Public preview: Multi-user authorization for Backup vaults
Published date: October 13, 2022
Multi-user authorization (MUA) for Backup adds an additional layer of protection for critical operations on your Backup vaults, providing greater security for your backups. To provide multi-user authorization, Backup uses a resource guard to ensure critical operations are performed with proper authorization, similar to how multi-user authorization currently works for Recovery Services vaults.
The backup administrator, who typically owns the Backup vault, needs to gain the contributor role on the resource guard to be able to perform the protected operations. This requires action from the owner of the resource guard to approve and grant the required access. You can also use Azure Active Directory Privileged Identity Management to manage just-in-time access on the resource guard. Additionally, you can create the resource guard in a subscription or a tenant different from the one that has the recovery services vault, to achieve maximum isolation.
Please refer to the documentation to learn more about using multi-user authorization for Backup vaults.