Soft delete for blobs
Soft delete for blobs protects your data from being accidentally or erroneously modified or deleted. When soft delete for blobs is enabled for a storage account, blobs, blob versions, and snapshots in that storage account may be recovered after they are deleted, within a retention period that you specify.
If there is a possibility that your data may accidentally be modified or deleted by an application or another storage account user, Microsoft recommends turning on soft delete. For more information about enabling soft delete, see Enable and manage soft delete for blobs.
This feature is not yet supported in accounts that have a hierarchical namespace (Azure Data Lake Storage Gen2). To learn more, see Blob storage features available in Azure Data Lake Storage Gen2.
About soft delete for blobs
When soft delete for blobs is enabled on a storage account, you can recover objects after they have been deleted, within the specified data retention period. This protection extends to any blobs (block blobs, append blobs, or page blobs) that are erased as the result of an overwrite.
If data in an existing blob or snapshot is deleted while blob soft delete is enabled but blob versioning is not enabled, then a soft deleted snapshot is generated to save the state of the overwritten data. After the specified retention period has expired, the object is permanently deleted.
If blob versioning and blob soft delete are both enabled on the storage account, then deleting a blob creates a new version instead of a soft-deleted snapshot. The new version is not soft-deleted and is not removed when the soft-delete retention period expires. Soft-deleted versions of a blob can be restored within the retention period by calling the Undelete Blob operation. The blob can subsequently be restored from one of its versions by calling the Copy Blob operation. For more information about using blob versioning and soft delete together, see Blob versioning and soft delete.
Soft deleted objects are invisible unless explicitly listed.
Blob soft delete is backwards compatible, so you don't have to make any changes to your applications to take advantage of the protections this feature affords. However, data recovery introduces a new Undelete Blob API.
Blob soft delete is available for both new and existing general-purpose v2, general-purpose v1, and Blob storage accounts. Both standard and premium account types are supported. Blob soft delete is available for all storage tiers including hot, cool, and archive. Soft delete is available for unmanaged disks, which are page blobs under the covers, but is not available for managed disks.
When you create a new account, soft delete is disabled by default. Soft delete is also disabled by default for existing storage accounts. You can enable or disable soft delete for a storage account at any time.
When you enable soft delete, you must configure the retention period. The retention period indicates the amount of time that soft deleted data is stored and available for recovery. For objects that are explicitly deleted, the retention period clock starts when the data is deleted. For soft deleted versions or snapshots generated by the soft delete feature when data is overwritten, the clock starts when the version or snapshot is generated. The retention period may be between 1 and 365 days.
You can change the soft delete retention period at any time. An updated retention period applies only to newly deleted data. Previously deleted data expires based on the retention period that was configured when that data was deleted. Attempting to delete a soft deleted object does not affect its expiry time.
If you disable soft delete, you can continue to access and recover soft deleted data in your storage account that was saved while the feature was enabled.
Saving deleted data
Soft delete preserves your data in many cases where objects are deleted or overwritten.
When a blob is overwritten using Put Blob, Put Block List, or Copy Blob, a version or snapshot of the blob's state prior to the write operation is automatically generated. This object is invisible unless soft-deleted objects are explicitly listed. See the Recovery section to learn how to list soft deleted objects.
Soft deleted data is grey, while active data is blue. More recently written data appears beneath older data. When B0 is overwritten with B1, a soft deleted snapshot of B0 is generated. When B1 is overwritten with B2, a soft deleted snapshot of B1 is generated.
Soft delete only affords overwrite protection for copy operations when it is turned on for the destination blob's account.
Soft delete does not afford overwrite protection for blobs in the archive tier. If a blob in archive is overwritten with a new blob in any tier, the overwritten blob is permanently expired.
When Delete Blob is called on a snapshot, that snapshot is marked as soft deleted. A new snapshot is not generated.
Soft deleted data is grey, while active data is blue. More recently written data appears beneath older data. When Snapshot Blob is called, B0 becomes a snapshot and B1 is the active state of the blob. When the B0 snapshot is deleted, it is marked as soft deleted.
When Delete Blob is called on a base blob (any blob that is not itself a snapshot), that blob is marked as soft deleted. Consistent with previous behavior, calling Delete Blob on a blob that has active snapshots returns an error. Calling Delete Blob on a blob with soft deleted snapshots does not return an error. You can still delete a blob and all its snapshots in single operation when soft delete is turned on. Doing so marks the base blob and snapshots as soft deleted.
Soft deleted data is grey, while active data is blue. More recently written data appears beneath older data. Here, a Delete Blob call is made to delete B2 and all associated snapshots. The active blob, B2, and all associated snapshots are marked as soft deleted.
When a soft deleted blob is overwritten, a soft deleted snapshot of the blob's state prior to the write operation is automatically generated. The new blob inherits the tier of the overwritten blob.
Soft delete does not save your data in cases of container or account deletion, nor when blob metadata and blob properties are overwritten. To protect a storage account from deletion, you can configure a lock using the Azure Resource Manager. For more information, see the Azure Resource Manager article Lock resources to prevent unexpected changes.
The following table details expected behavior when soft delete is turned on:
|REST API operation||Resource type||Description||Change in behavior|
|Delete||Account||Deletes the storage account, including all containers and blobs that it contains.||No change. Containers and blobs in the deleted account are not recoverable.|
|Delete Container||Container||Deletes the container, including all blobs that it contains.||No change. Blobs in the deleted container are not recoverable.|
|Put Blob||Block, append, and page blobs||Creates a new blob or replaces an existing blob within a container||If used to replace an existing blob, a snapshot of the blob's state prior to the call is automatically generated. This also applies to a previously soft deleted blob if and only if it is replaced by a blob of the same type (Block, append, or Page). If it is replaced by a blob of a different type, all existing soft deleted data will be permanently expired.|
|Delete Blob||Block, append, and page blobs||Marks a blob or blob snapshot for deletion. The blob or snapshot is later deleted during garbage collection||If used to delete a blob snapshot, that snapshot is marked as soft deleted. If used to delete a blob, that blob is marked as soft deleted.|
|Copy Blob||Block, append, and page blobs||Copies a source blob to a destination blob in the same storage account or in another storage account.||If used to replace an existing blob, a snapshot of the blob's state prior to the call is automatically generated. This also applies to a previously soft deleted blob if and only if it is replaced by a blob of the same type (Block, append, or Page). If it is replaced by a blob of a different type, all existing soft deleted data will be permanently expired.|
|Put Block||Block blobs||Creates a new block to be committed as part of a block blob.||If used to commit a block to a blob that is active, there is no change. If used to commit a block to a blob that is soft deleted, a new blob is created and a snapshot is automatically generated to capture the state of the soft deleted blob.|
|Put Block List||Block blobs||Commits a blob by specifying the set of block IDs that comprise the block blob.||If used to replace an existing blob, a snapshot of the blob's state prior to the call is automatically generated. This also applies to a previously soft deleted blob if and only if it is a block blob. If it is replaced by a blob of a different type, all existing soft deleted data will be permanently expired.|
|Put Page||Page blobs||Writes a range of pages to a page blob.||No change. Page blob data that is overwritten or cleared using this operation is not saved and is not recoverable.|
|Append Block||Append Blobs||Writes a block of data to the end of an append blob||No change.|
|Set Blob Properties||Block, append, and page blobs||Sets values for system properties defined for a blob.||No change. Overwritten blob properties are not recoverable.|
|Set Blob Metadata||Block, append, and page blobs||Sets user-defined metadata for the specified blob as one or more name-value pairs.||No change. Overwritten blob metadata is not recoverable.|
It is important to notice that calling Put Page to overwrite or clear ranges of a page blob will not automatically generate snapshots. Virtual machine disks are backed by page blobs and use Put Page to write data.
Calling the Undelete Blob operation on a soft deleted base blob restores it and all associated soft deleted snapshots as active. Calling the Undelete Blob operation on an active base blob restores all associated soft deleted snapshots as active. When snapshots are restored as active, they look like user-generated snapshots; they do not overwrite the base blob.
To restore a blob to a specific soft deleted snapshot, you can call Undelete Blob on the base blob. Then, you can copy the snapshot over the now-active blob. You can also copy the snapshot to a new blob.
Soft deleted data is grey, while active data is blue. More recently written data appears beneath older data. Here, Undelete Blob is called on blob B, thereby restoring the base blob, B1, and all associated snapshots, here just B0, as active. In the second step, B0 is copied over the base blob. This copy operation generates a soft deleted snapshot of B1.
To view soft deleted blobs and blob snapshots, you can choose to include deleted data in List Blobs. You can choose to view only soft deleted base blobs, or to include soft deleted blob snapshots as well. For all soft deleted data, you can view the time when the data was deleted as well as the number of days before the data will be permanently expired.
The following is the console output of a .NET script that uploads, overwrites, snapshots, deletes, and restores a blob named HelloWorld when soft delete is turned on:
Upload: - HelloWorld (is soft deleted: False, is snapshot: False) Overwrite: - HelloWorld (is soft deleted: True, is snapshot: True) - HelloWorld (is soft deleted: False, is snapshot: False) Snapshot: - HelloWorld (is soft deleted: True, is snapshot: True) - HelloWorld (is soft deleted: False, is snapshot: True) - HelloWorld (is soft deleted: False, is snapshot: False) Delete (including snapshots): - HelloWorld (is soft deleted: True, is snapshot: True) - HelloWorld (is soft deleted: True, is snapshot: True) - HelloWorld (is soft deleted: True, is snapshot: False) Undelete: - HelloWorld (is soft deleted: False, is snapshot: True) - HelloWorld (is soft deleted: False, is snapshot: True) - HelloWorld (is soft deleted: False, is snapshot: False) Copy a snapshot over the base blob: - HelloWorld (is soft deleted: False, is snapshot: True) - HelloWorld (is soft deleted: False, is snapshot: True) - HelloWorld (is soft deleted: True, is snapshot: True) - HelloWorld (is soft deleted: False, is snapshot: False)
See the Next steps section for a pointer to the application that produced this output.
Pricing and billing
All soft deleted data is billed at the same rate as active data. You will not be charged for data that is permanently deleted after the configured retention period. For a deeper dive into snapshots and how they accrue charges, see Understanding how snapshots accrue charges.
You will not be billed for the transactions related to the automatic generation of snapshots. You will be billed for Undelete Blob transactions at the rate for write operations.
For more details on prices for Azure Blob Storage in general, check out the Azure Blob Storage Pricing Page.
When you initially turn on soft delete, Microsoft recommends using a short retention period to better understand how the feature will affect your bill.
Enabling soft delete for frequently overwritten data may result in increased storage capacity charges and increased latency when listing blobs. You can mitigate this additional cost and latency by storing the frequently overwritten data in a separate storage account where soft delete is disabled.
Can I use the Set Blob Tier API to tier blobs with soft deleted snapshots?
Yes. The soft deleted snapshots will remain in the original tier, but the base blob will move to the new tier.
Premium storage accounts have a per blob snapshot limit of 100. Do soft deleted snapshots count toward this limit?
No, soft deleted snapshots do not count toward this limit.
If I delete an entire account or container with soft delete turned on, will all associated blobs be saved?
No, if you delete an entire account or container, all associated blobs will be permanently deleted. For more information about protecting a storage account from being accidentally deleted, see Lock Resources to Prevent Unexpected Changes.
Can I view capacity metrics for deleted data?
Soft deleted data is included as a part of your total storage account capacity. For more information on tracking and monitoring storage capacity, see Storage Analytics.
Can I read and copy out soft deleted snapshots of my blob?
Yes, but you must call Undelete on the blob first.
Is soft delete available for virtual machine disks?
Soft delete is available for both premium and standard unmanaged disks, which are page blobs under the covers. Soft delete will only help you recover data deleted by Delete Blob, Put Blob, Put Block List, and Copy Blob operations. Data overwritten by a call to Put Page is not recoverable.
An Azure virtual machine writes to an unmanaged disk using calls to Put Page, so using soft delete to undo writes to an unmanaged disk from an Azure VM is not a supported scenario.
Do I need to change my existing applications to use soft delete?
It is possible to take advantage of soft delete regardless of the API version you are using. However, to list and recover soft deleted blobs and blob snapshots, you will need to use version 2017-07-29 of the Azure Storage REST API or greater. Microsoft recommends always using the latest version of the Azure Storage API.