Container soft delete protects your data from being accidentally or erroneously modified or deleted. When container soft delete is enabled for a storage account, a container and its contents may be recovered after it has been deleted, within a retention period that you specify. For more details about container soft delete, see Soft delete for containers.
For end-to-end data protection, Microsoft recommends that you also enable soft delete for blobs and blob versioning. To learn how to also enable soft delete for blobs, see Enable and manage soft delete for blobs. To learn how to enable blob versioning, see Blob versioning.
Enable container soft delete
You can enable or disable container soft delete for the storage account at any time by using the Azure portal, PowerShell, Azure CLI, or an Azure Resource Manager template. Microsoft recommends setting the retention period for container soft delete to a minimum of seven days.
To enable container soft delete for your storage account by using Azure portal, follow these steps:
In the Azure portal, navigate to your storage account.
Locate the Data protection settings under Data management.
Select Enable soft delete for containers.
Specify a retention period between 1 and 365 days.
Save your changes.
To enable container soft delete with PowerShell, first install the Az.Storage module, version 3.9.0 or later. Next, call the Enable-AzStorageContainerDeleteRetentionPolicy command and specify the number of days for the retention period. Remember to replace the values in angle brackets with your own values:
To disable container soft delete, call the Disable-AzStorageContainerDeleteRetentionPolicy command.
To enable container soft delete with Azure CLI, first install Azure CLI, version 2.26.0 or later. Next, call the az storage account blob-service-properties update command and specify the number of days for the retention period. Remember to replace the values in angle brackets with your own values:
az storage account blob-service-properties show --account-name <storage-account> \
--resource-group <resource-group>
To disable container soft delete, specify false for the --enable-container-delete-retention parameter.
To enable container soft delete with an Azure Resource Manager template, create a template that sets the containerDeleteRetentionPolicy property. The following steps describe how to create a template in the Azure portal.
In the Azure portal, choose Create a resource.
In Search the Marketplace, type template deployment, and then press ENTER.
Choose Template deployment, choose Create, and then choose Build your own template in the editor.
In the template editor, paste in the following JSON. Replace the <account-name> placeholder with the name of your storage account.
Specify the retention period. The default value is 7.
Save the template.
Specify the resource group of the account, and then choose the Review + create button to deploy the template and enable container soft delete.
View soft-deleted containers
When soft delete is enabled, you can view soft-deleted containers in the Azure portal. Soft-deleted containers are visible during the specified retention period. After the retention period expires, a soft-deleted container is permanently deleted and is no longer visible.
To view soft-deleted containers in the Azure portal, follow these steps:
Navigate to your storage account in the Azure portal and view the list of your containers.
Toggle the Show deleted containers switch to include deleted containers in the list.
Restore a soft-deleted container
You can restore a soft-deleted container and its contents within the retention period. To restore a soft-deleted container in the Azure portal, follow these steps:
Navigate to your storage account in the Azure portal and view the list of your containers.
Display the context menu for the container you wish to restore, and choose Undelete from the menu.
Learn how Azure Storage provides multilayered security to protect your data with access keys, secure networks, and Advanced Threat Protection monitoring.