Use fileshare soft delete#
Reliability · Storage Account · 2022_09
Synopsis#
Enable fileshare soft delete on Storage Accounts
Description#
Azure Files offers soft delete for fileshares within Storage Accounts to recover deleted or modified files.
Recommendation#
Consider enabling soft delete on fileshares to protect files from accidential deletion or modification.
Examples#
Configure with Azure template#
To deploy Fileshares via ARM that pass this rule:
- Set the
properties.deleteRetentionPolicy.enabledproperty totrueon the fileshare services sub-resource - Configure the
properties.deleteRetentionPolicy.daysproperty to the number of days to retain files.
For example:
Azure Template snippet
{
"type": "Microsoft.Storage/storageAccounts/fileServices",
"apiVersion": "2022-05-01",
"name": "default",
"properties": {
"shareDeleteRetentionPolicy": {
"days": "7",
"enabled": "true"
}
}
}
Configure with Bicep#
To deploy Fileshares via Bicep that pass this rule:
- Set the
properties.deleteRetentionPolicy.enabledproperty totrueon the fileshare services sub-resource - Configure the
properties.deleteRetentionPolicy.daysproperty to the number of days to retain files.
For example:
Azure Bicep snippet
resource 'Microsoft.Storage/storageAccounts/fileServices@2022-05-01' = {
name: 'default'
parent: st0000001
shareDeleteRetentionPolicy: {
days: 7
enabled: true
}
}
}
Notes#
Cloud Shell storage with the tag ms-resource-usage = 'azure-cloud-shell' is excluded. Storage accounts used for Cloud Shell are not intended to store data.
Links#
- Enable soft delete on Azure file shares
- RBAC operations for storage
- What is Azure Files?
- Microsoft.Storage storageAccounts/fileServices
Last update:
2022-09-21