Blob Containers - Extend Immutability Policy
Extends the immutabilityPeriodSinceCreationInDays of a locked immutabilityPolicy. The only action allowed on a Locked policy will be this action. ETag in If-Match is required for this operation.
POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Storage/storageAccounts/{accountName}/blobServices/default/containers/{containerName}/immutabilityPolicies/default/extend?api-version=2025-08-01URI Parameters
| Name | In | Required | Type | Description |
|---|---|---|---|---|
|
account
|
path | True |
string minLength: 3maxLength: 24 pattern: ^[a-z0-9]+$ |
The name of the storage account within the specified resource group. Storage account names must be between 3 and 24 characters in length and use numbers and lower-case letters only. |
|
container
|
path | True |
string minLength: 3maxLength: 63 |
The name of the blob container within the specified storage account. Blob container names must be between 3 and 63 characters in length and use numbers, lower-case letters and dash (-) only. Every dash (-) character must be immediately preceded and followed by a letter or number. |
|
resource
|
path | True |
string minLength: 1maxLength: 90 |
The name of the resource group. The name is case insensitive. |
|
subscription
|
path | True |
string (uuid) |
The ID of the target subscription. The value must be an UUID. |
|
api-version
|
query | True |
string minLength: 1 |
The API version to use for this operation. |
Request Header
| Name | Required | Type | Description |
|---|---|---|---|
| If-Match | True |
string |
The entity state (ETag) version of the immutability policy to update must be returned to the server for all update operations. The ETag value must include the leading and trailing double quotes as returned by the service. |
Request Body
| Name | Type | Description |
|---|---|---|
| properties.allowProtectedAppendWrites |
boolean |
This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. |
| properties.allowProtectedAppendWritesAll |
boolean |
This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both 'Append and Bock Blobs' while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The 'allowProtectedAppendWrites' and 'allowProtectedAppendWritesAll' properties are mutually exclusive. |
| properties.immutabilityPeriodSinceCreationInDays |
integer (int32) |
The immutability period for the blobs in the container since the policy creation, in days. |
Responses
| Name | Type | Description |
|---|---|---|
| 200 OK |
Azure operation completed successfully. Headers ETag: string |
|
| Other Status Codes |
An unexpected error response. |
Security
azure_auth
Azure Active Directory OAuth2 Flow.
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name | Description |
|---|---|
| user_impersonation | impersonate your user account |
Examples
ExtendImmutabilityPolicy
Sample request
POST https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/res6238/providers/Microsoft.Storage/storageAccounts/sto232/blobServices/default/containers/container5023/immutabilityPolicies/default/extend?api-version=2025-08-01
{
"properties": {
"immutabilityPeriodSinceCreationInDays": 100
}
}
Sample response
{
"name": "default",
"type": "Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies",
"etag": "\"8d57a8b2ff50332\"",
"id": "/subscriptions/{subscription-id}/resourceGroups/res6238/providers/Microsoft.Storage/storageAccounts/sto232/blobServices/default/containers/container5023/immutabilityPolicies/default",
"properties": {
"immutabilityPeriodSinceCreationInDays": 100,
"state": "Locked"
}
}Definitions
| Name | Description |
|---|---|
|
created |
The type of identity that created the resource. |
|
Error |
An error response from the storage resource provider. |
|
Error |
Error response body contract. |
|
Immutability |
The ImmutabilityPolicy property of a blob container, including Id, resource name, resource type, Etag. |
|
Immutability |
The ImmutabilityPolicy state of a blob container, possible values include: Locked and Unlocked. |
|
system |
Metadata pertaining to creation and last modification of the resource. |
createdByType
The type of identity that created the resource.
| Value | Description |
|---|---|
| User | |
| Application | |
| ManagedIdentity | |
| Key |
ErrorResponse
An error response from the storage resource provider.
| Name | Type | Description |
|---|---|---|
| error |
Azure Storage Resource Provider error response body. |
ErrorResponseBody
Error response body contract.
| Name | Type | Description |
|---|---|---|
| code |
string |
An identifier for the error. Codes are invariant and are intended to be consumed programmatically. |
| message |
string |
A message describing the error, intended to be suitable for display in a user interface. |
ImmutabilityPolicy
The ImmutabilityPolicy property of a blob container, including Id, resource name, resource type, Etag.
| Name | Type | Description |
|---|---|---|
| etag |
string |
Resource Etag. |
| id |
string (arm-id) |
Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}" |
| name |
string |
The name of the resource |
| properties.allowProtectedAppendWrites |
boolean |
This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. |
| properties.allowProtectedAppendWritesAll |
boolean |
This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both 'Append and Bock Blobs' while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The 'allowProtectedAppendWrites' and 'allowProtectedAppendWritesAll' properties are mutually exclusive. |
| properties.immutabilityPeriodSinceCreationInDays |
integer (int32) |
The immutability period for the blobs in the container since the policy creation, in days. |
| properties.state |
The ImmutabilityPolicy state of a blob container, possible values include: Locked and Unlocked. |
|
| systemData |
Azure Resource Manager metadata containing createdBy and modifiedBy information. |
|
| type |
string |
The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
ImmutabilityPolicyState
The ImmutabilityPolicy state of a blob container, possible values include: Locked and Unlocked.
| Value | Description |
|---|---|
| Locked | |
| Unlocked |
systemData
Metadata pertaining to creation and last modification of the resource.
| Name | Type | Description |
|---|---|---|
| createdAt |
string (date-time) |
The timestamp of resource creation (UTC). |
| createdBy |
string |
The identity that created the resource. |
| createdByType |
The type of identity that created the resource. |
|
| lastModifiedAt |
string (date-time) |
The timestamp of resource last modification (UTC) |
| lastModifiedBy |
string |
The identity that last modified the resource. |
| lastModifiedByType |
The type of identity that last modified the resource. |