Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The storageAccounts/blobServices/containers/immutabilityPolicies resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies@2025-06-01' = {
  parent: resourceSymbolicName
  name: 'default'
  properties: {
    allowProtectedAppendWrites: bool
    allowProtectedAppendWritesAll: bool
    immutabilityPeriodSinceCreationInDays: int
  }
}
Property Values
Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies
| Name | Description | Value | 
|---|---|---|
| name | The resource name | 'default' (required) | 
| parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. | Symbolic name for resource of type: storageAccounts/blobServices/containers | 
| properties | The properties of an ImmutabilityPolicy of a blob container. | ImmutabilityPolicyProperty (required) | 
ImmutabilityPolicyProperty
| Name | Description | Value | 
|---|---|---|
| allowProtectedAppendWrites | This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. | bool | 
| allowProtectedAppendWritesAll | This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both 'Append and Bock Blobs' while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The 'allowProtectedAppendWrites' and 'allowProtectedAppendWritesAll' properties are mutually exclusive. | bool | 
| immutabilityPeriodSinceCreationInDays | The immutability period for the blobs in the container since the policy creation, in days. | int | 
ARM template resource definition
The storageAccounts/blobServices/containers/immutabilityPolicies resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies resource, add the following JSON to your template.
{
  "type": "Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies",
  "apiVersion": "2025-06-01",
  "name": "string",
  "properties": {
    "allowProtectedAppendWrites": "bool",
    "allowProtectedAppendWritesAll": "bool",
    "immutabilityPeriodSinceCreationInDays": "int"
  }
}
Property Values
Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies
| Name | Description | Value | 
|---|---|---|
| apiVersion | The api version | '2025-06-01' | 
| name | The resource name | 'default' (required) | 
| properties | The properties of an ImmutabilityPolicy of a blob container. | ImmutabilityPolicyProperty (required) | 
| type | The resource type | 'Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies' | 
ImmutabilityPolicyProperty
| Name | Description | Value | 
|---|---|---|
| allowProtectedAppendWrites | This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. | bool | 
| allowProtectedAppendWritesAll | This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both 'Append and Bock Blobs' while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The 'allowProtectedAppendWrites' and 'allowProtectedAppendWritesAll' properties are mutually exclusive. | bool | 
| immutabilityPeriodSinceCreationInDays | The immutability period for the blobs in the container since the policy creation, in days. | int | 
Usage Examples
Terraform (AzAPI provider) resource definition
The storageAccounts/blobServices/containers/immutabilityPolicies resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies@2025-06-01"
  name = "string"
  parent_id = "string"
  body = {
    properties = {
      allowProtectedAppendWrites = bool
      allowProtectedAppendWritesAll = bool
      immutabilityPeriodSinceCreationInDays = int
    }
  }
}
Property Values
Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies
| Name | Description | Value | 
|---|---|---|
| name | The resource name | 'default' (required) | 
| parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: storageAccounts/blobServices/containers | 
| properties | The properties of an ImmutabilityPolicy of a blob container. | ImmutabilityPolicyProperty (required) | 
| type | The resource type | "Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies@2025-06-01" | 
ImmutabilityPolicyProperty
| Name | Description | Value | 
|---|---|---|
| allowProtectedAppendWrites | This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. | bool | 
| allowProtectedAppendWritesAll | This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both 'Append and Bock Blobs' while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The 'allowProtectedAppendWrites' and 'allowProtectedAppendWritesAll' properties are mutually exclusive. | bool | 
| immutabilityPeriodSinceCreationInDays | The immutability period for the blobs in the container since the policy creation, in days. | int | 
Usage Examples
Terraform Samples
A basic example of deploying Immutability Policy for a Container within an Azure Storage Account.
terraform {
  required_providers {
    azapi = {
      source = "Azure/azapi"
    }
  }
}
provider "azapi" {
  skip_provider_registration = false
}
variable "resource_name" {
  type    = string
  default = "acctest0001"
}
variable "location" {
  type    = string
  default = "westeurope"
}
resource "azapi_resource" "resourceGroup" {
  type     = "Microsoft.Resources/resourceGroups@2020-06-01"
  name     = var.resource_name
  location = var.location
}
resource "azapi_resource" "storageAccount" {
  type      = "Microsoft.Storage/storageAccounts@2021-09-01"
  parent_id = azapi_resource.resourceGroup.id
  name      = var.resource_name
  location  = var.location
  body = {
    properties = {
    }
    sku = {
      name = "Standard_LRS"
    }
  }
  schema_validation_enabled = false
  response_export_values    = ["*"]
}
data "azapi_resource_action" "listKeys" {
  type                   = "Microsoft.Storage/storageAccounts@2022-09-01"
  resource_id            = azapi_resource.storageAccount.id
  action                 = "listKeys"
  response_export_values = ["*"]
}
data "azapi_resource" "blobService" {
  type      = "Microsoft.Storage/storageAccounts/blobServices@2022-09-01"
  parent_id = azapi_resource.storageAccount.id
  name      = "default"
}
resource "azapi_resource" "container" {
  type      = "Microsoft.Storage/storageAccounts/blobServices/containers@2022-09-01"
  name      = var.resource_name
  parent_id = data.azapi_resource.blobService.id
  body = {
    properties = {
      metadata = {
        key = "value"
      }
    }
  }
  response_export_values = ["*"]
}
resource "azapi_update_resource" "immutabilityPolicy" {
  type      = "Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies@2023-05-01"
  name      = "default"
  parent_id = azapi_resource.container.id
  body = {
    properties = {
      allowProtectedAppendWrites            = false
      immutabilityPeriodSinceCreationInDays = 4
    }
  }
}