iCompaas Support

Profile Applicability:
 Level 1

Description:
 Soft Delete for Azure File Shares protects against accidental or malicious deletion by retaining deleted files and shares for a configurable retention period. During this period, deleted data can be recovered, enhancing data protection and availability.

Rationale:
 Enabling Soft Delete mitigates risks related to data loss from unintended deletions or ransomware attacks. It improves resilience and supports compliance by ensuring backup data can be restored within the retention window.

Impact:

• Pros:
  

  • Prevents permanent data loss from accidental or malicious deletions.
    

  • Supports business continuity and disaster recovery.
    

  • Helps meet data retention and compliance requirements.
    

• Cons:
  

  • May increase storage costs due to retained deleted data.
    

  • Requires management of retention settings.
    

Default Value:
 Soft Delete is disabled by default on Azure File Shares and must be enabled explicitly.

Pre-requisites:

• Azure Storage Account with file shares.
  

• Permissions to modify storage account and file share settings.
  

Remediation

Test Plan:

Using Azure Portal:

1. Sign in to https://portal.azure.com.
   

2. Navigate to the Storage Account hosting the file shares.
   

3. Under Data protection, locate the Soft Delete option for file shares.
   

4. Verify that Soft Delete is enabled and retention period is set.
   

Using Azure CLI:

1. Check soft delete status for file shares

az storage account blob-service-properties show --account-name <storage-account-name> --query deleteRetentionPolicy

2. Confirm enabled is true and retention days are configured.

Implementation Plan

Using Azure Portal:

1. Navigate to the Storage Account’s Data protection settings.
   

2. Enable Soft Delete for file shares.
   

3. Set the retention period (e.g., 7 days or as per policy).
   

4. Save changes and verify.
   

Using Azure CLI:

1. Enable soft delete and configure retention days:

az storage account blob-service-properties update --account-name <storage-account-name> --delete-retention-days <days> --enable-delete-retention true

2. Confirm settings are applied.

Backout Plan

Using Azure Portal:

1. Disable Soft Delete by toggling off the feature.
   

2. Understand the risk of permanent deletion after disabling.
   

Using Azure CLI:

1. Disable soft delete:

az storage account blob-service-properties update --account-name <storage-account-name> --enable-delete-retention false

References:

• Azure File Shares Soft Delete
  

• Manage Soft Delete for Azure Storage