| title | Configure Legal Hold Backup Immutability for Long-Term Retention Backups | |
|---|---|---|
| titleSuffix | Azure SQL Database | |
| description | Learn how to configure legal hold backup immutability for long-term retention backups. | |
| author | WilliamDAssafMSFT | |
| ms.author | wiassaf | |
| ms.reviewer | dinethi | |
| ms.date | 11/06/2025 | |
| ms.service | azure-sql-database | |
| ms.subservice | backup-restore | |
| ms.topic | how-to | |
| ms.custom |
|
|
| monikerRange | =azuresql || =azuresql-db |
[!INCLUDE appliesto-sqldb]
In this article, learn how to configure legal hold backup immutability for long-term retention (LTR) backups in Azure SQL Database.
Backup immutability for long-term retention backups is available in two modes: time-based immutability and legal hold immutability.
Once locked with legal hold backup immutability, backups can't be deleted or modified until legal hold backup immutability is manually removed.
Note
Legal hold backup immutability is a preview feature. Supplemental Terms of Use for Microsoft Azure Previews.
- An active Azure subscription.
- An existing Azure SQL Database.
- Existing long-term retention (LTR) backups.
You need to be a member of the Subscription Contributor role or higher permissions for the logical server of the Azure SQL Database to configure backup immutability for LTR backups and delete LTR backups.
For permissions to view, managed, and delete LTR backups, see Manage Azure SQL Database long-term backup retention.
You can enable legal hold immutability on any existing backups in the Azure portal, PowerShell, and Azure CLI. These backups are protected from any edits or deletes until the legal hold is explicitly removed.
Important
Legal hold backup immutability can apply only to existing backups. To make future backups automatically immutable, instead use time-based immutability.
To enable legal hold backup immutability from the Azure portal:
-
Navigate to your Azure SQL Database logical server.
-
Under Data management, navigate to the Backups tab.
-
For the desised database, under Available LTR Backups, select Manage.
-
Select one or more available backups.
-
Select Enable Legal Hold to enable legal hold immutability.
:::image type="content" source="media/backup-immutability-legal-hold/enable-legal-hold.png" alt-text="Screenshot from the Azure portal showing how to enable Legal Hold backup immutability on a backup." lightbox="media/backup-immutability-legal-hold/enable-legal-hold.png":::
To enable legal hold backup immutability with PowerShell:
Replace <backup name> with the unique identifier of the desired backup.
Set-AzSqlDatabaseLongTermRetentionBackupLegalHold
-Location southeastasia
-ServerName myAzureSQL
-DatabaseName mysqldb
-BackupName '<backup name>'To enable legal hold backup immutability with the Azure CLI:
Replace <backup name> with the unique identifier of the desired backup.
az sql db ltr-backup set-legal-hold-immutability --resource-group mygroup --location southeastasia --server myserver --database mydb --name "<backup name>"
Legal hold immutability on specific backups can be disabled in the Azure portal, PowerShell, and Azure CLI.
To remove legal hold immutability from a backup from the Azure portal:
- Navigate to your Azure SQL Database logical server.
- Under Data management, navigate to the Backups tab.
- Go to the Manage section under Available LTR Backups.
- Select one or more backups.
- Select Disable Legal Hold to remove legal hold immutability.
To remove legal hold immutability from a backup with PowerShell:
Replace <backup name> with the unique identifier of the desired backup.
Remove-AzSqlDatabaseLongTermRetentionBackupLegalHold
-Location southeastasia
-ServerName myAzureSQL
-DatabaseName mysqldb
-BackupName '<backup name>'To remove legal hold immutability from a backup with the Azure CLI:
Replace <backup name> with the unique identifier of the desired backup.
az sql db ltr-backup remove-legal-hold-immutability --resource-group mygroup --location southeastasia --server myserver --database mydb --name "<backup name>"