If the Azure virtual machine that is configured for backup is afflicted by ransomware, you can immediately contain the spread and recover from such an attack. With the Quarantine feature, you can quarantine the recovery points impacted. Once you quarantine a recovery point, you cannot restore any data from it, limiting the scope of the ransomware attack as a consequence. For more information on enabling quarantine for Azure virtual machines, editing the quarantine range, or deleting quarantined recovery points, see Quarantine Azure Virtual Machines.

You cannot perform a data restore if the Azure VM recovery points have been quarantined. Restores are only permissible from recovery points that have not been identified as under threat, and are deemed safe.

In the following example, we quarantined full backup recovery points for an Azure virtual machine from March 1, 2025 to March 10, 2025.

Navigate to your Azure console to manage Recovery points:

You cannot initiate the restore for Azure VM recovery points that fall within this defined range and have been quarantined. You can however, browse and view a quarantined snapshot.