🚀Launch Week 09, June 30th - July 4th, 2025🚀
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-azure-compliance
Overview
15Dashboards
1464Benchmarks
449Queries
2Variables
GitHub

Control: Soft delete for Azure File Shares should be enabled

Description

Enable soft delete for Azure File Shares to allow recovery of data that is mistakenly deleted by an application or user.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.storage_account_file_share_soft_delete_enabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.storage_account_file_share_soft_delete_enabled --share

SQL

This control uses a named query:

select
  sa.id as resource,
  case
    when file_soft_delete_enabled
    and file_soft_delete_retention_days between 1 and 365 then 'ok'
    else 'alarm'
  end as status,
  case
    when not file_soft_delete_enabled then name || ' file share soft delete disabled.'
    when file_soft_delete_retention_days < 1
    or file_soft_delete_retention_days > 365 then name || ' file share soft delete retention days (' || file_soft_delete_retention_days || ') not between 1 and 365.'
    else name || ' file share soft delete enabled with ' || file_soft_delete_retention_days || ' days retention.'
  end as reason,
  sa.resource_group as resource_group,
  sub.display_name as subscription
from
  azure_storage_account sa,
  azure_subscription sub
where
  sub.subscription_id = sa.subscription_id;

Tags

service = Azure/Storage