Recent enhancements of Azure Files provide improvements to multiple data protection strategies. Azure Files provides a systematic approach to ensuring your data is available, backed up, and recoverable, here are some recent announcements in this area:
Soft Delete
Azure file share has just begun a preview of soft delete. Aiding against accidental deletion, soft delete simply moves a file share into a temporary bin (like the recycle bin) where it can be recovered as needed. You can adjust the settings as required for how long data is recoverable before permanent erasure.
Restorable Snapshot Backups
Snapshots are incremental read-only point-in-time copies of your Azure file share. They can be done either manually, taking the snapshot in the Azure portal or through the command-line interface, or using Azure Backup.
A snapshot is stored within a file share, so if a file share is deleted, so too will be the snapshot. Simply enable soft delete (as gone over above) to handle this issue.
When setting up Recovery Services Vault, you configure the backup policy and then Azure Backup handles the rest. The new grandfather-father-son (GFS) feature enables yearly, monthly, weekly and daily snapshots, each of which can have their own retention settings.
- https://docs.microsoft.com/en-us/azure/backup/soft-delete-azure-file-share
- https://azure.microsoft.com/en-us/blog/azure-files-share-snapshot-management-by-azure-backup-is-now-generally-available/
Redundancy Options
Azure Files provides a range of redundancy options to protect data from both prearranged and unexpected events, such as hardware failure, network interruption, natural disasters or states of emergency.
All Azure file shares are able to use locally-redundant (LRS) or zone-redundant storage (ZRS). Standard file shares under 5 TB can use geo-redundant (GRS) and geo-zone-redundant storage (GZRS).
Access control options to secure your data
Access control via the storage account key has been the long-standing method of securing data in Azure Files but it now also supports Azure Active Directory Domain Services (Azure AD DS) and currently in preview, identity-based authentication and access control over Server Message Block.
