Public preview: Multi-user authorisation for Backup vaults
Published date: 13 October, 2022
Multi-user authorisation (MUA) for Backup adds an additional layer of protection for critical operations on your Backup vaults, providing greater security for your backups. To provide multi-user authorisation, Backup uses a resource guard to ensure critical operations are performed with proper authorisation, similar to how multi-user authorisation currently works for Recovery Services vaults.
The backup administrator, who typically owns the Backup vault, needs to gain the contributor role on the resource guard to be able to perform the protected operations. This requires action from the owner of the resource guard to approve and grant the required access. You can also use Azure Active Directory Privileged Identity Management to manage just-in-time access on the resource guard. Additionally, you can create the resource guard in a subscription or a tenant different from the one that has the recovery services vault, to achieve maximum isolation.
Please refer to the documentation to learn more about using multi-user authorisation for Backup vaults.