AzPolicyAdvertizer

last sync: 2025-May-05 19:21:36 UTC

Configure blob soft delete on a storage account

Community Policy definition

Source Repository Community-Policy GitHub
JSON Community-Policy GitHub
Deploy policy ea39f60f-9f00-473c-8604-be5eac4bb088 (1.0.0) to Azure
Display name Configure blob soft delete on a storage account
Id ea39f60f-9f00-473c-8604-be5eac4bb088
Version 1.0.0
Details on versioning
Category Storage
Microsoft Learn
Description Blob soft delete protects an individual blob, snapshot, or version from accidental deletes or overwrites by maintaining the deleted data in the system for a specified period of time. During the retention period, you can restore a soft-deleted object to its state at the time it was deleted. After the retention period has expired, the object is permanently deleted. https://learn.microsoft.com/en-us/azure/storage/blobs/soft-delete-blob-overview
Mode All
Type Custom Community
Effect Default
Modify
Allowed
Modify, Deny, Audit, Disabled
RBAC role(s)
Role Name Role Id
Storage Account Contributor 17d1049b-9a84-46fb-8f53-869881c3d3ab
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Storage/storageAccounts/blobServices/deleteRetentionPolicy.enabled Microsoft.Storage storageAccounts/blobServices properties.deleteRetentionPolicy.enabled True True
THEN-Operations (2)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Storage/storageAccounts/blobServices/deleteRetentionPolicy.days Microsoft.Storage storageAccounts/blobServices properties.deleteRetentionPolicy.days True True
Microsoft.Storage/storageAccounts/blobServices/deleteRetentionPolicy.enabled Microsoft.Storage storageAccounts/blobServices properties.deleteRetentionPolicy.enabled True True
Rule resource types IF (1)
Microsoft.Storage/storageAccounts/blobServices
JSON
EPAC
Deploy policy ea39f60f-9f00-473c-8604-be5eac4bb088 (1.0.0) to Azure