Enable Soft Delete for Azure Blob Storage

More Info:

Ensure that Soft Delete feature is enabled for your Microsoft Azure Storage blob objects.

Risk Level

Medium

Address

Security

Compliance Standards

CISAZURE, CBP

Triage and Remediation

Remediation

Using Console

Using CLI

To enable Soft Delete for Azure Blob Storage using Azure CLI, follow these steps:

Open Azure CLI on your local machine or use the Azure Cloud Shell.
Login to your Azure account using the following command:
```
az login
```
Once you are logged in, set the subscription where the storage account is located using the following command:
```
az account set --subscription <subscription_id>
```
Replace <subscription_id> with the ID of your subscription.
Next, get the resource ID of the storage account for which you want to enable Soft Delete using the following command:
```
az storage account show -n <storage_account_name> -g <resource_group_name> --query id --output tsv
```
Replace <storage_account_name> with the name of your storage account and <resource_group_name> with the name of the resource group where the storage account is located.
Once you have the resource ID, enable Soft Delete for the storage account using the following command:
```
az resource update --ids <resource_id> --set properties.enableSoftDelete=true
```
Replace <resource_id> with the resource ID you obtained in step 4.
Verify that Soft Delete has been enabled by running the following command:
```
az storage account show -n <storage_account_name> -g <resource_group_name> --query properties.enableSoftDelete
```
Replace <storage_account_name> with the name of your storage account and <resource_group_name> with the name of the resource group where the storage account is located.

That’s it! Soft Delete has been enabled for your Azure Blob Storage.

Using Python

To enable soft delete for Azure Blob Storage using Python, you can follow these steps:

Import the necessary libraries:

from azure.storage.blob import BlobServiceClient, BlobSasPermissions, generate_blob_sas
from datetime import datetime, timedelta

Set up the connection to your Azure Blob Storage account:

connection_string = "DefaultEndpointsProtocol=https;AccountName=<your_account_name>;AccountKey=<your_account_key>;EndpointSuffix=core.windows.net"
blob_service_client = BlobServiceClient.from_connection_string(connection_string)

Retrieve the Blob Container for which you want to enable soft delete:

container_client = blob_service_client.get_container_client("<your_container_name>")

Check if the container has soft delete enabled:

properties = container_client.get_container_properties()
if not properties.is_deleted_enabled:
    # Enable soft delete
    container_client.set_container_properties(deleted_retention_days=7, is_deleted_enabled=True)

Save the changes:

container_client.set_container_metadata(metadata={"SoftDeleteEnabled": "True"})

Verify that soft delete is enabled:

properties = container_client.get_container_properties()
if properties.is_deleted_enabled:
    print("Soft delete is enabled.")
else:
    print("Soft delete is not enabled.")

Note: Replace <your_account_name> and <your_account_key> with your Azure Blob Storage account name and account key, respectively. Also, replace <your_container_name> with the name of the container for which you want to enable soft delete.

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

Enable Soft Delete for Azure Blob Storage

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation