Azure Managed Disks has seen some recent features move to general availability. Read on to learn more about incremental snapshots and customer-managed keys.
Incremental Snapshots – Now Generally Available
Incremental snapshots are a point-in-time backup of managed disks which are billed for the delta changes to disks since the last snapshot. Additionally, they are stored in Standard HDD storage regardless of the type of storage of the parent disk. These two features make it a truly cost-effective method of backup.
Incremental snapshots are an excellent tool in building backup and disaster recovery solutions for Managed Disks. Being able to see the changes between two snapshots reduces the time in backup and disaster recovery and the incremental snapshots are immediately accessible. Additionally, the underlying data can be read and disks can be immediately restored.
Server-side Encryption with Customer-Managed Keys – Now Generally Available
Server-side encryption with customer-managed keys is now generally available for Azure Managed Disks. Server-side encryption with platform-managed keys has been a useful tool already enabled by default. Customer-managed keys is the next step as it provides control of the encryption keys to meet individual compliance requirements.
This feature is fully integrated with Azure Key Vault. You can create new keys in the vault or bring your own keys. In either case, an administrator with correct permissions must grant access to Managed Disks in Key Vault to enable the key to encrypt or decrypt the data encryption key. Additionally, you can follow key usage through Key Vault ensuring that only Managed Disks (or other trusted services) are accessing your keys.
Find out More
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/managed-disks-overview
https://azure.microsoft.com/en-us/pricing/details/managed-disks/
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/disks-incremental-snapshots
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption
https://azure.microsoft.com/en-us/services/key-vault/