Logo of Trend Micro
Use the Knowledge Base AI to help improve your Cloud Posture

Enable Soft Delete for Azure File Shares

Trend Vision One™ provides continuous assurance that gives peace of mind for your cloud infrastructure, delivering over 1100 automated best practice checks.

Risk Level: Medium (should be achieved)

Ensure that the Soft Delete protection feature is enabled for all your Microsoft Azure File Shares in order to maintain data integrity. When enabled, Soft Delete allows for the recovery of Azure File Shares in most deletion scenarios. If you have deleted File Shares that you want to retain, be sure to restore them before the scheduled purge date.

Security
Reliability

Enabling Soft Delete for Azure File Shares helps protect against accidental or malicious deletions, allowing recovery of deleted File Shares for a specified retention period. It enhances data security, compliance, and operational continuity by preventing permanent deletion of critical data.

Audit

To determine if the Soft Delete feature is enabled for your Azure File Shares, perform the following operations:

Using Azure Console

01 Sign in to the Microsoft Azure Portal.

02 Navigate to All resources blade available at https://portal.azure.com/#browse/all to access all your Microsoft Azure cloud resources.

03 Choose the Azure subscription that you want to access from the Subscription equals all filter box and choose Apply.

04 From the Type equals all filter box, choose Equals, select Storage account, and choose Apply to list only the Storage accounts available in the selected Azure subscription.

05 Click on the name (link) of the Azure Storage account that you want to examine.

06 In the resource navigation panel, under Data storage, choose File shares to access the configuration settings available for Azure File Shares in the selected Storage account.

07 In the File share settings section, check the Soft delete attribute value to determine the Soft Delete feature status for your Azure File Shares. If Soft delete is set to Disabled, the Soft Delete data protection feature is not enabled for the File Shares in the selected Azure Storage account.

08 Repeat steps no. 5 – 7 for each Azure Storage account available within the selected subscription.

09 Repeat steps no. 3 – 8 for each subscription created in your Microsoft Azure cloud account.

Using Azure CLI

01 Run account list command (Windows/macOS/Linux) with custom output filters to list the IDs of the cloud subscriptions available in your Azure cloud account: 

az account list
	--query '[*].id'

02 The command output should return the requested subscription identifiers (IDs): 

[
	"abcdabcd-1234-abcd-1234-abcdabcdabcd",
	"abcd1234-abcd-1234-abcd-abcd1234abcd"
]

03 Run account set command (Windows/macOS/Linux) with the ID of the Azure cloud subscription that you want to examine as the identifier parameter to set the selected subscription to be the current active subscription (the command does not produce an output): 

az account set
	--subscription abcdabcd-1234-abcd-1234-abcdabcdabcd

04 Run storage account list command (Windows/macOS/Linux) with custom output filters to describe the identifier (name) of each storage account provisioned in the selected subscription: 

az storage account list
	--query '[*].name'

05 The command output should return the requested storage account names: 

[
	"project5storageaccount",
	"cloudaistorageaccount"
]

06 Run storage account file-service-properties show command (Windows/macOS/Linux) with the name of the Azure Storage account that you want to examine as the identifier parameter and custom output filters to describe the Soft Delete feature status for Azure File Shares in the selected Storage account: 

az storage account file-service-properties show
	--account-name project5storageaccount
	--query 'shareDeleteRetentionPolicy.enabled'

07 The command output should return the requested configuration status (true for enabled, false for disabled): 

false

If the storage account file-service-properties show command output returns false, as shown in the example above, the Soft Delete data protection feature is not enabled for the File Shares in the selected Azure Storage account.

08 Repeat steps no. 6 and 7 for each Azure Storage account provisioned in the selected subscription.

09 Repeat steps no. 3 – 8 for each subscription available in your Microsoft Azure cloud account.

Remediation / Resolution

To disable public network access to your Azure virtual machine (VM) disks, perform the following operations:

Using Azure Console

01 Sign in to the Microsoft Azure Portal.

02 Navigate to All resources blade available at https://portal.azure.com/#browse/all to access all your Microsoft Azure cloud resources.

03 Choose the Azure subscription that you want to access from the Subscription equals all filter box and choose Apply.

04 From the Type equals all filter box, choose Equals, select Storage account, and choose Apply to list only the Storage accounts available in the selected Azure subscription.

05 Click on the name (link) of the Azure Storage account that you want to examine.

06 In the resource navigation panel, under Data storage, choose File shares to access the configuration settings available for Azure File Shares in the selected Storage account.

07 In the File share settings section, click on Disabled (link) next to Soft delete to access the feature settings.

08 On the Soft delete configuration panel, perform the following actions:

  1. For Soft delete for all file shares, click on the toggle button to set it to Enabled.
  2. For Retention policies, move the slider to set the File Share retention period (in days). The retention period represents the amount of time that soft deleted data is stored and available for recovery.
  3. Choose Save to apply the changes. This will enable the Soft Delete protection feature for the File Shares in the selected Azure Storage account.

09 Repeat steps no. 5 – 8 for each Azure Storage account available within the selected subscription.

10 Repeat steps no. 3 – 9 for each subscription created in your Microsoft Azure cloud account.

Using Azure CLI

01 Run account list command (Windows/macOS/Linux) with custom output filters to list the IDs of the cloud subscriptions available in your Azure cloud account: 

az account list
	--query '[*].id'

02 The command output should return the requested subscription identifiers (IDs): 

[
	"abcdabcd-1234-abcd-1234-abcdabcdabcd",
	"abcd1234-abcd-1234-abcd-abcd1234abcd"
]

03 Run account set command (Windows/macOS/Linux) with the ID of the Azure cloud subscription that you want to examine as the identifier parameter to set the selected subscription to be the current active subscription (the command does not produce an output): 

az account set
	--subscription abcdabcd-1234-abcd-1234-abcdabcdabcd

04 Run storage account file-service-properties update command (Windows/macOS/Linux) with the name of the Azure Storage account that you want to configure as the identifier parameter, to enable the Soft Delete protection feature for the File Shares in the selected Storage account. Use the --delete-retention-days command parameter to set the retention period (in days). The retention period represents the amount of time (between 1 and 365 days, inclusive) that soft deleted data is stored and available for recovery: 

az storage account file-service-properties update
	--account-name project5storageaccount
	--enable-delete-retention true
	--delete-retention-days 30

05 The command output should return the configuration information available for the modified resource: 

{
	"cors": null,
	"id": "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Storage/storageAccounts/project5storageaccount/fileServices/default",
	"name": "default",
	"protocolSettings": null,
	"resourceGroup": "cloud-shell-storage-westeurope",
	"shareDeleteRetentionPolicy": {
		"allowPermanentDelete": null,
		"days": 30,
		"enabled": true
	},
	"sku": null,
	"type": "Microsoft.Storage/storageAccounts/fileServices"
}

06 Repeat steps no. 4 and 5 for each Azure Storage account provisioned in the selected subscription.

07 Repeat steps no. 3 – 6 for each subscription created in your Microsoft Azure cloud account.

References

Publication date May 8, 2025

Related StorageAccounts rules