News

Microsoft Azure Backup Update: Soft Delete Now On by Default for Better Protection

Microsoft has introduced a secure‑by‑default update to Azure Backup, with soft delete now enabled automatically.

Microsoft Azure Backup Update: Soft Delete Now On by Default for Better Protection

Backup data is often your last line of defence. When something goes wrong, whether that’s human error, system failure or a cyber attack, your backups are what make recovery possible.

That’s why Microsoft’s latest Azure Backup update is such a welcome one.

Soft delete is now enabled by default for Azure Backup vaults, adding an extra layer of protection without adding complexity or cost.

What is soft delete?

Soft delete acts as a safety net for your backups. Instead of being permanently removed straight away, deleted backup items, recovery points and even vaults are retained for a set period before final deletion.

This gives organisations a chance to recover data if something is deleted accidentally, or if a malicious actor attempts to remove backups as part of a ransomware attack.

In practical terms, it turns a potentially irreversible mistake into a recoverable one.

Why this change matters

By enforcing soft delete by default, Microsoft is strengthening Azure’s built‑in resilience against:

  • Accidental deletion

  • Insider or malicious activity

  • Ransomware attempts to remove backup data

This aligns with Microsoft’s wider move towards secure by default, where protection is built into the platform rather than relying on manual configuration.

What this means for Azure customers

For most organisations, this update is quietly beneficial.

Soft delete is enabled automatically as the change rolls out across Azure regions, and it’s included at no additional cost for the default retention period. There’s no action needed to switch it on and no change to day‑to‑day backup operations.

Your backups work as they always have, just with an added layer of protection in the background.

One thing worth checking

If you use automation tools such as PowerShell, Azure CLI, Terraform or REST APIs, Microsoft recommends making sure these are up to date.

Older versions may not align with the new secure‑by‑default behaviour and could attempt to delete items in a way that bypasses soft delete. Keeping tooling current helps ensure the protection works as intended.

If you’d like help reviewing your Azure Backup setup or understanding how this change fits into your wider resilience strategy, we’re always happy to talk.

You can also read Microsoft’s full guidance here:
Secure by Default with Soft Delete for Azure Backup