Description
Azure Files offers soft delete for file shares, allowing you to easily recover your data when it is mistakenly deleted by an application or another storage account user.
Rationaleβ
Important data could be accidentally deleted or removed by a malicious actor. With soft delete enabled, the data is retained for the defined retention period before permanent deletion, allowing for recovery of the data.
Impactβ
When a file share is soft-deleted, the used portion of the storage is charged for the indicated soft-deleted period. All other meters are not charged unless the share is restored.
Auditβ
This policy flags an Azure Storage File as INCOMPLIANT if Share Delete Retention Policy Status is either empty or Disabled, or if Share Delete Retention Policy Days is empty.
Default Valueβ
Soft delete is enabled by default at the storage account file share setting level.
Referencesβ
- https://learn.microsoft.com/en-us/azure/storage/files/storage-files-enable-soft-delete
- https://learn.microsoft.com/en-us/cli/azure/storage/account/file-service-properties
- https://learn.microsoft.com/en-us/powershell/module/az.storage/get-azstoragefileserviceproperty
- https://learn.microsoft.com/en-us/powershell/module/az.storage/update-azstoragefileserviceproperty
- https://learn.microsoft.com/en-us/azure/storage/files/storage-files-prevent-file-share-deletion