Storage Account soft delete should be enabled

Description

The Storage Account “soft delete” configuration ensures that Storage blobs remain recoverable for a set time (as defined in retention policies) even if data is deleted. Enabling “soft delete” protects data from user error or malicious actors that may deliberately delete data.

Remediation Steps

Azure Portal

  • Navigate to Storage Accounts.

  • For each Storage Account, navigate to Data Protection.

  • Select Enable soft delete for blobs and enter the number of days you want to retain soft deleted data.

  • Click Save.

Azure CLI

  • To enable soft delete for a storage account:

    • az storage blob service-properties delete-policy update --days-retained <RetentionDaysValue> --account-name <StorageAccountName> --enable true