Veeam Backup for Microsoft 365 allows you to prohibit deletion of backup copies from object storage by making that data temporarily immutable. It is done for increased security: immutability protects your data from loss as a result of attacks, malware activity or other injurious actions that may be performed by 3rd party applications.
You can enable immutability when adding object storage to Veeam Backup for Microsoft 365. Keep in mind that object storage with enabled immutability can be used only to store backup copies. The immutability period matches the retention period configured for the backup repository which is extended with such object storage. Data will be blocked for deletion or modification for the same period as the retention period. For more information, see Specify Retention Policy Settings.
Veeam Backup for Microsoft 365 extends the immutability period in the following ways:
- If the extended backup repository has the snapshot-based retention type, the duration of the immutability period for backup copies stored in object storage will be prolonged only for those parts of a snapshot for which retention policy still can be applied.
- If the extended backup repository has the item-level retention type, the duration of the immutability period for backup copies stored in object storage will be prolonged only for those objects for which retention policy still can be applied.
Before You Begin to Use Immutability
Amazon S3 and S3 Compatible Object Storage
To use immutability for backed-up data that you want to store in Amazon S3, Amazon S3 Glacier and S3 Compatible object storage, you must enable the Object Lock and Versioning features on your Amazon S3 bucket and S3 Compatible bucket at the time you create the bucket. Keep in mind that most vendors allow enabling Object Lock only at the moment of creating the bucket. Once imposed, the Object Lock prohibits deletion of data from object storage until the immutability period ends.
Azure Blob Storage
If you want to use immutability for backed-up data that you want to store in Microsoft Azure Blob Storage, you must enable the immutability settings for the object storage.
Do the following:
- Enable either version-level immutability support or blob versioning for the Microsoft Azure Blob storage account.
- Make sure that the default time-based retention policy is not configured for the Microsoft Azure Blob storage account.
- Enable version-level immutability support for the Azure container.
For more information about immutable Microsoft Azure Blob Storage, see this Microsoft article.