Administration Guides
Immutable Storage for Azure Blob Storage
Home
Overview
This solution guide explains common configurations for leveraging legal hold or Azure blob ummutable retention options.
Configuring Blob Container Retention
- Review all documentation on Azure's retention features for blob storage here.
- Login to Azure console and open the storage account container access policies tab and select retention
- enter the Retention in days and save the policy.
- NOTE: only 1 retention policy is allowed per container
- The default mode allows changes to the policy and allows deleting the policy in a trial only mode. It is best practice to test copy data, configure incremental schedules on folders to verify everything is working as expected before locking the retention policy.
- NOTE: once a policy is locked the data cannot be deleted.
- Read all documentation and limitations before locking a policy since this cannot be undone and the retention of the data will be locked and paid for the duration of the lock.
- The retention settings are applied to the creation date of each object. Incremental mode on a folder will not be able to update objects that are modified on file system.
- If you see errors in an archive copy job you can view the errors with the command below changing the job id.
- searchctl archivedfolders errors --id job-1605642959317-2077753906 --tail --count 25
- If the reason column shows BlobImmutableDueToPolicy It means a modified file on disk was copied and the object already existed and is in a locked state.
How to Configure Legal Hold
- The difference between legal hold versus retention mode is that a legal hold can be applied and then removed at any time. Retention policies once applied and the policy locked cannot be undone and data cannot be deleted until the retention date has expired.
- In the Azure console the legal hold can be applied along with a tag to describe the reason for the hold.
- To remove the legal hold after it is applied, click the edit option and then the trash option.
- If you upload a file that already exists to a legal hold container you will see an error that legalholdpolicy using the errors command to display copy errors.