Comprehensive Storage Account Protection
We support immutable, air-gapped, and agentless cloud-native backup and restore capabilities across core Azure storage tiers:
Standard General-Purpose V2 Accounts are fully supported, ensuring that foundational data—including backups, file archives, application logs, and data lakes—receives the same air-gapped security and agentless data protection benefits as high-performance storage.
Premium Block Blob Storage Accounts backed by high-speed SSDs, are now fully protected, allowing business continuity for high-IOPs, mission-critical workloads. This is essential for scenarios like AI/ML model training and real-time streaming analytics that require consistently low latency and maximum throughput.
This dual-tier support provides resilient, cost-effective, and efficient data protection across all business-critical and general-purpose workloads. For more information on storage accounts, see Storage account overview.
Feature support
Feature | Workload Coverage |
|
Automated Data Backup |
|
|
Air-gapped Backups |
| |
Incremental Backups |
| |
Global Deduplication |
| |
On-demand backup |
| |
Restore |
|
|
Container Restore |
| |
Cross Subscription Restore |
| |
Cross - Tenant Restore |
| |
Cross-Region Restore |
| |
Individual Blob Level Restore |
| |
Subscription Management |
|
|
Onboarding Azure Subscriptions |
| |
Monitoring |
|
|
Audit Trails |
| |
Jobs Monitoring |
| |
Reports Management |
|
Supported Network Configurations
We support backup and restore for Azure Storage accounts across various network security postures. For restricted networks, a temporary Quantum Bridge VM is utilized to facilitate secure data transfer.
Network Access Type | Description | Druva Support | Access Method |
All networks | Public access is enabled from any network. | Supported (Standard) | Public Endpoint |
Selected networks | Access is restricted to specific VNets and subnets. | Supported (via Quantum Bridge) | Service Endpoints |
Disabled | Public access is disabled; access is via Private Endpoints. | Supported (via Quantum Bridge) | Private Endpoints |
Supported Storage Tiers and Types
Resource | Support Status |
Storage Account Kind | Standard General-purpose v2, Premium Block Blobs |
Blob Types | Block Blobs |
Encryption Types | Platform-managed keys (PMK), Customer-managed keys (CMK) |
Access Tiers | Hot |
Recovery Capabilities
Feature | Support Status |
Original Location Restore | Supported |
Alternate Location Restore | Supported (Cross-subscription, Cross-tenant, Cross-region) |
Point-in-Time Restore | Supported |
Object-Level Recovery | Supported (Individual blobs or folders) |
Configuration and Management Limits
Setting | Limit |
Containers per Storage Account | No limit |
Blobs per Container | No limit |
Azure Blob Storage backup and restore support by encryption types
The following table lists the Azure Blob Storage backup support based on the encryption type used:
With Platform-Managed Keys (PMK) disk encryption
Azure Blob Storage with Customer--Managed Keys (CMK) disk encryption
| PMK Encryption | CMK Encryption |
Backup |
| |
Restore |
|
|
Same Subscription, Same Region Restore |
|
|
Same Subscription, Cross-Region Restore |
|
|
Restore Cross-Subscription, Same Tenant |
|
|
Cross-Subscription, Cross-Tenant Restore |
|
|
Blob Level Restore |
|
|
Supported Cloud Storage Regions
For detailed information on the AWS and Azure Cloud regions supported for Azure Blob Storage, refer to Cloud Storage Regions.
Known Limitations and Unsupported Scenarios
Unsupported Blob Types: Append blobs, Page blobs.
Unsupported Storage Tiers: Cool, Cold, and Archive tiers (not natively supported for direct backup without rehydration).
Network Restrictions: Storage accounts with Public Access Secured by Parameters are not currently supported.
System-Generated Containers: Containers such as $logs, $web, and $system are excluded from protection.