You manage an Azure Active Directory (Azure AD) tenant that synchronizes with an on-premises Active Directory Domain Services (AD DS) domain. Within your on-premises datacenter, you have 100 Windows Server machines whose backups are managed using Microsoft Azure Backup Server (MABS). As part of your cybersecurity strategy, particularly concerning ransomware attack mitigation, you are designing a recovery plan that adheres to Microsoft Security Best Practices. Your goal is to ensure that if an administrator account is compromised, it cannot be used to delete the backups. What measure should you take to accomplish this?