Set legal hold on Azure storage account container with ARM template

Question

How to set legal hold on Azure storage account container in ARM template?

When setting immutable blob storage policy Azure portal allows you to choose from legal hold and Time-base retention. According to doc arm template supports immutable blob storage. However only requests with immutabilityPeriodSinceCreationInDays are accepted. When trying without setting it, I am getting:

Missing at least one of the following properties 'immutabilityPeriodSinceCreationInDays,allowProtectedAppendWrites'

Or:

immutabilityPeriodSinceCreationInDays must be set before setting allowProtectedAppendWrites

Weirdest - without properties block in immutabilityPolicies (as below) request fails with InternalServerError:

{ "status": "Failed", "error": { "code": "UnexpectedException", "message": "The server was unable to complete your request." } }

{
  "name": "testsa/default/testcontainer/default",
  "type": "Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies",
  "apiVersion": "2019-06-01"
  // ,
  // "properties": {
  //   // "immutabilityPeriodSinceCreationInDays" : 10,
  //   // "allowProtectedAppendWrites": false
  // }
}

Jim Xu Jim Xu · Accepted Answer · 2021-01-27T01:16:22

According to my research, the resource type Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies just can be used to create time-based retention policies. Meanwhile, when creating time-based retention policies, the parameter immutabilityPeriodSinceCreationInDays is required. For more details, please refer to here and here.

Besides, at the moment, Azure ARM template does not provide any resource type to create set legal hold policy. For more details, please refer to here and here. So I suggest you use deployment scripts in template to implement tit.

Set legal hold on Azure storage account container with ARM template

1 Answers