πŸ”’ Guided

Pre-launch preview. Authorised access only.

Incorrect code

Guided by A Guide to Cloud
Explore AB-900 AI-901
Guided AZ-104 Domain 2
Domain 2 β€” Module 4 of 5 80%
10 of 27 overall

AZ-104 Study Guide

Domain 1: Manage Azure Identities and Governance

  • Microsoft Entra ID: Your Identity Foundation Free
  • Users, Groups & Licenses Free
  • RBAC: Who Can Do What in Azure Free
  • Subscriptions, Resource Groups & Management Groups Free
  • Azure Policy & Resource Locks Free
  • Tags, Cost Management & Azure Advisor Free

Domain 2: Implement and Manage Storage

  • Storage Accounts & Redundancy
  • Securing Storage: Keys, SAS & Firewalls
  • Blob Containers & Storage Tiers
  • Blob Lifecycle, Versioning & Soft Delete
  • Azure Files: Shares, Snapshots & Recovery

Domain 3: Deploy and Manage Azure Compute Resources

  • ARM Templates & Bicep: Infrastructure as Code
  • Virtual Machines: Create & Configure Free
  • VM Disks, Encryption & Migration
  • Availability Sets, Zones & Scale Sets
  • Containers: ACR, ACI & Container Apps
  • App Service Plans & Scaling
  • App Service: Slots, Certificates & Networking

Domain 4: Implement and Manage Virtual Networking

  • Virtual Networks & Subnets
  • VNet Peering & User-Defined Routes
  • NSGs & Application Security Groups
  • Azure Bastion, Service & Private Endpoints
  • Azure DNS & Load Balancers

Domain 5: Monitor and Maintain Azure Resources

  • Azure Monitor: Metrics & Logs
  • Alerts, Insights & Network Watcher
  • Azure Backup & Vaults
  • Azure Site Recovery & Disaster Recovery

AZ-104 Study Guide

Domain 1: Manage Azure Identities and Governance

  • Microsoft Entra ID: Your Identity Foundation Free
  • Users, Groups & Licenses Free
  • RBAC: Who Can Do What in Azure Free
  • Subscriptions, Resource Groups & Management Groups Free
  • Azure Policy & Resource Locks Free
  • Tags, Cost Management & Azure Advisor Free

Domain 2: Implement and Manage Storage

  • Storage Accounts & Redundancy
  • Securing Storage: Keys, SAS & Firewalls
  • Blob Containers & Storage Tiers
  • Blob Lifecycle, Versioning & Soft Delete
  • Azure Files: Shares, Snapshots & Recovery

Domain 3: Deploy and Manage Azure Compute Resources

  • ARM Templates & Bicep: Infrastructure as Code
  • Virtual Machines: Create & Configure Free
  • VM Disks, Encryption & Migration
  • Availability Sets, Zones & Scale Sets
  • Containers: ACR, ACI & Container Apps
  • App Service Plans & Scaling
  • App Service: Slots, Certificates & Networking

Domain 4: Implement and Manage Virtual Networking

  • Virtual Networks & Subnets
  • VNet Peering & User-Defined Routes
  • NSGs & Application Security Groups
  • Azure Bastion, Service & Private Endpoints
  • Azure DNS & Load Balancers

Domain 5: Monitor and Maintain Azure Resources

  • Azure Monitor: Metrics & Logs
  • Alerts, Insights & Network Watcher
  • Azure Backup & Vaults
  • Azure Site Recovery & Disaster Recovery
Domain 2: Implement and Manage Storage Premium ⏱ ~12 min read

Blob Lifecycle, Versioning & Soft Delete

Automate blob management with lifecycle policies, protect against accidental deletion with soft delete, and track changes with versioning and snapshots. These features turn blob storage from a simple file dump into a managed data platform.

Blob lifecycle management

β˜• Simple explanation

Lifecycle policies are like automatic filing rules β€” β€œafter 30 days, move to the archive; after 365 days, delete.”

Without lifecycle policies, you’d manually move old blobs to cheaper tiers or delete expired data. With a lifecycle policy, Azure does it automatically based on rules you define: age, last access time, or creation date.

Blob lifecycle management policies are rule-based automation for transitioning blobs between access tiers and deleting them when they expire. Policies evaluate blobs based on last modified date, creation date, or last access time (requires access time tracking to be enabled).

Actions include: tierToCool, tierToCold, tierToArchive, delete, and enableAutoTierToHotFromCool. Rules can target base blobs, snapshots, and previous versions separately.

Example lifecycle policy rules

RuleActionTrigger
Move to Cool after 30 daystierToCool30 days after last modified
Move to Archive after 90 daystierToArchive90 days after last modified
Delete after 365 daysdelete365 days after creation
Delete old snapshotsdelete snapshot90 days after snapshot creation
Delete previous versionsdelete version60 days after version creation
Real-world: TechCorp's lifecycle policy

TechCorp Solutions has a lifecycle policy on their backup container:

  • Blobs move from Hot β†’ Cool after 30 days
  • Cool β†’ Cold after 90 days
  • Cold β†’ Archive after 180 days
  • Delete after 2,555 days (7 years β€” legal retention)
  • Previous versions deleted after 60 days
  • Snapshots deleted after 90 days

This runs automatically every day. Alex doesn’t touch it β€” the data just flows through the tiers.

Soft delete

Soft delete protects against accidental deletion by retaining deleted blobs and containers for a configurable period.

Two types:

  • Blob soft delete β€” retains deleted blobs and overwritten blobs for N days (1-365)
  • Container soft delete β€” retains deleted containers for N days (1-365)

During the retention period, you can restore (undelete) the blob or container. After the retention period, the data is permanently removed.

Important: Soft delete does NOT protect against storage account deletion. If the entire storage account is deleted, soft-deleted blobs go with it.

Snapshots and versioning

Snapshots are read-only copies of a blob at a specific point in time. You manually create them, and they capture the entire blob state.

Versioning automatically creates a new version every time a blob is modified or overwritten. Previous versions are retained and can be accessed or restored.

Snapshots vs Versioning
FeatureSnapshotsVersioning
CreatedManually (API call or portal)Automatically on every write/overwrite
Read accessYes β€” read-only copyYes β€” previous versions are readable
Use casePoint-in-time backup before changesContinuous change tracking and protection
Storage costCharged for unique data onlyCharged for unique data in each version
RestoreCopy snapshot over current blobPromote a previous version to current
πŸ’‘ Exam tip: Versioning + soft delete = maximum protection

The exam often tests the combination: enable blob versioning (automatic versions on every write) + blob soft delete (retain deleted blobs). Together, they protect against both accidental overwrites and accidental deletions. This is Microsoft’s recommended configuration for important data.

Object replication

Object replication asynchronously copies blobs from a source container to a destination container in a different storage account (same or different region).

Use cases:

  • Latency reduction β€” replicate data closer to users in different regions
  • Compute efficiency β€” process data in a different region without cross-region transfer
  • Data distribution β€” replicate data to partners or branch offices

Requirements:

  • Blob versioning must be enabled on both source and destination accounts
  • Change feed must be enabled on both accounts
  • The storage accounts can be in different regions
  • Replication is asynchronous (not instant)
  • Only block blobs are supported
Question

What is the difference between blob soft delete and container soft delete?

Click or press Enter to reveal answer

Answer

Blob soft delete retains individual deleted/overwritten blobs for a configurable retention period. Container soft delete retains entire deleted containers. Both are independent settings and both should be enabled for maximum protection.

Click to flip back
Question

What is a blob lifecycle management policy?

Click or press Enter to reveal answer

Answer

A rule-based automation that transitions blobs between access tiers (Hot to Cool to Cold to Archive) and deletes them based on age criteria (last modified date, creation date, or last access time). It runs daily and can target base blobs, snapshots, and versions separately.

Click to flip back
Question

What is required on both storage accounts for object replication to work?

Click or press Enter to reveal answer

Answer

Blob versioning AND change feed must be enabled on BOTH the source and destination storage accounts. Additionally, only block blobs are supported, and the replication is asynchronous.

Click to flip back

Knowledge check

Knowledge Check

TechCorp Solutions wants to automatically move blobs to the Cool tier after 30 days and delete them after 1 year. What should Alex configure?
Knowledge Check

CloudFirst Labs accidentally deleted an important blob 3 days ago. Blob soft delete is enabled with a 7-day retention period. What can they do?

🎬 Video coming soon

← Previous

Blob Containers & Storage Tiers

Next β†’

Azure Files: Shares, Snapshots & Recovery

Guided

I learn, I simplify, I share.

A Guide to Cloud YouTube Feedback

© 2026 Sutheesh. All rights reserved.

Guided is an independent study resource and is not affiliated with, endorsed by, or officially connected to Microsoft. Microsoft, Azure, and related trademarks are property of Microsoft Corporation. Always verify information against Microsoft Learn.