Creating, modifying, or deleting a time retention policy or legal record for a blob version incurs a write transaction fee. If you have questions about using Azure Storage, immutability, WORM compliance, or something Azure-related hardware, you`ve come to the right place. Click on the link below or contact us – we`re here to help. This is a huge cost saving in terms of administrative simplification for companies that are in compliance. These companies can now use Azure Storage and add compliance to storage as needed. Another cost reduction is that all tiers, including the archive, support the immutable storage policy. 10 Repeat steps 4 through 9 for each available storage account in the selected Azure subscription. Immutable storage helps healthcare organizations, financial institutions, and related industries, especially brokerage organizations, store data securely. Immutable storage can be used in any scenario to protect critical data from modification or deletion. The immutable blob storage feature provided by the Microsoft Azure Storage service helps you store blobs in an immutable form and provides an additional layer of protection against object modification and deletion. This feature is also useful when you need to meet regulatory requirements related to data protection, as immutable storage helps healthcare organizations, financial institutions, and related industries store data securely and securely. Ensure that immutable blob storage is enabled for Microsoft Azure Storage blob containers that contain sensitive and business-critical information.

You can use immutable blob storage to store critical production data objects in the Write Once, Read Many (WORM) state. This state renders the data indelible and cannot be changed during a user-specified time interval. Azure blobs can be created and read for the duration of the configured retention interval, but cannot be edited or deleted. The feature supports two types of policies that you can apply to a container to store data in the specified container in an immutable, deletion-protected state:1. A time-based immutability policy – this policy can be used for regulatory compliance to block data for future processing. After the policy is locked, it cannot be unlocked.2. A legal retention policy: This allows you to set an unlimited lock on all blobs in a container. If a legal lock is set, the container data is placed in a delete-protected state and a change-protected state. 2.

Azure Storage supports legal retention requirements – This is often required in various litigation or investigations, including patent litigation. You can now place the data, including files, emails, and other types required for this legal retention, in a blob container and add a legal stop. 02 Go to the Azure Storage Accounts blade under portal.azure.com/#blade/HubsExtension/BrowseResourceBlade/resourceType/Microsoft.Storage%2FStorageAccounts. When you define the immutable blob storage policy, you can choose between legal retention and time-based retention in the Azure portal. According to the document arm template supports immutable blob storage. However, only applications with immutabilityPeriodSinceCreationInDays are accepted. If I try to set it without setting it, I get: Under Immutable Blob Storage, look for the Range field. If the container is configured with a retention policy at the default version, the scope is set to Version, as shown in the following figure: In the Azure portal, go to the Containers page of your storage account and choose Add. Immutable storage for Azure Blob storage allows users to store critical data in a worm state (write once, read multiple). In the WORM state, data cannot be modified or deleted during a user-specified interval. By configuring immutability policies for blob data, you can protect your data from overrides and deletions.

For more information about supported storage account configurations for version-level immutability policies, see Supported Account Configurations. To configure an immutability policy limited to a blob version, you must enable version-level immutability support for the storage account or a container. After you enable version-level immutability support for a storage account, you can configure a default account-level policy that applies to all objects created later in the storage account. If you enable version-level immutability support for a single container, you can configure a default policy for that container that applies to all objects created later in the container. In today`s article, I want to talk about what WORM storage is and how it can help with compliance and security. With the recent addition of WORM storage in Azure, Microsoft supports immutable storage with its blob storage accounts, so that various regulated industries and legal situations can be properly supported in Azure. On the Privacy page, look for the Access Control section. If the storage account was created with version-level immutability support, the Manage Policy button appears in the Access Control section. You can enable version-level immutability support only when you create a new storage account. 1 Microsoft recommends that you upgrade current v1 accounts to general v2 accounts so that you can take advantage of more features.

To update an existing v1 general storage account, see Update a storage account. To lock a policy using PowerShell, call the az storage blob immutability-policy set command and set the –policy-mode parameter to Locked. You can also change the expiration at the time you lock the policy. If you enable software removal of blobs and then configure an immutability policy, all blobs that have already been software-removed will be permanently deleted after the software deletion retention policy expires. Blobs deleted in set mode can be restored during the software wipe retention period. A blob or version that has not yet been removed software is protected by the immutability policy and cannot be removed software-based until the time-based retention policy has expired or the legal lock has been lifted. Azure Storage Blob Inventory provides an overview of the containers in your storage accounts and the blobs, snapshots, and blob versions they contain. You can use the Blobin Inventory report to understand the attributes of blobs and containers, including whether an immutability policy is configured for a resource. 08 On the access policy configuration page, see the Immutable Blob Storage list for the retention policies that are set. If no immutable storage retention policy is configured, the Immutable Blob Storage Protection feature is not enabled for the selected Azure Storage blob container. Microsoft engaged cohasset Associates, a leading independent valuation firm specializing in records management and information governance, to evaluate the immutable storage of blobs and meet the specific requirements of the financial services industry. Cohasset confirmed that immutable memory, when used to store blobs in a WORM state, meets the relevant storage requirements of CFTC Rule 1.31(c)-(d), FINRA Rule 4511, and SEC Rule 17a-4(f).

Microsoft has focused on this set of rules as it is the world`s most prescriptive guide to record retention for financial institutions. The following diagram shows how time-based retention policies and legal retention requirements prevent writes and deletions while they take effect. There are 4 key areas supported by immutable storage in Azure: Depending on the scope, you can configure both a time-based retention policy and a legal lock on a resource (container or blob version). There are no additional capacity charges for using immutable storage; immutable data is priced in the same way as editable data. For more information about Azure Blob storage pricing, see the Azure Storage pricing page. Secure document retention: Immutable blob storage ensures that data cannot be modified or deleted by any user, including users with account administrator privileges.