Update Azure Recovery Services vault configurations using REST API

This article describes how to update backup related configurations in Azure Recovery Services vault using REST API.

Soft delete state

Deleting backups of a protected item is a significant operation that has to be monitored. To protect against accidental deletions, Azure Recovery Services vault has a soft-delete capability. This capability allows you to restore deleted backups, if necessary, within a time period after the deletion.

But there are scenarios in which this capability isn't required. An Azure Recovery Services vault can't be deleted if there are backup items within it, even soft-deleted ones. This may pose a problem if the vault needs to be immediately deleted. For example: deployment operations often clean up the created resources in the same workflow. A deployment can create a vault, configure backups for an item, do a test restore and then proceed to delete the backup items and the vault. If the vault deletion fails, the entire deployment might fail. Disabling soft-delete is the only way to guarantee immediate deletion.

So you need to carefully choose to disable the soft delete feature for a particular vault depending on the scenario. Learn more about soft delete.

Fetch soft delete state using REST API

By default, the soft delete state will be enabled for any newly created Recovery Services vault. To fetch/update the state of soft-delete for a vault, use the backup vault's config related REST API document

To fetch the current state of soft-delete for a vault, use the following GET operation

GET https://management.azure.com/Subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.RecoveryServices/vaults/{vaultName}/backupconfig/vaultconfig?api-version=2019-06-15

The GET URI has {subscriptionId}, {vaultName}, {vaultresourceGroupName} parameters. In this example, {vaultName} is "testVault" and {vaultresourceGroupName} is "testVaultRG". As all the required parameters are given in the URI, there's no need for a separate request body.

GET https://management.azure.com/Subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/testVaultRG/providers/Microsoft.RecoveryServices/vaults/testVault/backupconfig/vaultconfig?api-version=2019-06-15

Responses

The successful response for the 'GET' operation is shown below:

Name Type Description
200 OK BackupResourceVaultConfig OK
Example response

Once the 'GET' request is submitted, a 200 (successful) response is returned.

{
  "id": "/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/testvaultRG/providers/Microsoft.RecoveryServices/vaults/testvault/backupconfig/vaultconfig",
  "name": "vaultconfig",
  "type": "Microsoft.RecoveryServices/vaults/backupconfig",
  "properties": {
    "enhancedSecurityState": "Enabled",
    "softDeleteFeatureState": "Enabled"
  }
}

Update soft delete state using REST API

To update the soft delete state of the Recovery Services vault using REST API, use the following PUT operation

PUT https://management.azure.com/Subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.RecoveryServices/vaults/{vaultName}/backupconfig/vaultconfig?api-version=2019-06-15

The PUT URI has {subscriptionId}, {vaultName}, {vaultresourceGroupName} parameters. In this example, {vaultName} is "testVault" and {vaultresourceGroupName} is "testVaultRG". If we replace the URI with the values above, then the URI will look like this.

PUT https://management.azure.com/Subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/testVaultRG/providers/Microsoft.RecoveryServices/vaults/testVault/backupconfig/vaultconfig?api-version=2019-06-15

Create the request body

The following common definitions are used to create a request body

For more details, refer to the REST API documentation

Name Required Type Description
eTag String Optional eTag
location true String Resource location
properties VaultProperties Properties of the vault
tags Object Resource tags

Example request body

Use the following example to update the soft delete state to 'disabled'.

{
  "properties": {
    "enhancedSecurityState": "Enabled",
    "softDeleteFeatureState": "Disabled"
  }
}

Responses for the PATCH operation

The successful response for the 'PATCH' operation is shown below:

Name Type Description
200 OK BackupResourceVaultConfig OK
Example response for the PATCH operation

Once the 'PATCH' request is submitted, a 200 (successful) response is returned.

{
  "id": "/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/testvaultRG/providers/Microsoft.RecoveryServices/vaults/testvault/backupconfig/vaultconfig",
  "name": "vaultconfig",
  "type": "Microsoft.RecoveryServices/vaults/backupconfig",
  "properties": {
    "enhancedSecurityState": "Enabled",
    "softDeleteFeatureState": "Disabled"
  }
}

Next steps

Create a backup policy for backing up an Azure VM in this vault.

For more information on the Azure REST APIs, see the following documents: