Online backup and on-demand data restore in Azure Cosmos DB

APPLIES TO: NoSQL MongoDB Cassandra Gremlin Table

Azure Cosmos DB automatically takes backups of your data at regular intervals. The automatic backups are taken without affecting the performance or availability of the database operations. All the backups are stored separately in a storage service. The automatic backups are helpful in scenarios when you accidentally delete or update your Azure Cosmos DB account, database, or container and later require the data recovery. Azure Cosmos DB backups are encrypted with Azure managed service keys. These backups are transferred over a secure non-public network. Which means, backup data remains encrypted while transferred over the wire and at rest. Backups of an account in a given region are uploaded to storage accounts in the same region.

Backup modes

There are two backup modes:

  • Continuous backup mode � This mode has two tiers. One tier includes 7-day retention and the second includes 30-day retention. Continuous backup allows you to restore to any point of time within either 7 or 30 days either into new account. You can choose this appropriate tier while creating an Azure Cosmos DB account. For more information about the tiers, see introduction to continuous backup mode. To enable continuous backup, see the appropriate articles using Azure portal, PowerShell, CLI, or Azure Resource Manager. You can also migrate the accounts from periodic to continuous mode.

  • Periodic backup mode - This mode is the default backup mode for all existing accounts. In this mode, backup is taken at a periodic interval and the data is restored by creating a request with the support team. In this mode, you configure a backup interval and retention for your account. The maximum retention period extends to a month. The minimum backup interval can be one hour. To learn more, see periodic backup mode.

    Note

    If you configure a new account with continuous backup, you can do self-service restore via Azure portal, PowerShell, or CLI. If your account is configured in continuous mode, you can�t switch it back to periodic mode.

For Azure Synapse Link enabled accounts, analytical store data isn't included in the backups and restores. When Azure Synapse Link is enabled, Azure Cosmos DB will continue to automatically take backups of your data in the transactional store at a scheduled backup interval. Within an analytical store, automatic backup and restore of your data isn't supported at this time.

Immutability of Cosmos DB backups

Cosmos DB backups are completely managed by the platform. Actions like restore, update backup retention or redundancy change are controlled via permission model managed by database account administrator. Cosmos DB backups are not exposed to any human actors, customers or any other module for listing, deletion, or disabling of backups. The backups are encrypted and stored in storage accounts secured by rotating certificate-based access. These backups are only accessed by restore module to restore specific backup nondestructively when a customer initiates a restore. These actions are logged and audited regularly. Customers who chose CMK (customer managed key), their data and backup have protection through envelope encryption. Backups kept under retention policy are:

  • Not alterable (no modifications are permitted to the backups).
  • Not allowed to be re-encrypted.
  • Not allowed to be deleted.
  • Not allowed to be disabled

Frequently asked questions

Can I restore from an account A in subscription S1 to account B in a subscription S2?

No. You can only restore between accounts within the same subscription.

Can I restore into an account that has fewer partitions or low provisioned throughput than the source account?

No. You can't restore into an account with lower RU/s or fewer partitions.

Yes. However, analytical store data isn't included in backups and restores. When Azure Synapse Link is enabled on a database account, Azure Cosmos DB will automatically back up your data in the transactional store at the scheduled backup interval.

Is periodic backup mode supported for analytical store enabled containers?

Yes, but only for the regular transactional data. Within an analytical store, backup and restore of your data isn't supported at this time.

Next steps

Next you can learn about how to configure and manage periodic and continuous backup modes for your account: