Overview of data protection options

The following table summarizes the options available in Azure Storage for common data protection scenarios. Choose the scenarios that are applicable to your situation to learn more about the options available to you. Not all features are available at this time for storage accounts with a hierarchical namespace enabled.

ScenarioData protection optionRecommendationsProtection benefitAvailable for Data Lake Storage
Prevent a storage account from being deleted or modified.Azure Resource Manager lock
Lock all of your storage accounts with an Azure Resource Manager lock to prevent deletion of the storage account.Protects the storage account against deletion or configuration changes.

Doesn't protect containers or blobs in the account from being deleted or overwritten.		Yes
Prevent a blob version from being deleted for an interval that you control.Immutability policy on a blob version
Set an immutability policy on an individual blob version to protect business-critical documents, for example, in order to meet legal or regulatory compliance requirements.Protects a blob version from being deleted and its metadata from being overwritten. An overwrite operation creates a new version.

If at least one container has version-level immutability enabled, the storage account is also protected from deletion. Container deletion fails if at least one blob exists in the container.		No
Prevent a container and its blobs from being deleted or modified for an interval that you control.Immutability policy on a container

Set an immutability policy on a container to protect business-critical documents, for example, in order to meet legal or regulatory compliance requirements.Protects a container and its blobs from all deletes and overwrites.

When a legal hold or a locked time-based retention policy is in effect, the storage account is also protected from deletion. Containers for which no immutability policy has been set aren't protected from deletion.		Yes
Restore a deleted container within a specified interval.Container soft delete
Enable container soft delete for all storage accounts, with a minimum retention interval of seven days.

Enable blob versioning and blob soft delete together with container soft delete to protect individual blobs in a container.

Store containers that require different retention periods in separate storage accounts.		A deleted container and its contents may be restored within the retention period.

Only container-level operations (for example, Delete Container) can be restored. Container soft delete doesn't enable you to restore an individual blob in the container if that blob is deleted.		Yes
Automatically save the state of a blob in a previous version when it's overwritten.Blob versioning
Enable blob versioning, together with container soft delete and blob soft delete, for storage accounts where you need optimal protection for blob data.

Store blob data that doesn't require versioning in a separate account to limit costs.		Every blob write operation creates a new version. The current version of a blob may be restored from a previous version if the current version is deleted or overwritten.No
Restore a deleted blob or blob version within a specified interval.Blob soft delete
Enable blob soft delete for all storage accounts, with a minimum retention interval of seven days.

Enable blob versioning and container soft delete together with blob soft delete for optimal protection of blob data.

Store blobs that require different retention periods in separate storage accounts.		A deleted blob or blob version may be restored within the retention period.Yes
Restore a set of block blobs to a previous point in time.Point-in-time restore
To use point-in-time restore to revert to an earlier state, design your application to delete individual block blobs rather than deleting containers.A set of block blobs may be reverted to their state at a specific point in the past.

Only operations performed on block blobs are reverted. Any operations performed on containers, page blobs, or append blobs aren't reverted.		No
Manually save the state of a blob at a given point in time.Blob snapshot
Recommended as an alternative to blob versioning when versioning isn't appropriate for your scenario, due to cost or other considerations, or when the storage account has a hierarchical namespace enabled.A blob may be restored from a snapshot if the blob is overwritten. If the blob is deleted, snapshots are also deleted.Yes, in preview
A blob can be deleted or overwritten, but the data is regularly copied to a second storage account.Roll-your-own solution for copying data to a second account by using Azure Storage object replication or a tool like AzCopy or Azure Data Factory.Recommended for peace-of-mind protection against unexpected intentional actions or unpredictable scenarios.

Create the second storage account in the same region as the primary account to avoid incurring egress charges.		Data can be restored from the second storage account if the primary account is compromised in any way.AzCopy and Azure Data Factory are supported.

Object replication isn't supported.


mysql database training courses malaysia

Comments

Post a Comment

Popular posts from this blog

Azure built-in roles for tables

Azure RBAC provides built-in roles for authorizing access to table data using Microsoft Entra ID and OAuth. Built-in roles that provide permissions to tables in Azure Storage include: Storage Table Data Contributor: Use to grant read/write/delete permissions to Table storage resources. Storage Table Data Reader: Use to grant read-only permissions to Table storage resources. To learn how to assign an Azure built-in role to a security principal, see Assign an Azure role for access to table data. To learn how to list Azure RBAC roles and their permissions, see List Azure role definitions. For more information about how built-in roles are defined for Azure Storage, see Understand role definitions. For information about creating Azure custom roles, see Azure custom roles. Only roles explicitly defined for data access permit a security principal to access table data. Built-in roles such as Owner, Contributor, and Storage Account Contributor permit a security principal to manage a storage acc...
Read more

Explore Dataflows Gen2 in Microsoft Fabric

  In Microsoft Fabric, you can create a Dataflow Gen2 in the Data Factory workload or Power BI workspace, or directly in the lakehouse. Since our scenario is focused on data ingestion, let's look at the  Data Factory  workload experience. Dataflows Gen2 use Power Query Online to visualize transformations.  1. Power Query ribbon Dataflows Gen2 support a wide variety of data source connectors. Common sources include cloud and on-premises relational databases, Excel or flat files, SharePoint, SalesForce, Spark, and Fabric lakehouses. Then there are numerous data transformations possible, such as: Filter and Sort rows Pivot and Unpivot Merge and Append queries Split and Conditional split Replace values and Remove duplicates Add, Rename, Reorder, or Delete columns Rank and Percentage calculator Choose Top N and Bottom N You can also create and manage data source connections, manage parameters, and configure the default data destination in this ribbon. 2. Queries pane The ...
Read more

Select and configure an appropriate method for access to Azure Blobs

Azure Storage supports using Microsoft Entra ID to authorize requests to blob data. With Microsoft Entra ID, you can use Azure role-based access control (Azure RBAC) to grant permissions to a security principal, which may be a user, group, or application service principal. The security principal is authenticated by Microsoft Entra ID to return an OAuth 2.0 token. The token can then be used to authorize a request against the Blob service. Authorization with Microsoft Entra ID is available for all general-purpose and Blob storage accounts in all public regions and national clouds. Only storage accounts created with the Azure Resource Manager deployment model support Microsoft Entra authorization. For optimal security, Microsoft recommends using Microsoft Entra ID with managed identities to authorize requests against blob, queue, and table data, whenever possible. Authorization with Microsoft Entra ID and managed identities provides superior security and ease of use over Shared Key author...
Read more