In this article, I will show you how to enable and disable Soft Delete for Azure file shares in a storage account by using the REST API, so you can automate that process as part of your day to day management.
Table of Contents
Introduction
On May 27, 2020, the Azure Backup team in coordination with the Azure Files team announced the general availability of the long-awaited feature “Soft Delete” to protect your file share(s) from accidental deletion and malicious actor.
Soft Delete is a new feature that enables intermediate state “Soft deleted state” for file share(s) when they are deleted accidentally or maliciously. The soft delete feature is configurable at the Storage account level but works only at the File share level. In other words, when you enable soft delete at the storage account level, then all the existing file shares, as well as the newly created ones will be protected and adhere to this policy. When soft delete is enabled, you need to define the retention policy (period) in days, the retention policy determines the time window for which file share contents would be retained before permanent deletion.
For more information about Soft Delete for Azure Files and Azure File Sync, please check the following article: aka.ms/afssoftdelete
Prerequisites
To follow this article, you need to have the following:
- Azure subscription. If you don’t have an Azure subscription, you can create a free one here.
- Azure storage account – To create a general-purpose storage account, follow the instructions described here.
- Azure Cloud Shell session – (https://shell.azure.com), an interactive shell environment that you can use through your browser. The good news is, the native Azure REST API calls are now available as part of the Cloud Shell. If you are not planning to use the Cloud Shell, then you’ll need to update to Azure CLI version 2.0.67+.
- Two body JSON files, one to enable Soft delete and the second one to disable Soft delete (more on this below).
Enable Soft Delete
First, you need to save the following JSON body on a file which will enable soft delete and set the retention for 14 days, you can change the retention period and set it between (1 up to 365) days.
{ "properties": { "shareDeleteRetentionPolicy": { "enabled": true, "days": 14 } }, "cors": { "corsRules": [] } }
Then upload the JSON file to your cloud shell $Home directory.
Disable Soft Delete
Similar to enable soft delete, you need to save the following JSON body on a file that will disable soft delete for file shares in a storage account. The enabled value is ‘false’ and days are set to ‘0’.
{ "properties": { "shareDeleteRetentionPolicy": { "enabled": false, "days": 0 } }, "cors": { "corsRules": [] } }
Then upload the JSON file to your cloud shell $Home directory.
Automate Soft Delete for file shares
Open the cloud shell and switch to a PowerShell session. You can also use Bash instead of PowerShell, but you might face quoting formatting issues. Please refer to the following document about quoting issues for more details.
Set variables
Before we start, you need to set three variables in the cloud shell session that you need to refer to when you start automating this process via REST API. The variables are:
- $subId = ‘Subscription Id’
- $rgName = ‘Resource Group Name’
- $saName = ‘Storage Account Name’
Get Soft delete for file shares
Once all variables are in place, you can use the following API call using ‘az rest –method get‘ to get the status of the Azure file share.
az rest --method get --uri /subscriptions/$subId/resourceGroups/$rgName/providers/Microsoft.Storage/storageAccounts/$saName/fileServices/default?api-versi/providers/Microsoft.Storage/storageAccounts/$saName/fileServices/default?api-version=2019-04-01
As you can see in the figure below, soft delete is disabled.
If you look at the Azure Portal, you will see that file share soft delete is disabled.
Set Soft delete for file shares
To enable soft delete, you can use the following API call using ‘az rest –method put‘ to set the properties of the Azure file share bypassing the body file –body ‘@enableSoftDelete.json’
az rest --method put --uri /subscriptions/$subId/resourceGroups/$rgName/providers/Microsoft.Storage/storageAccounts/$saName/fileServices/default?api-versi/providers/Microsoft.Storage/storageAccounts/$saName/fileServices/default?api-version=2019-04-01 --body '@enableSoftDelete.json'
As you can see in the figure below, the soft delete is enabled for 14 days.
If you look at the Azure Portal, you will see the same, file share soft delete is enabled now.
To disable soft delete, you can use the same API call using ‘az rest –method put‘ to set the properties of the Azure file share, but this time you need to pass the body file –body ‘@disableSoftDelete.json’
az rest --method put --uri /subscriptions/$subId/resourceGroups/$rgName/providers/Microsoft.Storage/storageAccounts/$saName/fileServices/default?api-versi/providers/Microsoft.Storage/storageAccounts/$saName/fileServices/default?api-version=2019-04-01 --body '@disableSoftDelete.json'
As you can see in the figure below, the soft delete is disabled again.
That’s it there you have it!
Summary
Soft delete protects your Azure file shares from accidental deletion. Microsoft recommends turning on soft delete for most file shares. If you have a workflow where share deletion is common and expected, you may decide to have a very short retention period or not have soft delete enabled at all. As described in this article, you can automate your workflow using the REST APIs.
Soft delete is one part of a data protection strategy and can help prevent inadvertent data loss. At the time of this writing, the only way to automate this process is by using the REST APIs, Azure PowerShell is not available yet. I hope that Microsoft will add this capability in the future.
If you are using Azure Backup, soft delete will be automatically enabled for all protected file share instances for 14 days by default. Soft delete does not protect against individual file deletions—for those, you should restore from your snapshot backups. To learn more about Azure Files (Sync) and Azure Backup integration, please check the following articles:
- How Azure Backup Integrates with Azure File Sync – Part I
- How Azure Backup Integrates with Azure File Sync – Part II
__
Thank you for reading my blog.
If you have any questions or feedback, please leave a comment.
-Charbel Nemnom-