Share via

Locked immutability policy preventing container deletion

Passkey-Noah 0 Reputation points
2025-10-21T21:38:40.58+00:00

We’re unable to delete an Azure Blob container due to an active locked immutability policy.

This immutability policy appears to have been locked inadvertently during testing and now prevents container deletion.The data in this container is non-regulated test/backup data.

We need the immutability policy removed or overridden so we can delete the container and reclaim storage.

Unfortunately, we do not have any paid subscription service for support, just the basic support.

How should I proceed?

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jerald Felix MCT 8,230 Reputation points
    2025-10-22T03:02:34.1466667+00:00

    Hello Passkey-Noah,

    Oof, this is a tough one. Once an immutability policy is locked on a blob container, Azure is pretty serious about enforcing it - that's kind of the whole point of immutability (think compliance requirements like WORM for financial/legal data).

    Here's the bad news: You can't delete or override a locked immutability policy. That's by design. Even Microsoft support can't do it for you - it's a security feature.

    But here's what you CAN do:

    Wait it out

    If the policy has a retention period (like "retain for 7 years"), you have to wait until that period expires for each blob before you can delete them. Once all the blobs expire and are deleted, the container can be removed.

    Check what type of policy it is:

    • Go to your container in Azure Portal
    • Look at the immutability policy settings
    • See if there's an expiration date

    If you absolutely need the storage space back now:

    Since you only have basic support, your options are limited, but try:

    1. Stop writing new data to that container immediately
    2. Create a NEW container for your ongoing work
    3. Let the old container sit there until the retention expires
    4. Mark it clearly so no one tries to use it (rename it to something like "locked-do-not-use-expires-2030")

    The nuclear option (if you're desperate):

    You could potentially delete the entire storage account, but that's obviously extreme and would take down everything else in it too. Only consider this if:

    • The container is the only thing in the storage account
    • You absolutely can't wait
    • You've backed up anything you need

    How did this happen?

    If this was locked "inadvertently during testing" as you mentioned, someone probably set a time-based retention policy and then locked it thinking they could unlock it later. Unfortunately, once it's locked, it's locked for good.

    Going forward: Never lock an immutability policy unless you're 100% sure. Use unlocked policies for testing.

    Sorry I don't have better news - this is one of those "designed to be painful" features for compliance reasons.

    Best Regards,

    Jerald Felix

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.