You can use the Azure Immutable Blob (WORM) Storage by creating a Rule and an Action in Governance Services.
WORM storage (Immutable Blob Storage) is an Azure Blob Storage capability allows you to store objects using the write once, read many (WORM) model. Records moved to WORM storage use an Azure Blob Storage Container that is configured to support object locking . The movement of records is controlled through record folder rules and actions. You use the WORM model where it is a requirement that your data is not changed once it has been written to disk. This may be a requirement of yours due to regulatory compliance in the governmental, financial, or healthcare sectors.
The movement of records to WORM storage and through to disposition can be fully automated. A folder rule is configured to test records for the classification that requires WORM storage. This may be based on when a records enters a folder or complex meta data conditions. When triggered the rule causes the Object Lock action to be initiated in Azure Blob Storage. This action is configured with the required WORM retention period in days. For records that are moved to WORM locked storage any retention schedules that may have been applied are interrupted. At the end of the required retention period in WORM storage the records are automatically returned to the original default Azure Blob container to allow normal record operations to re-commence, including the application of retention schedules and disposition.
While retained in WORM storage additional controls are applied to prevent any user including administrators from deleting the records. Adding records to one or more legal holds during the WORM storage retention period causes the Azure Blob Storage legal hold flag to be set on the record in Azure Blob Storage. This prevents deletion or editing of the record in Azure Blob Storage even if the WORM retention period has expired. Once the record has been removed from all legal holds it was added to, the legal hold flag is cleared and the record can be removed from the WORM container once the retention period has expired.
There is some configuration required before you can use this feature. For more see Configuring a storage account and creating a storage container in Azure for use as WORM storage.
Once you have created the container in Azure Blob Storage for use as WORM storage you can use it as storage. For more see Using WORM storageusing.
Although the content of a WORM-locked record will be protected against modifications, any copies of WORM-locked records in other record folders will be stored using the rules for that folder. Consequently, copies of records may not be protected by the same restrictions.
You are unable to reject a Record that is stored in WORM storage and you can’t move Records that are stored in WORM storage.