Azure Blob Storage provides scalable, cost-efficient storage in the cloud. In general, Blob Storage holds organization data like back-ups, unstructured data, files, etc. With the Immutable Storage feature, it allows storing business-related information in the WORM (Write-Once-Read-Many) state. Immutable storage feature is available in all Azure public regions.
Immutable storage feature is set at the container level through an Access policy. Policies apply to all the blobs in the container, can be applied either for the new or existing container, and supports all blob tiers (hot, cold, and archive).
Immutable storage supports two policy type:
- Time-based retention
- Legal hold
Note: Immutable policy type can be applied either through Azure Portal or Azure CLI. You cannot delete or modify any files within the container when any one of the policy is enabled on the container.
Time-based retention
If you enable a Time-based retention policy all blobs in the container will stay in the immutable state for the duration you define as part of the policy. The retention interval value should be within the range of 1to 400 years. By default, the time-based retention policy will be created in an unlocked state. It’s always recommended policy must be in a locked state. The maximum number of edits for locked policy to change retention time interval is 5. In terms of the Audit feature for this policy maximum of seven time-based retention policy audit logs are retained for a locked policy. Once you enable the locked policy it can’t be deleted or reversed.
Note: If a time-based retention policy applied to an existing container, the effective retention period for the existing blob will be from the time of its creation.
Legal hold
When the retention interval is not known or clear, users can set legal holds. Each legal hold policy needs to be associated with one or more tags. Tags are used as a named identifier to categorize and describe the purpose of the hold.
To retrieve the list of tags associated with the container of Legal hold policy run the following command
az storage container legal-hold show --account-name $storageaccountname --container-name $containername
Originally published at https://rajurh.blogspot.com on December 23, 2020.
