Important
Our Cloud services are being updated in stages. If you do not see the updates mentioned here yet, they will be available in your region soon. To know more, see Druva Cloud Upgrade Process.
June 01, 2026
Azure Files
New Feature
Securely backup Azure Files in Azure Government to AWS GovCloud
You can now back up and restore Azure Files residing in isolated Azure Government networks directly to AWS GovCloud. This update supports storage accounts secured behind Azure Private Link or Virtual Network service endpoints, allowing you to maintain strict network isolation with public internet access disabled.
Key benefits
Total network isolation: Backups operate entirely via secure outbound connections. No inbound network access is required.
Cost-optimized footprint: Protection resources are provisioned on-demand only during active backup or recovery jobs.
For more information, see Protecting Azure Storage with Private Access.
Customer action required: Update the tenant registration.
Azure Blob Storage
New Feature
Securely backup Azure Blob Storage in Azure Government to AWS GovCloud
You can now back up and restore Azure Blob Storage residing in isolated Azure Government networks directly to AWS GovCloud. This update supports storage accounts secured behind Azure Private Link or Virtual Network service endpoints, allowing you to maintain strict network isolation with public internet access disabled.
Key benefits
Total network isolation: Backups operate entirely via secure outbound connections. No inbound network access is required.
Cost-optimized footprint: Protection resources are provisioned on-demand only during active backup or recovery jobs.
For more information, see Protecting Azure Storage with Private Access.
Customer action required: Update the tenant registration.
Azure-wide updates
New Feature
Automated resource tagging for Azure subscription onboarding
Ensure seamless onboarding and maintain regulatory governance by automatically propagating organizational tags to Druva-created backend resources. This capability prevents onboarding failures caused by strict Azure Policy rules that block the creation of untagged resources.
By adding a dedicated tag to your Azure subscription prior to deployment, Druva reads your specified key-value pairs and automatically applies them to its backend infrastructure components.
With automated resource tagging, you can:
Comply with internal governance and corporate compliance mandates during deployment.
Prevent automated onboarding workflows from being blocked by strict Azure tagging policies.
Track and allocate Druva infrastructure costs directly within your Azure billing console.
📝 Note
Availability of the automated resource tagging feature is included for all license editions protecting cloud-native Azure workloads.
For more information, see Automatically apply resource tags during Azure onboarding.
Customer action required: None.
May 18, 2026
Azure Blob Storage
New Feature
Long-term retention for Azure Blob Storage Accounts
Secure data for extended periods and reduce costs with long-term retention (LTR) for Azure Blob Storage. LTR helps you meet compliance mandates by preserving data for one year or longer while optimizing storage spend.
As recovery points age, the data is automatically moved to lower-cost cold storage tiers to minimize expenses.
With LTR, you can:
Address legal and compliance needs by protecting data for the long term.
Reduce TCO by automatically tiering older recovery points to archive storage.
Manage long-term archives and short-term backups from a single console.
For more information, see Long Term Retention for Enterprise Workloads.
📝 Note
Availability of the LTR feature is limited to Enterprise and Elite license editions.
Customer action required: None.
Azure Files
New Feature
Long-term retention for Azure Files
Long-term retention (LTR) is now supported for Azure Files, enabling data preservation for one year or longer. This feature helps you meet compliance mandates while optimizing storage spend for your file shares.
As recovery points age, the data is automatically moved to lower-cost cold storage tiers to minimize expenses.
With LTR, you can:
Address legal and compliance needs by protecting data for the long term.
Reduce TCO by automatically tiering older recovery points to archive storage.
Manage long-term archives and short-term backups from a single console.
For more information, see Long Term Retention for Enterprise Workloads.
📝 Note
Availability of the LTR feature is limited to Enterprise and Elite license editions.
Customer action required: None.
Azure SQL
New Feature
Protect Azure SQL workloads in AWS GovCloud (US) Regions
AWS GovCloud (US) is now available as a storage target for the entire Azure SQL family:
Azure SQL Database
Azure SQL Managed Instance
SQL Server on Azure VM
This update facilitates cross-cloud resiliency for Federal and SLED agencies by vaulting sovereign data across independent cloud providers.
Key Capabilities:
Cross-cloud resilience: Protect against provider-specific outages by isolating backups in separate physical and logical infrastructure.
Sovereign compliance: Ensure data remains within U.S. sovereign boundaries to meet FedRAMP and FIPS requirements.
Centralized management: Oversee data protection for on-premises, SaaS, AWS, and Azure Government workloads from a single console.
📝 Note
This feature is available in specific Azure Government and AWS GovCloud (US) regions. For the full list of regions, see Supported Cloud Storage Regions for Enterprise Workloads.
Customer action required: None.
Known Issues
Issue | Description |
PHN-225935 | In AWS GovCloud (US), the Isolated Copy backup method for protecting Azure SQL Databases fails to delete the ephemeral instances created during the backup process. The delete operation fails with a Workaround: Manually delete the ephemeral database instance created during the backup process. |
Fixed Issues
Issue | Description |
PHN-220891 | During Azure Blob Storage backup jobs, when Azure throttles requests, an incorrect error message was displayed |
PHN-217985 | When using Azure Blob or Azure Files with a private endpoint, backups and VM provisioning failed if the subnet associated with the storage account ran out of available IP addresses. This is now fixed. |
May 04, 2026
Azure-wide updates
New Feature
Centralized Reporting for AWS GovCloud (US)
We have launched centralized reporting as the primary reporting offering for administrators in the AWS GovCloud (US) region. This update moves workload visibility to the unified Druva Cloud Platform Console, providing a high-performance, secure interface designed to meet the rigorous demands of government-scale data management.
You can avail this experience immediately, with no changes required to your existing backup or recovery workflows.
With this update, you can:
View all GovCloud workload data insights from a single, unified page.
Access audit-ready data through an updated reporting engine for internal compliance.
Find critical information faster via the intuitive global navigation menu in the Druva Cloud Platform Console.
📝 Note
All subscriptions currently configured for the Legacy reports within the Enterprise Workloads Management Console are incompatible with the centralized reports on Druva Cloud Platform Console. These subscriptions will not migrate automatically.
Customer action required: Subscribe to the centralized reporting on the Druva Cloud Platform Console.
Known Issues
Issue | Description |
PHN-223315 | Updating an existing Azure Blob backup set results in a |
PHN-219735 | The backup of Azure SQL resources (including Azure SQL database, Azure SQL Managed Instance, and SQL server on Azure VM) fails with error code AZURE_SQL 1046 when the subnet specified in the DRUVA_QB_SUBNET tag cannot establish a network connection with the Azure SQL resource. Workaround: The chosen Subnet must have network access to the Azure SQL instance via a Service Endpoint or Private Endpoint. If the subnet does not have access, the jobs will fail. For more information, see Configure Azure Tags for Quantum Bridge Resource Placement. |
Fixed Issues
Issue | Description |
PHN-220892 | When backing up an Azure Blob storage account that contains no containers, an incorrect error code was displayed ( |
PHN-221850 | Azure Blob container discovery failed for storage accounts with |
April 20, 2026
Azure SQL
New Feature
Protect Azure SQL Databases with Isolated Copy Protection
Experience a cloud-native, agentless backup solution designed to protect Azure SQL Databases with zero production impact. This feature provides a robust alternative to Change Data Capture (CDC) backups, specifically for service tiers or workloads where CDC is unsupported or restricted. With this feature, administrators can:
Protect all service tiers: Extend enterprise-grade protection to Basic and Standard (S0–S2) service tiers, previously incompatible with CDC-based solutions.
Eliminate production impact: Offload backup processing to temporary, isolated copies to ensure no resource contention on active production workloads.
Ensure transactional consistency: Capture a transactionally consistent state of the database, including schema, metadata, triggers, and roles.
Broad compatibility: Support specialized SQL types, including Graph, Memory-Optimized, and Ledger tables, which are restricted under CDC.
📝 Note
This feature is now available as a self-service option. You can activate Isolated Copy Protection by configuring a new backup policy or updating an existing one to use the Isolated Copy backup method.
For more information, see Isolated Copy data protection for Azure SQL databases.
Customer action required: None.
Enhancement
Automated Readiness Assessment for Azure SQL Data Protection
Eliminate backup and recovery job failures by proactively identifying configuration issues before operations start. New automated pre-checks ensure your Azure SQL environments meet all prerequisites. This allows administrators to resolve potential permission, connectivity, or compatibility gaps upfront.
With this feature, administrators can:
Verify credentials: Ensure backup identities have the required access for data protection operations.
Validate connectivity: Confirm all infrastructure and network prerequisites are met.
Confirm availability: Ensure configured databases exist and are currently online.
This update eliminates avoidable failures with automated, simplified, and guided checks that proactively resolve environment issues. These proactive measures improve backup success rates and accelerate recovery.
For more information, see Validating Azure SQL readiness with Pre-checks.
Customer action required: None.
New Feature
Enable Tag-Based Placement of Quantum Bridge
Administrators can now define the specific Azure Resource Group and Subnet for ephemeral Quantum Bridge deployment. This enables discrete resource placement within highly regulated or zero-trust environments.
Key benefits
Centralized Management: Deploy into dedicated resource groups to simplify billing, cost reporting, and alignment with organizational blueprints.
Network Integration: Use pre-approved subnets to respect micro-segmentation and Zero Trust models, fitting even the most prescriptive designs.
In-VNet Protection: Secure Azure SQL within existing VNets, eliminating the need for VNet peering or legacy hub-and-spoke reconfigurations.
Flexible Placement: Use additive tags to set global defaults at the subscription level while maintaining granular control via resource-level overrides.
For more information, see Customizing Quantum Bridge Placement for Azure SQL.
Customer action required: None.
Azure Blob Storage
Enhancement
Protect Azure Blob Storage Cool and Cold Access Tiers
We are extending our SaaS-native protection to the full Azure Blob online lifecycle. You can now secure your data across Hot, Cool, and Cold access tiers with zero infrastructure and total cost control. This enhancement enables you to protect infrequently accessed data more cost-effectively while maintaining immediate availability.
With this feature, you can:
Protect tiered Blob data: Secure your infrequently accessed, unstructured data with immutable, air-gapped backups without the burden of managing backup infrastructure.
Avoid recovery transaction fees: Choose to restore data to its Original Tier or promote it to the Hot Tier to bypass the higher Azure write API costs associated with lower tiers.
Guarantee compliance readiness: Maintain a defensible audit trail of protection across all online tiers to ensure regulatory requirements are met without gaps.
For more information, see About Azure Blob Storage Access Tiers.
Customer action required: None.
Known Issues
Issue | Description |
PHN-219488 | In Azure SQL, while restoring from a full database export, the UI displays the Database Size incorrectly as "0" for both, servers and individual databases. This is a UI discrepancy only and does not impact the actual restore operation. |
PHN-219066 | Restore jobs for Azure Files remain in a "Queued" state and do not start when restoring to an alternate location. Workaround: Cancel the current backup or restore job and retry. |
PHN-218462 | When a Private DNS Zone or its DNS recordset associated with an Azure Storage Account's Private Endpoint is deleted, backup jobs are incorrectly reported as "Successful with Errors" even though DNS resolution failures prevent data from being backed up. Workaround: Ensure the Private DNS Zone and its corresponding DNS record for the storage account's private endpoint are correctly configured. |
PHN-217699 | VM provisioning can fail when firewall application rules block the required outbound network access. Workaround: Review and adjust firewall application rules to ensure required outbound connectivity for VM provisioning before starting the operation. |
PHN-216302 | If a cross-tenant VNet is selected when configuring network settings for Azure Blobs or Azure files, an incorrect error message "vnetResourcelD is required: Invalid argument error" is displayed. |
PHN-215839 | Backups for Azure Files intermittently fail with an error indicating that the file share has been deleted, even though the share still exists. |
PHN-217985 | When using Azure Blob or Azure Files with a private endpoint, backups and VM provisioning fail if the subnet associated with the storage account ran out of available IP addresses. |
PHN-220891 | During Azure Blob Storage backup jobs, when Azure throttles requests, an incorrect error message is displayed "Failed to fetch container list: failed to list containers" instead of HTTP 429 TooManyRequests". |
PHN-220892 | When backing up an Azure Blob storage account that contains no containers, an incorrect error code is displayed (AZURE_BLOB 1000) instead of the correct error code (AZURE_BLOB 1030). |
PHN-221850 | Azure Blob container discovery fails for storage accounts with SubscriptionNotFound error. |
April 06, 2026
Azure Blob Storage
New Feature
Protect Azure Blob Storage Account Private Endpoints and Service Endpoints
You can now protect Azure Blob storage accounts that have Public Network Access disabled to meet strict data exfiltration and security policies. This update enables seamless backup and recovery for storage accounts secured via Azure Private Link or Virtual Network (VNet) Service Endpoints. This ensures data protection remains functional even within network-isolated, private Azure environments.
With this feature, you can:
Support Private Access: Protect storage accounts with Public Network Access disabled via Azure Private Link or VNet Service Endpoints.
Automate Resource Management: Reduce overhead with a temporary VM (Quantum Bridge) that automatically creates during jobs and destroys upon completion to minimize costs.
Reduce Attack Surface: Ensure a zero long-running footprint with ephemeral, hardened Linux compute that exists only during active jobs.
Secure Outbound Connectivity: Maintain a high security posture with outbound-only communication, eliminating inbound firewall exceptions.
Ensure Compliance: Maintain organizational security postures by keeping storage accounts isolated from the public internet.
Identify Configuration Drift: Receive immediate alerts in the console if Azure network settings change, preventing silent backup failures.
This update allows for seamless backup and recovery within restricted network architectures. It requires outbound HTTPS (Port 443) connectivity from the selected Azure VNet to the control plane.
For more information, see Protecting Azure Storage with Private Access.
📝 Note
Currently, you can protect Azure Blob Storage Accounts with private endpoints and service endpoints only in Azure Public regions.
Customer action required: Update the tenant registration to grant necessary permissions.
Azure Files
New Feature
Protect Azure Files Storage Account Private Endpoints and Service Endpoints
You can now protect Azure Files storage accounts that have Public Network Access disabled to meet strict data exfiltration and security policies. This update enables seamless backup and recovery for storage accounts secured via Azure Private Link or Virtual Network (VNet) Service Endpoints. This ensures data protection remains functional even within network-isolated, private Azure environments.
With this feature, you can:
Support Private Access: Protect storage accounts with Public Network Access disabled via Azure Private Link or VNet Service Endpoints.
Automate Resource Management: Reduce overhead with a temporary VM (Quantum Bridge) that automatically creates during jobs and destroys upon completion to minimize costs.
Reduce Attack Surface: Ensure a zero long-running footprint with ephemeral, hardened Linux compute that exists only during active jobs.
Secure Outbound Connectivity: Maintain a high security posture with outbound-only communication, eliminating inbound firewall exceptions.
Ensure Compliance: Maintain organizational security postures by keeping storage accounts isolated from the public internet.
Identify Configuration Drift: Receive immediate alerts in the console if Azure network settings change, preventing silent backup failures.
This update allows for seamless backup and recovery within restricted network architectures. It requires outbound HTTPS (Port 443) connectivity from the selected Azure VNet to the control plane.
For more information, see Protecting Azure Storage with Private Access.
📝 Note
Currently, you can protect Azure Files Storage Accounts with private endpoints and service endpoints only in Azure Public regions.
Customer action required: Update the tenant registration to grant necessary permissions.
March 02, 2026
Azure SQL
Enhancement
Expanded Readiness Checks for Azure SQL
You can now use automated Readiness Checks to validate Azure SQL resource configurations before backup or restore operations begin. These proactive validations identify infrastructure blockers—such as networking or identity gaps—to ensure reliable data protection.
Key benefits
Proactive conflict detection: Identify NSG or subnet delegation gaps during setup.
Verified infrastructure readiness: Confirm connectivity and encryption requirements are met for 100% reliable protection.
Accelerated RTO: Minimize downtime with clear, actionable remediation steps for every configuration error.
For more information, see Validating Azure SQL Readiness with Pre-checks.
Customer action required: None.
Known Issues
Issue | Description |
PHN-213355 | An internal error occurs during backup set creation if you select Azure SQL databases with Basic or Standard (S0, S1, S2) service tiers without enabling Isolated Copy Protection in your backup policy.
Workaround: Either deselect databases with Basic or Standard (S0, S1, S2) tiers or use a backup policy with isolated copy protection enabled. For more information, contact Support. |
Fixed Issues
Issue | Description |
PHN-209679 | Azure VM backup provisioning fails when the Azure virtual machine is powered off during the synchronization process. This is now fixed. |
February 16, 2026
Azure SQL
New Feature
Protect Azure SQL Databases with Isolated Copy Protection
Experience a cloud-native, agentless backup solution designed to protect Azure SQL Databases with zero production impact. This feature provides a robust alternative to Change Data Capture (CDC) backups, specifically for service tiers or workloads where CDC is unsupported or restricted.
With this feature, administrators can:
Protect All Service Tiers: Extend enterprise-grade protection to Basic and Standard (S0–S2) service tiers, previously incompatible with CDC-based solutions.
Eliminate Production Impact: Offload backup processing to temporary, isolated copies to ensure no resource contention on active production workloads.
Ensure Transactional Consistency: Capture a transactionally consistent state of the database, including schema, metadata, triggers, and roles.
Broad Compatibility: Support specialized SQL types, including Graph, Memory-Optimized, and Ledger tables, which are restricted under CDC.
This update enhances data protection flexibility by enabling full backups for environments where CDC is restricted or unsupported.
For more information, see Isolated Copy data protection for Azure SQL databases.
Customer action required: To enable this feature, contact Support.
New Feature
Introducing Cross-Tenant Restore Support
Druva now supports Cross-Tenant Restore for Azure SQL, enabling administrators to recover data to an entirely different Microsoft Entra ID (formerly Azure AD) tenant. This update removes previous security boundary restrictions, providing a critical safety net against tenant-level compromises or large-scale ransomware events where a primary tenant may be inaccessible.
By decoupling backup data from the source tenant, Druva empowers enterprise customers to maintain business continuity during tenant migrations, mergers, and acquisitions (M&A), or forensic investigations.
Key Capabilities
Tenant-Agnostic Recovery: Restore mission-critical Azure SQL databases to any authorized target tenant.
Streamlined Target Selection: Directly browse and select target subscriptions, regions, and resource groups across registered tenants from a single recovery interface.
Hardened Disaster Recovery: Meet stringent compliance and "Break Glass" requirements by maintaining a recovery path that resides outside the primary security domain
For more information, see Support matrix for Azure SQL.
This update significantly improves security and flexibility for enterprise-scale Azure environments by supporting multi-tenant recovery workflows.
Customer action required: None.
Azure Files Cloud Native
New Feature
Multi-Cloud Resilience: Azure Files Support in AWS GovCloud (US)
Strengthen your organization’s data protection posture with our new support for Azure Files on Azure Government, backed by AWS GovCloud (US) storage. This expansion allows Federal and SLED organizations to move beyond single-provider dependencies by vaulting mission-critical file shares across sovereign cloud boundaries.
By leveraging AWS GovCloud as a secondary air-gapped site, you ensure that your file shares remain resilient, compliant, and recoverable—no matter the scale of the disruption.
Supported Regions:
Source (Azure Government): US Gov Virginia, US Gov Texas
Target (AWS GovCloud): US-East, US-West
Why this matters
Mission Sovereignty: Ensures sensitive data remains exclusively within authorized U.S. sovereign boundaries.
Compliance Alignment: Meets FIPS requirements by utilizing dedicated GovCloud infrastructure.
Multi-Cloud Resiliency: Protects high-value assets against provider-specific outages through physical infrastructure isolation.
For more information, see Protect Azure Government Workloads to AWS GovCloud (US).
Customer action required: None.
New Feature
Introducing Cross-Tenant Restore Support
Druva now supports Cross-Tenant Restore for Azure Files, enabling administrators to recover data to an entirely different Microsoft Entra ID (formerly Azure AD) tenant. This update removes previous security boundary restrictions, providing a critical safety net against tenant-level compromises or large-scale ransomware events where a primary tenant may be inaccessible.
By decoupling backup data from the source tenant, Druva empowers enterprise customers to maintain business continuity during tenant migrations, mergers, and acquisitions (M&A), or forensic investigations.
Key Capabilities
Tenant-Agnostic Recovery: Restore mission-critical Azure Files to any authorized target tenant.
Streamlined Target Selection: Directly browse and select target subscriptions, regions, and resource groups across registered tenants from a single recovery interface.
Hardened Disaster Recovery: Meet stringent compliance and "Break Glass" requirements by maintaining a recovery path that resides outside the primary security domain
For more information, see Support matrix for Azure Files.
This update significantly improves security and flexibility for enterprise-scale Azure environments by supporting multi-tenant recovery workflows.
Customer action required: None.
Azure Blob Storage
New Feature
Introducing Cross-Tenant Restore Support
Druva now supports Cross-Tenant Restore for Azure Blob, enabling administrators to recover data to an entirely different Microsoft Entra ID (formerly Azure AD) tenant. This update removes previous security boundary restrictions, providing a critical safety net against tenant-level compromises or large-scale ransomware events where a primary tenant may be inaccessible.
By decoupling backup data from the source tenant, Druva empowers enterprise customers to maintain business continuity during tenant migrations, mergers, and acquisitions (M&A), or forensic investigations.
Key Capabilities
Tenant-Agnostic Recovery: Restore mission-critical Azure Blob storage to any authorized target tenant.
Streamlined Target Selection: Directly browse and select target subscriptions, regions, and resource groups across registered tenants from a single recovery interface.
Hardened Disaster Recovery: Meet stringent compliance and "Break Glass" requirements by maintaining a recovery path that resides outside the primary security domain
For more information, see Support matrix for Azure Blob.
This update significantly improves security and flexibility for enterprise-scale Azure environments by supporting multi-tenant recovery workflows.
Customer action required: None.
February 02, 2026
Azure SQL
Enhancement
Automated Network Readiness checks
To ensure your Azure SQL data protection is reliable from day one, we have expanded our automated readiness checks. You can now identify and resolve environmental network blockers before they impact your backup and recovery operations for Azure SQL databases.
These proactive validations ensure your Azure SQL Managed Instance (MI) environment meets the following connectivity requirements:
Inbound Connectivity (Data Plane): Verifies that the Network Security Group (NSG) associated with your SQL MI subnet allows traffic on Port 1433. This ensures the Druva service can securely communicate with your database for data movement.
Outbound Key Vault Access (Security): Confirms the subnet can reach Azure Key Vault via Port 443. This ensures that your Customer-Managed Keys (CMK) and encryption secrets are always accessible for secure backup and restore workflows.
By validating these paths automatically, you can avoid common silent failures caused by external networking or policy changes, ensuring a healthier and more resilient data protection environment.
For more information, see Validating Azure SQL Readiness with Pre-checks.
Customer action required: None.
Azure VM
New Feature
Protect Azure Government workloads in AWS GovCloud (US)
You can now protect Azure Government workloads in AWS GovCloud (US), enabling the industry’s first and only cross-cloud solution for mission-critical public sector workloads. This provides a direct path to back up and recover sensitive data across US sovereign clouds. By utilizing AWS GovCloud (US) as a secondary site for Azure Virtual Machines and Azure Blob Storage, Federal and SLED agencies can enforce a cross-provider air-gap, eliminating single-provider dependency and ensuring mission continuity.
Supported Regions
Source (Azure Government): US Gov Virginia, US Gov Texas
Target (AWS GovCloud): US-East, US-West
Key benefits
Mission Sovereignty: Ensures sensitive data remains exclusively within authorized U.S. sovereign boundaries.
Compliance Alignment: Meets FIPS requirements by utilizing dedicated GovCloud infrastructure.
Multi-Cloud Resiliency: Protects high-value assets against provider-specific outages through physical infrastructure isolation.
For more information, see Protect Azure Government Workloads to AWS GovCloud (US).
New Feature
Recovery Intelligence for Azure virtual machines
Integrate advanced threat hunting capabilities into your recovery workflow, to identify non-impacted snapshots and eliminate the risk of re-infecting your environment.
Sanitize your recovery data before you even click Restore. With Recovery Intelligence, the Cyber Recovery workflow is integrated into your Azure VM restore interface, offering real-time, recovery-focused insights that empower you to recover with confidence.
Pre-Recovery Threat Hunt: Every recovery now includes an option to perform a threat hunt, helping you pinpoint clean snapshots for a successful restore.
Recovery Intelligence: Gather insights into the health of your snapshots with automated intelligence that populates critical data about each restore point.
Integrated Restore Scans: Before committing to a restore, perform a Cloud-based IOC (Indicator of Compromise) scan and AV (Antivirus) scan on your selected restore point to verify it is free of malware.
For more information, see Restore Azure virtual machines using Cyber Recovery.
Customer action required:
To view and access the Recovery Intelligence feature, you must have either a Security Posture & Observability, Accelerated Ransomware Recovery, or a premium license.
To view and access the Recovery Intelligence details for the Threat Hunting feature, the Premium license is mandatory.
New Feature
Cloud-based Data Anomaly support for Azure virtual machines
With the Data Anomalies capability, proactively monitor cloud backups for suspicious activity without manual oversight or complex infrastructure management.
Zero-Touch Deployment: Benefit from flexible, agentless protection. This feature is entirely credential-free, requiring no local installations or heavy maintenance.
Proactive Data Anomaly Detection: Our intelligent algorithm monitors backups for unusual spikes in file additions, deletions, modifications, or encryption, enabling you to identify ransomware or insider threats in real-time.
Customizable Security: Define your own detection thresholds or stick with our recommended defaults.
Actionable Insights: Stay ahead of risks by reviewing alerts from the Data Anomalies tab under Cyber Resiliency, to ensure your data remains untampered.
For more information, see Data Anomalies Settings.
January 19, 2026
Azure SQL
New Feature
Eliminate authentication failures with automated Azure SQL Readiness checks
We’ve introduced intelligent, automated prechecks for Azure SQL to ensure your data protection is successful from day one. By validating your environment before a backup or restore starts, Druva identifies potential blockers—such as incorrect credentials, missing VNet rules, or subnet delegation conflicts—before they impact your recovery points.
Key benefits
Fail-fast validation: Catch configuration gaps (such as missing VNet rules for Azure SQL database) instantly during setup rather than at job execution.
Optimized managed instance support: Automatically verify that your ephemeral Druva Quantum Bridge (i.e. VMs) has a compatible and non-delegated subnet assigned.
Reduced administrative overhead: Spend less time troubleshooting failed jobs with clear, actionable remediation steps for every connectivity or authentication error.
Guaranteed compliance: Ensure every Azure SQL resource meets networking and security prerequisites for 100% reliable protection.
For more information, see Validating Azure SQL Readiness with Prechecks.
Customer action required: None.
Azure VM
New Feature
Eliminate restore failures with automated Azure VM Readiness checks
We’ve introduced intelligent, automated prechecks for Azure virtual machines to ensure your recovery is successful the first time, every time. By validating your target environment configuration before a restore begins, Druva identifies potential infrastructure conflicts, such as VNet/Subnet mismatches, or resource naming collisions, before they delay your recovery timeline.
Key benefits
Proactive conflict detection: Detect resource mismatches (like invalid VNet mappings or restricted Resource Groups) instantly during the restore workflow rather than waiting for an Azure deployment failure.
Verified infrastructure readiness: Automatically confirm that your selected Instance Type, Availability Zone, and Subnet are compatible, and available within the target region.
Advanced customization guardrails: Rest confidently when using advanced settings; Druva validates unique NIC names, Disk names, and Static IP availability to prevent conflicts with existing production assets.
Accelerated RTO: Minimize downtime by receiving clear, Recommended Actions for every configuration error, allowing you to fix issues upfront and achieve a faster Return to Operations.
For more information, see Azure VM Restore Readiness Prechecks.
Customer action required: None.
Known Issues
Issue | Description |
PHN-204926 | Scheduled Azure VM backup jobs are skipped when the source virtual machine has been deleted. |
January 05, 2026
Azure SQL
New Feature
Protect mission-critical backups from accidental or malicious deletion with Rollback Actions
You can now configure the Rollback Actions capability to enhance your organization’s data security posture and safeguard backup data from accidental or malicious deletion. With Rollback Actions, you can rollback deleted Azure SQL backup sets within a configurable rollback window.
The deleted recovery points are available for rollback for a specific period, post which they are permanently deleted, and administrators can revert malicious or unintended deletes without any loss of data. For more information, see Configure Azure SQL resources for backup.
Customer action required: To enable Rollback Actions, you will need the Security Essentials license. To activate the license, contact Support.