Ensure that Microsoft Azure SQL databases have a sufficient Point in Time Restore (PITR) backup retention period configured for security and compliance purposes. Azure SQL service automatically creates database backups that are kept between 7 and 35 days. The SQL service uses Azure read-access geo-redundant storage (RA-GRS) to ensure that the backups are preserved even if the primary datacenter becomes unavailable. Prior to running this rule by the Cloud Conformity engine, the PITR backup retention period must configured within the rule settings, on the Cloud Conformity account dashboard. The supported values are: 1, 7, 14, 21, 28 and 35 days. Azure default backup short term retention days setting is 7.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Having an optimal backup retention period set for Azure SQL databases will enforce your backup strategy to follow the best practices as specified in the compliance regulations promoted within your organization. Retaining point-in-time SQL database backups for a longer period of time will allow you to handle more efficiently your data restoration process in the event of a failure.
Audit
To determine if your Azure SQL databases have a sufficient PITR backup retention period configured, perform the following actions:
Remediation / Resolution
To configure the right Point in Time Restore (PITR) backup retention period for your Microsoft Azure SQL database servers, perform the following actions:
References
- Azure Official Documentation
- Getting started with single databases in Azure SQL Database
- Automated backups
- Azure PowerShell Documentation
- Get-AzSqlServer
- Get-AzSqlDatabase
- Get-AzSqlDatabaseBackupShortTermRetentionPolicy
- Set-AzSqlDatabaseBackupShortTermRetentionPolicy