How To Enable and Disable Soft Delete for Azure File Shares Via REST APIs

5 min read

In this article, I will show you how to enable and disable Soft Delete for Azure file shares in a storage account by using the REST API, so you can automate that process as part of your day to day management.

Introduction

On May 27, 2020, the Azure Backup team in coordination with the Azure Files team announced the general availability of the long-awaited feature “Soft Delete” to protect your file share(s) from accidental deletion and malicious actor.

Soft Delete is a new feature that enables intermediate state “Soft deleted state” for file share(s) when they are deleted accidentally or maliciously. The soft delete feature is configurable at the Storage account level but works only at the File share level. In other words, when you enable soft delete at the storage account level, then all the existing file shares, as well as the newly created ones will be protected and adhere to this policy. When soft delete is enabled, you need to define the retention policy (period) in days, the retention policy determines the time window for which file share contents would be retained before permanent deletion.

For more information about Soft Delete for Azure Files and Azure File Sync, please check the following article: aka.ms/afssoftdelete

Prerequisites

To follow this article, you need to have the following:

  1. Azure subscription. If you don’t have an Azure subscription, you can create a free one here.
  2. Azure storage account – To create a general-purpose storage account, follow the instructions described here.
  3. Azure Cloud Shell session – (https://shell.azure.com), an interactive shell environment that you can use through your browser. The good news is, the native Azure REST API calls are now available as part of the Cloud Shell. If you are not planning to use the Cloud Shell, then you’ll need to update to Azure CLI version 2.0.67+.
  4. Two body JSON files, one to enable Soft delete and the second one to disable Soft delete (more on this below).

Enable Soft Delete

First, you need to save the following JSON body on a file which will enable soft delete and set the retention for 14 days, you can change the retention period and set it between (1 up to 365) days.

{
"properties": {
    "shareDeleteRetentionPolicy": {
    "enabled": true,
    "days": 14
    }
},
"cors": {
    "corsRules": []
    }
}

Then upload the JSON file to your cloud shell $Home directory.

Disable Soft Delete

Similar to enable soft delete, you need to save the following JSON body on a file that will disable soft delete for file shares in a storage account. The enabled value is ‘false’ and days are set to ‘0’.

{
"properties": {
    "shareDeleteRetentionPolicy": {
    "enabled": false,
    "days": 0
    }
},
"cors": {
    "corsRules": []
}
}

Then upload the JSON file to your cloud shell $Home directory.

Automate Soft Delete for file shares

Open the cloud shell and switch to a PowerShell session. You can also use Bash instead of PowerShell, but you might face quoting formatting issues. Please refer to the following document about quoting issues for more details.

Set variables

Before we start, you need to set three variables in the cloud shell session that you need to refer to when you start automating this process via REST API. The variables are:

  • $subId = ‘Subscription Id’
  • $rgName = ‘Resource Group Name’
  • $saName = ‘Storage Account Name’

Get Soft delete for file shares

Once all variables are in place, you can use the following API call using ‘az rest –method get‘ to get the status of the Azure file share.

az rest --method get --uri /subscriptions/$subId/resourceGroups/$rgName/providers/Microsoft.Storage/storageAccounts/$saName/fileServices/default?api-versi/providers/Microsoft.Storage/storageAccounts/$saName/fileServices/default?api-version=2019-04-01

As you can see in the figure below, soft delete is disabled.

If you look at the Azure Portal, you will see that file share soft delete is disabled.

Set Soft delete for file shares

To enable soft delete, you can use the following API call using ‘az rest –method put‘ to set the properties of the Azure file share bypassing the body file –body ‘@enableSoftDelete.json’

az rest --method put --uri /subscriptions/$subId/resourceGroups/$rgName/providers/Microsoft.Storage/storageAccounts/$saName/fileServices/default?api-versi/providers/Microsoft.Storage/storageAccounts/$saName/fileServices/default?api-version=2019-04-01 --body '@enableSoftDelete.json'

As you can see in the figure below, the soft delete is enabled for 14 days.

If you look at the Azure Portal, you will see the same, file share soft delete is enabled now.

To disable soft delete, you can use the same API call using ‘az rest –method put‘ to set the properties of the Azure file share, but this time you need to pass the body file –body ‘@disableSoftDelete.json’

az rest --method put --uri /subscriptions/$subId/resourceGroups/$rgName/providers/Microsoft.Storage/storageAccounts/$saName/fileServices/default?api-versi/providers/Microsoft.Storage/storageAccounts/$saName/fileServices/default?api-version=2019-04-01 --body '@disableSoftDelete.json'

As you can see in the figure below, the soft delete is disabled again.

That’s it there you have it!

Summary

Soft delete protects your Azure file shares from accidental deletion. Microsoft recommends turning on soft delete for most file shares. If you have a workflow where share deletion is common and expected, you may decide to have a very short retention period or not have soft delete enabled at all. As described in this article, you can automate your workflow using the REST APIs.

Soft delete is one part of a data protection strategy and can help prevent inadvertent data loss. At the time of this writing, the only way to automate this process is by using the REST APIs, Azure PowerShell is not available yet. I hope that Microsoft will add this capability in the future.

If you are using Azure Backup, soft delete will be automatically enabled for all protected file share instances for 14 days by default. Soft delete does not protect against individual file deletions—for those, you should restore from your snapshot backups. To learn more about Azure Files (Sync) and Azure Backup integration, please check the following articles:

__
Thank you for reading my blog.

If you have any questions or feedback, please leave a comment.

-Charbel Nemnom-

About Charbel Nemnom 569 Articles
Charbel Nemnom is a Cloud Architect, Swiss Certified ICT Security Expert, Microsoft Most Valuable Professional (MVP), and Microsoft Certified Trainer (MCT), totally fan of the latest's IT platform solutions, accomplished hands-on technical professional with over 17 years of broad IT Infrastructure experience serving on and guiding technical teams to optimize the performance of mission-critical enterprise systems. Excellent communicator is adept at identifying business needs and bridging the gap between functional groups and technology to foster targeted and innovative IT project development. Well respected by peers through demonstrating passion for technology and performance improvement. Extensive practical knowledge of complex systems builds, network design, business continuity, and cloud security.

Be the first to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.