Skip to main content
Enable Data Lock for Azure SQL
Updated over 2 weeks ago

❗ Important

This feature has limited availability. To know more about limited availability and sign up for this feature, contact your Account Manager.


Data Lock prevents modification, deletion, or tampering of business-critical data. Immutability has gained widespread attention with rising ransomware attacks that can adversely impact enterprise data security. When it comes to preserving your data in the event of a ransomware attack, immutable backups are a critical component of your organization’s business strategy and data recovery plan.

Once enabled at the policy level, the retention for immutable backups cannot be altered allowing enterprises to protect their data from a malicious insider. This is particularly significant when backups are under threat of modification or deletion, such as attempts by a rogue admin or in the event of credentials being compromised.

For more information on the use cases and benefits of this functionality, see Data Lock for Enterprise Workloads.

Enable Data Lock

You can enable Data Lock to protect backups at the policy level. You can enable Data Lock when creating a new policy or on an existing policy.

What happens when you enable Data Lock

Once you apply Data Lock to the backup policy, you cannot:

  • Disable the Data Lock setting in the backup policy.

  • Delete the recovery points, backup sets, and backup policy.

  • Edit the retention period in the backup policy.

  • Associate another backup policy to the Data Lock-enabled backup set.

Considerations

  • You cannot change the retention period after applying Data Lock to your backup policy. But you will be able to change the other options like backup schedule in the Data Lock-enabled backup policy.

  • You cannot manually delete the backup policy, backup set, and recovery points in the backup set once you apply Data Lock to the backup policy or backup set.

  • ​For a backup set, you can change the associated backup policy to a different backup policy type only if the original backup policy is not enabled for Data Lock.

  • Once you enable Data Lock, it will apply to historical and future recovery points. However, Data Lock does not apply to historical soft-deleted backup sets.

Enabling Data Lock while creating a new backup policy


❗ Important

Enabling Data Lock is an irreversible action. Data Lock will apply to historical and future recovery points.


  1. Log in to the Management Console.

  2. On the console, from the top menu, select Organization.

  3. Select Protect > Go to Azure.

  4. On the left pane, select a subscription and click SQL.

  5. On the Backup Policies page, click New Backup Policy > Azure SQL.

  6. Enter the Name and Description of the backup policy.

  7. Click Next and specify the backup schedule.

  8. Click Next, specify the retention details, and enable the Enable Data Lock toggle.

  9. In the Enable Data Lock dialog box, read the conditions and proceed accordingly.

  10. Click Yes, Enable, and then click Finish.

The backup policy is created with Data Lock enabled.


📝 Note

For a backup set, you can change the associated backup policy to a different backup policy type only if the original backup policy is not enabled for data lock.


Enabling Data Lock for an existing backup policy


❗ Important

Enabling Data Lock is an irreversible action. Data Lock will apply to historical and future recovery points.


  1. Log in to the Management Console.

  2. On the console, from the top menu, select Organization.

  3. Select Protect > Go to Azure.

  4. On the left pane, select a subscription and click SQL.

  5. On the left pane, select Backup Policies, and then enter the backup policy name in the Policy Name column.

  6. On the Summary page, in the Retention section, click Edit.

  7. Toggle the Enable Data Lock option.

  8. In the Enable Data Lock dialog box, read the conditions and proceed accordingly.

The Data Lock column displays whether it is enabled or disabled for each backup policy on the Backup Policies page. In addition, you will see that the Data Lock is enabled in the Summary tab on the Backup Policies page.

Data Lock FAQs

Which licenses offer the Data Lock feature?

  • Elite and Enterprise customers will have a Data Lock option by default.

Will Data Lock impact the storage consumption of my data?

  • Enabling Data Lock in your backup policy will not impact storage consumption.

Can I manually delete Data Lock-enabled backup sets and recovery points?

  • No, once you enable Data Lock for the backup set, you cannot manually delete the backup policy or backup set.

Can I update the policy retention once I enable Data Lock?

  • Once you enable Data Lock, the backup retention criteria specified cannot be modified.

My backup set is mapped with a Data Lock-enabled backup policy. Can I associate another Data Lock-enabled backup policy to the same backup set?

  • You cannot modify the Data Lock-enabled backup policy associated with the backup set to another Data Lock-enabled backup policy.

Did this answer your question?