| title | Data Protection Overview for Azure Files |
|---|---|
| description | Learn how to protect your data in Azure Files. Understand the concepts and processes involved with backup and recovery of Azure file shares. |
| author | khdownie |
| ms.service | azure-file-storage |
| ms.topic | overview |
| ms.date | 07/25/2025 |
| ms.author | kendownie |
Azure Files gives you many tools to protect your data, including soft delete, share snapshots, Azure Backup, and Azure File Sync. This article describes how to protect your data in Azure Files, and the concepts and processes involved with backup and recovery of Azure file shares.
:::row::: :::column::: > [!VIDEO https://www.youtube.com/embed/TOHaNJpAOfc] :::column-end::: :::column::: Watch this video to learn how Azure Files advanced data protection helps enterprises stay protected against ransomware and accidental data loss while delivering greater business continuity. :::column-end::: :::row-end:::
For Azure Files, data protection refers to protecting the storage account, file shares, and data within them from being deleted or modified, and for restoring data after it's been deleted or modified.
There are several reasons why you should protect your file share data.
- Recovery from accidental data loss: Recover data that's accidentally deleted or corrupted.
- Upgrade scenarios: Restore to a known good state after a failed upgrade attempt.
- Ransomware protection: Recover data without paying ransom to cybercriminals.
- Long-term retention: Comply with data retention requirements.
- Business continuity: Prepare your infrastructure to be highly available for critical workloads.
You can configure Azure Backup to back up SMB Azure file shares by using the Azure portal, Azure PowerShell, Azure CLI, or REST API. You can also use Azure File Sync to back up on-premises file server data on an SMB Azure file share.
To learn how to back up and restore Azure file shares using the Azure portal, see the following articles:
To learn how to back up and restore Azure file shares using Azure PowerShell, see the following articles:
- Back up Azure file shares with PowerShell
- Restore Azure file shares with PowerShell
- Manage Azure file share backups with PowerShell
To learn how to back up and restore Azure file shares using Azure CLI, see the following articles:
- Back up Azure file shares with Azure CLI
- Restore Azure file shares with Azure CLI
- Manage Azure file share backups with Azure CLI
To learn how to back up and restore Azure file shares using the REST API, see the following articles:
- Back up Azure file shares with REST API
- Restore Azure file shares with REST API
- Manage Azure file share backups with REST API
Azure Files offers multiple redundancy options, including geo-redundancy, to help protect your data from service outages due to hardware problems or natural disasters. To find out which option is best for your use case, see Azure Files data redundancy.
Important
Azure Files only supports geo-redundancy (GRS or GZRS) for HDD file shares. SSD file shares must use locally redundant storage (LRS) or zone redundant storage (ZRS).
In the case of a disaster or unplanned outage, restoring access to file share data is critical to keeping the business operational. Depending on the criticality of the data hosted in your file shares, you might need a disaster recovery strategy that includes failing your Azure file shares over to a secondary region.
Azure Files offers customer-managed unplanned failover for HDD file shares if the data center in the primary region becomes unavailable. Customer-managed planned failover can also be utilized in multiple scenarios, including planned disaster recovery testing, a proactive approach to large scale disasters, or to recover from non-storage related outages.
[!INCLUDE storage-failover.planned-preview]
[!INCLUDE storage-failover-user-unplanned-preview-lst]
See Disaster recovery and failover for Azure Files.
Data loss doesn't always occur because of a disaster. More often, it's the result of human error. Azure gives you tools to prevent accidental deletion of storage accounts and file shares.
Storage account locks enable admins to lock the storage account to prevent users from accidentally deleting the storage account. There are two types of storage account locks:
- CannotDelete lock prevents users from deleting a storage account, but permits modifying its configuration.
- ReadOnly lock prevents users from deleting a storage account or modifying its configuration.
For more information, see Apply an Azure Resource Manager lock to a storage account.
You can recover an accidentally deleted storage account if the following criteria are met:
- The storage account was deleted within the past 14 days.
- The storage account was created with the Azure Resource Manager deployment model.
- A new storage account with the same name hasn't been created since the original account was deleted.
- The user who is recovering the storage account must be assigned an Azure RBAC role that provides the Microsoft.Storage/storageAccounts/write permission.
Storage account recovery is a feature and can't be disabled. For more information and step-by-step instructions, see Recover a deleted storage account.
Soft delete works on a file share level to protect Azure file shares against accidental deletion. If a share with soft delete enabled is deleted, it moves to a soft deleted state internally and can be retrieved until the retention period expires. Azure file shares are still billed on the used capacity when they're soft deleted.
For more information, see Enable soft delete on Azure file shares and Prevent accidental deletion of Azure file shares.
File share snapshots are point-in-time copies of your Azure file share that you can take manually or automatically via Azure Backup. You can then restore individual files from these snapshots. You can take up to 200 snapshots per file share.
Snapshots are incremental in nature, capturing only the changes since the last snapshot. That means they're space and cost efficient. You're billed on the differential storage utilization of each snapshot, making it practical to have multiple recovery points to cater low RPO requirements.
For more information, see Overview of share snapshots for Azure Files.
Using Azure File Sync with Azure Backup is an easy solution for hybrid cloud backups from on-premises to cloud. Azure File Sync keeps the files in sync and centralized.
:::image type="content" source="media/files-data-protection-overview/azure-file-sync-with-azure-backup.png" alt-text="Architecture diagram for using Azure File Sync along with Azure Backup to back up multiple file servers." border="false":::
This method simplifies disaster recovery and gives you multiple options. You can recover single files or directories, or perform a rapid restore of your entire file share. Just bring up a new server on the primary and point it to the centralized Azure file share where it can access the data. Over time, files will be locally cached or tiered to the cloud based on Azure File Sync settings.