Skip to content

Use fileshare soft delete#

Reliability · Storage Account · 2022_09

Synopsis#

Enable fileshare soft delete on Storage Accounts

Description#

Azure Files offers soft delete for fileshares within Storage Accounts to recover deleted or modified files.

Recommendation#

Consider enabling soft delete on fileshares to protect files from accidential deletion or modification.

Examples#

Configure with Azure template#

To deploy Fileshares via ARM that pass this rule:

  • Set the properties.deleteRetentionPolicy.enabled property to true on the fileshare services sub-resource
  • Configure the properties.deleteRetentionPolicy.days property to the number of days to retain files.

For example:

Azure Template snippet
{
  "type": "Microsoft.Storage/storageAccounts/fileServices",
  "apiVersion": "2022-05-01",
  "name": "default",
  "properties": {
    "shareDeleteRetentionPolicy": {
      "days": "7",
      "enabled": "true"
    }
  }
}

Configure with Bicep#

To deploy Fileshares via Bicep that pass this rule:

  • Set the properties.deleteRetentionPolicy.enabled property to true on the fileshare services sub-resource
  • Configure the properties.deleteRetentionPolicy.days property to the number of days to retain files.

For example:

Azure Bicep snippet
resource  'Microsoft.Storage/storageAccounts/fileServices@2022-05-01' = {
  name: 'default'
  parent: st0000001
    shareDeleteRetentionPolicy: {
      days: 7
      enabled: true
    }
  }
}

Notes#

Cloud Shell storage with the tag ms-resource-usage = 'azure-cloud-shell' is excluded. Storage accounts used for Cloud Shell are not intended to store data.


Last update: 2022-09-21

Comments