Protection modification

Modify protection configuration for onboarded Azure tenants by adding or removing resources, changing backup policies, or adjusting protection levels.

Environment

  • Datto Backup for Microsoft Azure: Azure Files

Description

Even after onboarding an Azure tenant, the configuration may be adjusted, provided that the tenant is in an Online state. You can expand protection to include new resources, remove resources from protection, change backup policies, or modify organization assignments without re-onboarding the entire tenant.

The modification process uses the Edit Protection wizard, that guides you through the changes while preserving your existing backup data and configuration.

Navigation

  1. Log into the UniView portal using your UniView or KaseyaOne credentials.

  2. In the left-hand menu, expand Microsoft Azure and select Tenants to open the page.

  3. Use the filters or search feature to navigate to the onboarded tenant that needs to have its protection modified.

  4. On the right-hand side of the tenant's row select the Edit Protection icon.

Modification

Each of the following categories may be adjusted by the appropriate user. Please review the best practices before making any modifications

  • Policy impact: Remember that policy changes affect all resources immediately.

  • Unprotected monitoring: Regularly review unprotected assets to ensure they align with your backup strategy.

  • Review before applying: Use the confirmation step to verify all changes before applying.

Change which organization the Azure tenant is assigned to. Adjusting this mapping will move the tenant and all assets associated with the tenant to the new organization.

Like with the initial onboarding, if the needed organization is not present, it can be imported through an enabled integration or added as a new organization. For more information on importing an organization using an integration from another product, refer to: Importing an organization .

Import

  • This option will only be available if an integration is enabled in the portal.

  • Select + Import to import the organization from the enabled integration.

New organization

  • This option will only be available if an integration is not enabled in the portal.

  • Select + New to create a new organization.

  • Fill out the Name and Group fields, then click Save.

You may change the scope of protection by moving between different assignment levels.

  • Expand protection: Move from a specific level (like Storage Account) to a broader level (like Subscription) to include more resources.

  • Narrow protection: Move from a broader level to a more specific level for granular control.

  • Exclude resources: Exclude individual resources from protection at your current assignment level.

To remove an individual resource (or select resources) from protection, uncheck the resources in the files tree to remove them from backup protection, and save the configuration.

Removed resources, either through narrowing of protection or exclusion will:

  • transition to Unprotected state in the dashboard. For more information on asset states, refer to: UniView - Datto Backup Portal - Dashboard.

  • stop receiving new backups immediately.

  • retain existing backup data according to the retention policy.

When you remove individual resources from protection at scope-based assignment levels (Tenant, Subscription, Resource Group, Storage Account), those resources are excluded from backups and Automatic Inclusion logic ignores them.

Change the backup policy assigned to your protected resources. Policy changes affect both existing protected resources and any new resources added later to the protected level if a scope-based level is selected.

If you would like to adjust the policy directly, it can be done so on the Microsoft Azure – Policy Management page or by selecting the policy from the Associated Policy column on the Tenants page.

Once all desired changes have been made, review the configuration on the Confirm page, then if correct, click Confirm & Apply.

When there is a successful modification:

  • Tenant remains in the Online state.
  • Resource counters update to reflect changes.
  • A Modified label appears next to the tenant's name for 48 hours.
  • Activity Center logs the successful modification.

If the modification processes with one or more issues:

  • Tenant shows Online state with a yellow warning indicator.
  • Partial changes are applied where possible.
  • Activity Center provides details about which resources could not be modified.
  • Hover over the warning indicator for more information.

There is a modification failure

  • Tenant remains in its previous Online state.
  • No configuration changes are applied.
  • An error indicator appears next to the modification timestamp.
  • Contact Support if modification continues to fail.