How to Protect your Azure blob storage from accidental deletion

I know this not a new feature, but this saved my proverbial behind earlier this week. I was cleaning out demo subscriptions and resource groups that I'm no longer using or that need to be reset for new demos. Well… It did not take long for me to pick one that I needed to keep and hit the “Delete resource group”.

delete-resource-group.png

And like any situation where you know you've screwed up. I knew the second I saw the notification.

delete-resource-group-notification.png

facepalm.jpg

Turns out this Resource Group was where stored all the recorded demos I regularly use…. #Facepalm 

This is also when I remembered I had enable blob soft delete on that storage account. 

Blob soft delete is available for both new and existing general-purpose v2, general-purpose v1, and Blob accounts (standard and premium). But only for unmanaged disks, which are page blobs under the covers, but is not available for managed disks.

If you have not enabled this on accounts where you have important data…. DO IT NOW!!

1. In the Azure portal, navigate to your account, and in the left-side menu find the “Data Protection” option under the “Blob service” section.

data-protection.png

2. Check the box for “Turn on soft delete for blob”, then specify how long soft-deleted blobs are to be retained by Azure Storage, and finally save your configuration.

enable-soft-delete.png

That's it! You are now protected. Anyway, I was still looking at how I was going to recover my data. I deleted the Resource Group!! Not just the storage account or just the blob container… started looking for documentation. And found the one I was looking for. Recover a deleted storage account.

I followed the steps that were simple, even when you're restoring a storage account from a deleted resource group.

1. Create a Resource Group with the EXACT SAME NAME you just deleted. Once it's created, navigate to the overview page for an existing storage account in the Azure portal. ANY existing storage account. And in the Support + section, select Recover deleted account.

data-protection.png

2. From the dropdown, select the account to recover. If the storage account that you want to recover is not in the dropdown, then it cannot be recovered. Once you have selected the account, click on recover button.

recover-account-2.png
Once the process is complete, your storage account will have been restored in its original spot. This really saved my bacon. I know it can potentially save yours.

Hopefully this can potentially save you some grief as well. 

Cheers!

Pierre

 
 
 
 
 
 
 

 

This article was originally published by Microsoft's Entra (Azure AD) Blog. You can find the original article here.