Share via

Unable to delete Azure Backup vault due to 99-year immutable retention – any workaround?

Nathan Smith 0 Reputation points
2026-03-25T08:46:32.7766667+00:00

I’ve run into an issue with Azure Backup that I’m hoping someone has dealt with before.

We currently have a Recovery Services Vault that has been configured with immutable settings and an extremely long retention policy (99 years). This appears to have been set in error during initial configuration.

The problem I’m facing:

  • I cannot modify or reduce the retention policy due to immutability restrictions
  • I cannot delete backup items or the vault because of the enforced retention
  • Any attempt to change policies results in errors like: “Reduction in retention is not allowed since the vault is immutable”

From what I understand, this is working as designed for compliance, but in this case it’s effectively locking us into a configuration mistake.

What I’m trying to achieve:

  • Fully remove or reset the backup configuration
  • Delete the vault (or at least stop being billed for it long-term)

Questions:

  1. Is there any supported way to override or remove immutable retention when it’s clearly been misconfigured?
  2. Does soft delete / disabling protection help at all in this scenario, or is it irrelevant with immutability enabled?
  3. Would moving or deleting the Azure subscription remove the vault and associated data, or does the retention persist regardless?
  4. Has anyone had success getting this cleared via Microsoft support, and if so what route did you take?

At the moment it feels like we’re permanently locked into a 99-year retention due to a setup mistake, which obviously isn’t ideal.

Any guidance or real-world experience would be massively appreciated.

Azure Site Recovery
Azure Site Recovery

An Azure native disaster recovery service. Previously known as Microsoft Azure Hyper-V Recovery Manager.

0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Siva shunmugam Nadessin 7,735 Reputation points Microsoft External Staff Moderator
    2026-03-25T10:03:30.8766667+00:00

    Hello Nathan Smith,

    Thank you for reaching out to the Microsoft Q&A forum.

    When investigated we see that you’ve hit the “by-design” behavior of Azure Backup immutable vaults—once you’ve turned on WORM immutability with a retention of 99 years, you literally can’t shrink that window or delete any of the recovery points (or the vault) until that retention period expires. 

    Below is explanation of each point 

    Can you override or remove immutable retention? • No. Immutability in Azure Backup is irreversible. Any operation that would reduce retention (including deleting backup items or the vault itself) is explicitly blocked. You can only make policy changes that increase retention, never decrease. 

    Does soft delete help? • No. Soft delete is a separate feature that protects you from accidental deletes by keeping items in a “soft-deleted” state for a short period. Immutable vaults prevent all deletes or retention-reducing actions, so toggling soft delete on/off won’t let you bypass the 99-year lock. 

    What about deleting or disabling the subscription? Azure won’t purge an immutable vault even if the subscription or resource group is deleted. The underlying WORM storage lives on to satisfy the retention compliance—you’ll continue to incur storage charges until the retention period lapses. 

    Has Microsoft Support ever overridden this? Unfortunately no. Because it’s a compliance feature (WORM = Write Once, Read Many), neither you nor Microsoft Support can override or shorten it. The only “workaround” is to leave the vault in place (you can stop all new backups and remove any linked resources to minimize other charges) and spin up a brand-new Recovery Services vault with the correct retention settings. 

    We understand it’s overwhelming when a typo or misconfiguration locks you in, but immutable vaults exist exactly to guarantee data can’t be tampered with or accidentally erased. Your best path forward is:

    • Stop protection on any remaining items (choose “retain as per policy” so you aren’t charged extra I/O).
    • Remove all linked resources/dependencies in the portal so nothing else is hanging off that vault.
    • Create a fresh vault with your intended, shorter retention.
    • Accept that the old vault and its data will remain billed (at the immutable-storage rate) for 99 years.

    Hope that helps clarify why you’re locked in 

    Reference docs:

     

     

  2. Q&A Assist
    2026-03-25T08:47:26.34+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Immutability on a Recovery Services vault is explicitly designed to block exactly the operations being attempted: reducing retention, deleting backup data early, or deleting the vault while protected items still exist.

    From the available information, the following behaviors apply:

    1. No override to reduce retention on an immutable vault
      • On an immutable vault, any operation that reduces retention is blocked. This includes:
        • Modifying a backup policy to reduce retention.
        • Changing a backup policy to another policy with lower retention.
        • Stopping protection with deletion of data.
      • The platform returns errors such as:
        • “Reduction in retention during Policy/Protection modification isn't allowed because the selected vault is immutable.” (error 810002 in DPM/MABS scenarios).
      • There is no documented, supported mechanism to bypass or override this immutability once configured, other than operations that do not reduce retention (for example, increasing retention or changing schedules).
    2. Soft delete does not bypass immutability or shorten retention
      • Soft delete is a separate security feature that retains deleted backup items for a fixed period (typically 14 days) before permanent deletion.
      • FAQ explicitly states that soft-deleted items cannot be force-deleted earlier than the soft-delete period; they are automatically removed after that window.
      • Immutability, on the other hand, prevents deletion of recovery points before their configured expiry. Soft delete does not override immutability or allow earlier deletion of data that is still within its immutable retention window.
      • Disabling soft delete and security features is required when deleting a vault, but only after all backup items and their retention obligations are satisfied. With immutability and long retention, those obligations remain in force.
    3. Vault deletion is blocked while backup items exist or are soft-deleted
      • A Recovery Services vault cannot be deleted if:
        • It contains protected data sources.
        • It contains backup data.
        • It contains backup data in soft-deleted state.
        • It has registered storage accounts or other dependencies.
      • Even when using the guided delete flow (Overview → Delete), the portal will list dependencies and block deletion until all backup items are gone and any soft-deleted items have been permanently removed after their retention window.
      • On an immutable vault, operations that would remove recovery points before their expiry are disallowed, so the vault cannot be deleted until all recovery points naturally age out according to the immutable retention.
    4. Immutability also blocks “stop protection with delete data” for server-based workloads
      • For DPM/MABS/MARS scenarios, when the vault is immutable, operations such as:
        • Remove data source from protection group.
        • Stop protection with delete data.
        • Reduce online retention period.
        • Remove-DPMChildDatasource without the new pruning options.
      • Return errors like 81001/810002 indicating that backup items cannot be deleted because the vault is immutable and has active recovery points.
      • Only options that retain recovery points as per policy are allowed.
    5. Subscription-level actions are not documented as a way to bypass immutability
      • The provided material does not document any behavior where deleting or moving the subscription would override immutable retention or force-delete an immutable vault.
      • Immutability is described as a protection against loss of recovery points, and the design intent is that it cannot be circumvented by normal administrative actions.
    6. What can still be done in this situation
      Within the documented behavior, the only supported actions are:
      • Stop protection while retaining data:
        • For Recovery Services vault items, “Stop protection with deletion of data” is blocked on immutable vaults, but stopping protection while retaining data is allowed. This prevents new backups while keeping existing recovery points until they expire by policy.
      • Increase retention or adjust schedules (but not reduce retention):
        • Policy changes that increase retention or modify backup schedules without reducing retention are allowed.
      • Clean up non-immutable dependencies:
        • Remove backup servers, storage accounts, and other dependencies as described in the vault deletion procedure. This does not remove the immutable backup data itself but can reduce other resource usage.
      • Rely on natural expiry:
        • Recovery points will only be deleted when they reach their configured retention expiry. With a 99-year retention, this effectively means the data is intended to persist for that duration.
    7. Role of Microsoft Support
      • The documentation and Q&A content emphasize that vaults cannot be deleted while backup items (including soft-deleted items) exist, and that immutability blocks any operation that would reduce retention or delete data early.
      • There is no documented support path that can override immutability or shorten retention once configured. Any exception process, if it exists, is not described in the referenced material.

    Given the above, the platform behavior is:

    • No supported way is documented to override or remove immutable retention once enabled, even if misconfigured.
    • Soft delete and disabling protection do not circumvent immutability; they only control behavior after items are deleted and during the soft-delete window.
    • Vault deletion remains blocked as long as immutable backup data exists; subscription-level actions are not documented as a bypass.
    • The only supported path is to stop protection while retaining data and allow recovery points to expire according to the immutable retention policy.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.