Require a Security PIN to Reduce any retention settings.
Require a Security PIN to reduce any retention ranges. In certain cyber attack scenarios where Ransomware infects a server, a cyber attacker could penetrate the environment, and open the Azure Backup MARS software and edit the retention range down to 7 day minimum. The attacker could then encrypt portions of the network, and initiate backups to overwrite and purge good data. Over holidays such as Christmas, 7 days might not be enough time to realize a breach has occured.
Currently AzureBackup is a fantastic protection against Ransomware, however we have seen Human hackers enter the network and seek out backup locations and destroy them.
Azure Backup already provides very good one-way vault style protection with the Minimum 7 day retention and the security PIN to Delete data, but this could be greatly enhanced by requiring the same Security PIN on reducing retention at all which can also be a data destructive action.