Manage Azure SQL Database long-term backup retention

Applies to: Azure SQL Database

With Azure SQL Database, you can set a long-term backup retention (LTR) policy to automatically retain backups in separate Azure Blob storage containers for up to 10 years. You can then recover a database using these backups using the Azure portal, Azure CLI, or PowerShell.

Prerequisites

An active Azure subscription.

Permissions

To view and restore LTR backups, including Get-AzSqlDatabaseLongTermRetentionBackup and Restore-AzSqlDatabase, you need:

  • Subscription Owner role or

  • Subscription Contributor role or

  • SQL Server Contributor role or

  • Custom role with the following permissions:

    Microsoft.Sql/locations/longTermRetentionBackups/read Microsoft.Sql/locations/longTermRetentionServers/longTermRetentionBackups/read Microsoft.Sql/locations/longTermRetentionServers/longTermRetentionDatabases/longTermRetentionBackups/read

To delete LTR backups, including Remove-AzSqlDatabaseLongTermRetentionBackup, you need to be a member of one of the following roles:

  • Subscription Owner role or

  • Subscription Contributor role or

  • Custom role with the following permission:

    Microsoft.Sql/locations/longTermRetentionServers/longTermRetentionDatabases/longTermRetentionBackups/delete

Note

The SQL Server Contributor role does not have permission to delete LTR backups.

Azure role-based access control (RBAC) permissions could be granted in either subscription or resource group scope. However, to access LTR backups that belong to a dropped server, this permission must be granted in the subscription scope of that server:

Microsoft.Sql/locations/longTermRetentionServers/longTermRetentionDatabases/longTermRetentionBackups/delete

Create long-term retention policies

You can configure SQL Database to retain automated backups for a period longer than the retention period for your service tier.

  1. In the Azure portal, navigate to your server and then select Backups. Select the Retention policies tab to modify your backup retention settings.

    Screenshot of the Azure portal showing the retention policies experience.

  2. On the Retention policies tab, select the database(s) on which you want to set or modify long-term backup retention policies. Unselected databases will not be affected.

    Screenshot of the Azure portal of the retention policies tab to configure backup retention policies.

  3. In the Configure policies pane, specify your desired retention period for weekly, monthly, or yearly backups. Choose a retention period of '0' to indicate that no long-term backup retention should be set.

    Screenshot of the Azure portal, the configure policies pane.

  4. Select Apply to apply the chosen retention settings to all selected databases.

Important

When you enable a long-term backup retention policy, it may take up to 7 days for the first backup to become visible and available to restore. For details of the LTR backup cadence, see long-term backup retention.

View backups and restore from a backup

View the backups that are retained for a specific database with an LTR policy, and restore from those backups.

Note

If the logical server has been deleted, use Azure CLI or PowerShell commands to view and restore LTR backups.

  1. In the Azure portal, navigate to your server and then select Backups. To view the available LTR backups for a specific database, select Manage under the Available LTR backups column. A pane appears with a list of the available LTR backups for the selected database.

    Screenshot of the Azure portal, showing available backups.

  2. In the Available LTR backups pane that appears, review the available backups. Select a backup to restore from.

    Screenshot of the Azure portal where you can view available LTR backups.

  3. To restore from an available LTR backup, select the backup from which you want to restore, and then select Restore.

    Screenshot of the Azure portal where you can restore from available LTR backup.

  4. Choose a name for your new database, then select Review + Create to review the details of your Restore. Select Create to restore your database from the chosen backup.

    Screenshot of the Azure portal where you can configure restore details.

  5. On the toolbar, select the notification icon to view the status of the restore job.

    Screenshot of the Azure portal that shows restore job progress.

  6. When the restore job is completed, open the SQL databases page to view the newly restored database.

Delete LTR backups

Delete backups that are retained for a specific database with an LTR policy.

Important

Deleting LTR backup is non-reversible. To delete an LTR backup after the server has been deleted you must have Subscription scope permission. You can set up notifications about each delete in Azure Monitor by filtering for operation 'Deletes a long term retention backup'. The activity log contains information on who and when made the request. See Create activity log alerts for detailed instructions.

  1. In the Azure portal, navigate to the logical server of the Azure SQL Database.
  2. Select Backups. To view the available LTR backups for a specific database, select Manage under the Available LTR backups column. A pane appears with a list of the available LTR backups for the selected database.
  3. In the Available LTR backups pane that appears, review the available backups. Select a backup to delete. Select Delete.

Best practices

If you use LTR backups to meet compliance or other mission-critical requirements:

  • Verify the LTR backups are taken as per the configured policy by following steps outlined in view backups section either using Portal, Azure CLI or PowerShell.
  • Consider conducting periodic recovery drills to verify that restore of LTR backups results in expected database state.