Azure Virtual Machines

No Recovery Services Vault

Ensures that a recovery services vault is configured to retain a backup for Virtual Machines.

Risk Level: Medium

Description

This plugin ensures that all Azure Virtual Machines (VMs) have the recovery services vault configured to retain backups. Recovery services vaults store the recovery points created over time and provide an interface for performing backup-related operations. 

About the Service

Azure Virtual Machines:

Azure Virtual Machines (VM) are one of several forms of scalable, on-demand computing resources offered by Azure. VMs are typically used when you require more control over the computing environment than the other options provide.  To know more, read here.

Impact

Recovery Services vault allows you to perform operations such as creating on-demand backups, restorations, and backup policies. If there is no recovery service vault configured for your Virtual Machine, it could decrease the efficiency of the backups and performance of your VMs.

Steps to Reproduce

Using Azure Console-

  1. Log In to your Azure Console.
  2. Navigate to the Home portal of the Azure Console and click on All services.
  3. Select Recovery Services vaults under Storage to access all the virtual machines present in the directory. You can use this link here to navigate directly if you’re already logged in.
  4. If there are no recovery services vaults present, then the vulnerability exists in your current Azure directory.
  5. If you have multiple directories, repeat steps 2 to 4 for each directory in your Azure Console. 

Steps for Remediation

Follow the steps given below to make the necessary changes.
Using Azure Console-

  1. Log In to your Azure Console.
  2. Navigate to the Home portal of the Azure Console and click on All services.
  3. Select Recovery Services vaults under Storage to access all the virtual machines present in the directory. You can use this link here to navigate directly if you’re already logged in.
  4. Click on the Create button to create a recovery services vault.
  5. Fill in the required details and select your desired configurations and click on Review + create to create the new recovery services vault.