributed application teams
If your organization backs up multiple resources to a common vault, and resource owners only want to see backup information of the resources that they own, you can now leverage the resource-centric view in Backup center.
To use the resource-centric view, select the checkbox 'Only show information about datasources which I have access to'. This option is currently supported for the following tabs: Overview, Backup Instances, Jobs, Alerts. The supported workloads are Azure VMs, SQL in Azure VMs, SAP HANA in Azure VMs, Azure Blobs, Azure Disks. Learn more about resource-centric views
Governance of security settings at scale
To help you audit security settings across your backup estate, Azure Backup now offers new built-in Azure Policies for backup. These policies audit whether all vaults in scope are configured with recommended settings like customer managed keys, private endpoints and private DNS zones, to help you govern your backups and ensure that they are secure.
You can discover and assign these policies via the ‘Azure Policies for Backup’ tab in Backup center. You can then view the compliance of your assigned policies via the ‘Backup Compliance’ tab.
Learn more about Azure Backup’s security features
Azure Policies for backup
Ability to pump data to custom dashboards
The Backup center portal queries data from Azure Resource Graph (ARG). As Azure Backup’s integration with ARG is generally available, you can now also write your own custom queries on ARG data for use in your own dashboards.
Some of the key benefits of using Azure Resource Graph to query your backup metadata are:
- Query resources at-scale with complex filtering, grouping, and sorting by resource properties.
- Obtain real-time information on your backups, including in-progress backup jobs.
- Join backup-related data with useful information on related Azure resources, such as Azure Virtual Machines and Storage Accounts.
Some sample ARG queries are documented here. You can also use the ‘Open Query’ feature in Backup center to explore the schemas of the backup tables in ARG.
Open ARG query
We plan to introduce further enhancements in this space over the coming months. Do write to AskAzureBackupTeam@microsoft.com if you have any questions!