Skip to main content

Modifying a Storage Account and Setting Blob Container to Immutable in Azure

Hands-On Lab


Photo of Gary McLeary

Gary McLeary

Azure Training Architect I in Content





In this hands-on lab we create a blob container within an existing storage account. We also protect the Blob container against accidental removal through a Policy. This is an important task because sometimes we need to ensure the data is protected and retained for a certain amount of time. We complete this task through the Azure Portal by creating a policy and defining the restrictions within the policy. The learning outcome of this activity is to understand how to protect business critical data and also understand the different Blob states available depending on the scenario.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Modifying a Storage Account and Setting Blob Container to Immutable


In this hands-on lab, we secure an existing Azure storage account and provide temporary access to the blob storage. We do this by utilizing the built-in security features in the Shared Access Signature Keys. This is important because we always want to give the least permissions and access level required for the individual to do their job.


  1. Log in to the Azure Portal using the credentials provided on the lab instructions page.

Create a Container

  1. Click All resources from the left-hand menu.

  2. Click on the provided storage account.

  3. Click Containers under Services.

  4. Click + Container at the top of the window.

  5. In the Name field, enter worm.

  6. Click OK.

Upload Content

  1. Open a new browser window or tab and navigate to the address provided in the instructions.

  2. Download the file at the link.

  3. Return to the Azure Portal browser and click on worm.

  4. Click Upload at the top of the window.

  5. Under Files, click the folder icon to navigate to and select the downloaded file from the second step.

  6. Click Open in the file browser.

  7. Click Upload.

  8. Once the file finishes upload,ing, close the Upload blob window.

Convert the Storage Account From V1 to V2

  1. Click All resources.

  2. Click the provided storage account and verify the Account kind is "general purpose v1".

  3. Click Configuration under Settings.

  4. Under Account kind, click Upgrade.

  5. Select the account name and copy it. Paste the name into the Confirm upgrade box.

  6. Click Upgrade.

Create a 14-Day Retention Policy

  1. Navigate back to the All resources view in Azure portal.

  2. Click on the provided storage account.

  3. Under Containers, click + Container.

  4. Click worm.

  5. Under Settings, click Access policy.

  6. Under Immutable blob storage, click + Add policy.

  7. For Policy type, select Time-based retention.

  8. Enter 14 in the Set retention period for box.

  9. Click OK.

  1. Click the ellipses in the Time-based retention row to pull up the context menu.

  2. Select Lock policy.

  3. Type yes into the Confirm retention policy box.

  4. Click OK.


Congratulations — you've completed this hands-on lab!