What I'm trying to determine is ould I be able to restore from the Azure backups that were created before the encryption happened?
If it is encrypted before it gets to Azure and then Azure backs up the encrypted data, I would still have access to unencrypted files in Azure from the days before the event. correct?
Access Control or Authentication mitigates against unauthorised access but ransomware is authorised in a way as it access what you see, access and store. You probably have logs on the access but against ransomware it would help. So what if you know who log in and access the file share and backup in that infected machine, the fact is the files are all long encrypted.
You probably can trace the patient zero and isolate quickly if you have a monitoring team looking at anomalous activities which normal user or admin would not be doing. Azure ATP and Backup have element of the detection and prevention. Specifically for backups, I am looking at the deletion is kept 14 days before the final purging of those files. If we are lucky to detect early, maybe recovery is still feasible. Against ransomware you should be looking at ATP for defend & respond and backup for recovery.