Azure Virtual Machines
      Back to home
      1. Knowledge Base
      2. Azure Knowledge Base
      3. Azure Virtual Machines

      VM Daily Backup Low Retention Period

      Risk Level: Medium

      Description

      This plugin guarantees that VM's daily backup retention policy is configured for the desired number of days in order to retain backups. To guard against unintended destruction of the data on your VMs, the Azure Backup provides independent and isolated backups. Hence, these backups should be retained for a specific amount of time to recover the destroyed Virtual Machine.

      Configuration Parameters

      VM Daily Backup Retention Period: This parameter denotes the minimum number of days a VM Daily Backup is retained. An alert is generated if the number of days is less than this specified value. It can take a minimum value of 7 days.

      By default, the value is set to 30, therefore it will create an issue if the Virtual Machine daily backup retention number of days is less than 30.

      About the Service

      Azure Virtual Machine:

      Azure Virtual Machines (VM) is one of several forms of scalable, on-demand computing resources offered by Azure. VMs are typically used when you require more control over the computing environment than the other options provide. This article explains what you should think about before creating a virtual machine, how to construct one, and how to administer one. For more information, click here.

      Impact

      Having an ideal reinforcement maintenance period set for your Azure App Services applications will authorize your reinforcement methodology to follow the accepted procedures as determined in the consistency guidelines advanced by your association. Holding application reinforcements for a more extended timeframe will permit you to deal with all the more proficiently your application information rebuilding process.

      Steps to Reproduce

      In order to determine if the configuration of Azure App Services Applications have a sufficient Backup retention period on all the Azure Virtual Machines, follow the steps given below:

      Using Azure Console-

      1. Firstly, sign in to your PingSafe account, and reach out to the settings to find out the Sufficient Backup Retention Period rule set in or configured by your organization.
      2. Now, sign in to the Azure Management Console with your registered organization email address.
      3. Under Azure Services, choose Subscriptions.
      4. A new Subscription page will be opened up. Choose the subscription for which the issue has to be examined.
      5. Now, in the Filter Type Box, search for Virtual Machines.
      6. Click on the Virtual Machines nav link. A list of all the virtual machines (VMs) in your selected subscription will be displayed on the screen.
      7. Click on the Name of the Virtual Machine, for which you want to examine.
      8. A detailed view of your selected virtual machine will be displayed. Now, in the navigation panel, under the Operations, click on the Backup blade.
      9. A new Backup page will appear on the screen. Check out for the Backup Policy under the Summary column. 
      10. Click on the Backup Policy name. A side window of Change Backup Policy will appear on the screen.
      11. Note down the retention period mentioned under the Retention of Daily Backup Point heading.
      12. If the Backup Retention period for the selected Virtual Machine is less than the Backup Retention mentioned at Step 1, then vulnerability exists, which means that the Azure App Services application does not have a sufficient backup retention period configured. 
      13. Follow the steps above, for other Azure Virtual Machines (VMs) in the current subscription as well as in other subscriptions in your Azure Cloud.

      Steps for Remediation

      In order to reconfigure the Backup retention period for the selected Virtual Machine in your Azure cloud account, follow the steps given below:

      Using Azure Console-

      1. Firstly, sign in to your PingSafe account, and reach out to the settings to find out the VM Daily Backup Retention Period rule set in or configured by your organization. Now, copy the value of the Retention Period from the dashboard.
      2. Now, sign in to the Azure Management Console with your registered organization email address.
      3. Under Azure Services, choose Subscriptions.
      4. A new Subscription page will be opened up. Choose the subscription for which the issue has to be examined.
      5. Now, in the Filter Type Box, search for Virtual Machines.
      6. Click on the Virtual Machines nav link. A list of all the virtual machines (VMs) in your selected subscription will be displayed on the screen.
      7. Click on the Name of the Virtual Machine, for which you want to examine.
      8. A detailed view of your selected virtual machine will be displayed. Now, in the navigation panel, under the Operations, click on the Backup blade.
      9. A new Backup page will appear on the screen. Check out for the Backup Policy under the Summary column. 
      10. Click on the Backup Policy name. A side window of Change Backup Policy will appear on the screen.
      11. Note down the retention period mentioned under the Retention of Daily Backup Point heading.
      12. If the Backup Retention period for the selected Virtual Machine is less than the Backup Retention mentioned at Step 1, then vulnerability exists, which means that the Azure App Services application does not have a sufficient backup retention period configured. 
      13. In order to reconfigure the retention period, go back to the Backup page, and click on the name of the Recovery Service Vault (Backup Vault) under the Summary column.
      14. In the left navigation panel, under the Manage section, click on the Backup Policies blade.
      15. A new page with a list of all the Backup Policies will appear on the screen. Click on the name of the Backup Policy for which you want to reconfigure the retention period.
      16. A new page, named Modify Policy, with the details of your selected Backup Policy will appear.
      17. Under the Retention Range, reconfigure the value of the Days box by pasting the value copied in step 1.
      18. Click on the Update button present at the bottom of the screen to reconfigure your settings. Hence, the vulnerability will be solved.
      19. Follow the steps above, for other Azure Virtual Machines (VMs) in the current subscription as well as in other subscriptions in your Azure Cloud.