Description
Azure Storage blobs can contain data such as ePHI or financial records, which can be sensitive or personal. Data that is modified or deleted in error by an application or other storage account user can cause data loss or unavailability.
It is recommended that containers in Blob Storage be made recoverable by enabling the soft delete configuration. This saves and recovers data when blobs or blob snapshots are deleted.
Rationale
Containers and Blob Storage data can be deleted incorrectly. An attacker or malicious user may do this deliberately to cause disruption. Deleting an Azure Storage blob causes immediate data loss. Enabling this configuration for Azure Storage ensures that even if blobs or data are deleted from the storage account, those objects are recoverable for a defined period set in the "Retention policies," ranging from 1 day to 365 days.
Impact
Additional storage costs may be incurred as snapshots are retained.
Audit
This policy flags an Azure Storage Account as INCOMPLIANT if either the Blob Retention Policy State or the Container Retention Policy State is not set to Enabled, or if the corresponding Retention Policy Days values are empty.
Default Value
Soft delete for containers and blob storage is enabled by default on storage accounts created via the Azure Portal, and disabled by default on storage accounts created via Azure CLI or PowerShell.