When a SQL Server is deleted in Azure. The corresponding databases and backups are also deleted. This is a big security issue if an admin login is compromised.
We want to store our long term backups (weekly) on another subscription and therefore two logins would need to be compromised for all of our data to be deleted.
How can I push the db long term backups to another subscription and can Azure automate this?
On
I think you can't configure log term backup to point to another subscription. But, as a workaround you can set up data sync to sync your data to another subscription: https://learn.microsoft.com/en-us/azure/sql-database/sql-database-sync-data here is a related question: Azure SQL Sync between Subscriptions
Or another cheaper solution is to write a PowerShell script to back up your DB and save the BACPAC to the other subscriptions BLOB storage: https://learn.microsoft.com/en-us/azure/sql-database/sql-database-export#export-to-a-bacpac-file-using-powershell you can easily call this PowerShell script from an Azure Automation account.
You don't need to move your backups to another subscription. You can prevent an Azure SQL Database server can be deleted using Azure Locks as explained here and here. You can put a lock on the resource groups that contain any Azure SQL logical server.
You can also put a resource lock on the vault.