Skip to main content

Remediation

From Azure Portal

Go to Storage Accounts.
For each Storage Account, under Data management, go to Data protection.
Check the box next to Enable soft delete for blobs.
Check the box next to Enable soft delete for containers.
Set the retention period for both to a sufficient length for your organization.
Click Save.

From Azure CLI

Update blob storage retention days in the following command:

az storage blob service-properties delete-policy update \
    --days-retained {{retention-days}} \
    --account-name {{storage-account-name}} \
    --account-key {{storage-account-key}} \
    --enable true

Update container retention with the following command:

az storage account blob-service-properties update \
    --enable-container-delete-retention true \
    --container-delete-retention-days {{retention-days}} \
    --account-name {{storage-account-name}} \
    --resource-group {{resource-group-name}}

From Azure Portal
From Azure CLI