Merge pull request #274157 from normesta/inventory

Updating inventory docs to include last access time tracking and enab…

Author: JamesJBarnett

articles/storage/blobs/blob-inventory-how-to.md

@@ -5,10 +5,9 @@ services: storage
 author: normesta
 
 ms.service: azure-blob-storage
-ms.date: 02/24/2023
+ms.date: 05/02/2024
 ms.topic: how-to
 ms.author: normesta
-ms.reviewer: klaasl
 ms.devlang: powershell
 # ms.devlang: powershell, azurecli
 ms.custom: devx-track-azurepowershell, devx-track-azurecli
@@ -51,11 +50,12 @@ Enable blob inventory reports by adding a policy with one or more rules to your
 
 9. Choose how often you want to generate reports.
 
-9. Optionally, add a prefix match to filter blobs in your inventory report.
+10. Optionally, add a prefix match to filter blobs in your inventory report.
 
-10. Select **Save**.
+11. Select **Save**.
 
-    :::image type="content" source="./media/blob-inventory-how-to/portal-blob-inventory.png" alt-text="Screenshot showing how to add a blob inventory rule by using the Azure portal":::
+    > [!div class="mx-imgBorder"]
+    > ![Screenshot showing how to add a blob inventory rule by using the Azure portal.](./media/blob-inventory-how-to/portal-blob-inventory.png)
 
 ### [PowerShell](#tab/azure-powershell)
 
@@ -188,6 +188,52 @@ You can add, edit, or remove a policy via the [Azure CLI](/cli/azure/).
 
 ---
 
+## Disable inventory reports
+
+While you can disable individual reports, you can also prevent blob inventory from running at all.
+
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+
+2. Locate your storage account and display the account overview.
+
+3. Under **Data management**, select **Blob inventory**.
+
+4. Select **Blob inventory settings**, and in the **Blob inventory settings** pane, clear the **Enable blob inventory** checkbox, and then select **Save**.
+
+   > [!div class="mx-imgBorder"]
+   > ![Screenshot showing the Enable blob inventory checkbox in the Azure portal.](./media/blob-inventory-how-to/portal-blob-inventory-disable.png)
+
+   Clearing the **Enable blob inventory** checkbox suspends all blob inventory runs. You can select this checkbox later if you want to resume inventory runs.
+
+## Optionally enable access time tracking
+
+You can choose to enable blob access time tracking. When access time tracking is enabled, inventory reports will include the **LastAccessTime** field based on the time that the blob was last accessed with a read or write operation. To minimize the effect on read access latency, only the first read of the last 24 hours updates the last access time. Subsequent reads in the same 24-hour period don't update the last access time. If a blob is modified between reads, the last access time is the more recent of the two values.
+
+### [Portal](#tab/azure-portal)
+
+To enable last access time tracking with the Azure portal, follow these steps:
+
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+
+2. Locate your storage account and display the account overview.
+
+3. Under **Data management**, select **Blob inventory**.
+
+4. Select **Blob inventory settings**, and in the **Blob inventory settings** pane, select the **Enable last access tracking** checkbox.
+
+   > [!div class="mx-imgBorder"]
+   > ![Screenshot showing how to enable last access time tracking of the blob inventory settings by using the Azure portal.](./media/blob-inventory-how-to/portal-blob-inventory-last-access-time.png)
+
+### [PowerShell](#tab/azure-powershell)
+
+[!INCLUDE [azure-storage-set-last-access-time-powershell](../../../includes/azure-storage-set-last-access-time-powershell.md)]
+
+### [Azure CLI](#tab/azure-cli)
+
+[!INCLUDE [azure-storage-set-last-access-time-azure-cli](../../../includes/azure-storage-set-last-access-time-azure-cli.md)]
+
+---
+
 ## Next steps
 
 - [Calculate the count and total size of blobs per container](calculate-blob-count-size.yml)

articles/storage/blobs/blob-inventory.md

@@ -94,7 +94,7 @@ Each rule within the policy has several parameters:
 | name | string | A rule name can include up to 256 case-sensitive alphanumeric characters. The name must be unique within a policy. | Yes |
 | enabled | boolean | A flag allowing a rule to be enabled or disabled. The default value is **true**. | Yes |
 | definition | JSON inventory rule definition | Each definition is made up of a rule filter set. | Yes |
-| destination | string | The destination container where all inventory files will be generated. The destination container must already exist. |
+| destination | string | The destination container where all inventory files are generated. The destination container must already exist. |
 
 The global **Blob inventory enabled** flag takes precedence over the *enabled* parameter in a rule.
 
@@ -115,7 +115,7 @@ Several filters are available for customizing a blob inventory report:
 | Filter name | Filter type | Notes | Required? |
 |--|--|--|--|
 | blobTypes | Array of predefined enum values | Valid values are `blockBlob` and `appendBlob` for hierarchical namespace enabled accounts, and `blockBlob`, `appendBlob`, and `pageBlob` for other accounts. This field isn't applicable for inventory on a container, (objectType: `container`). | Yes |
-| creationTime | Number |  Specifies the number of days ago within which the blob must have been created. For example, a value of `3` includes in the report only those blobs which were created in the last 3 days. | No |
+| creationTime | Number |  Specifies the number of days ago within which the blob must have been created. For example, a value of `3` includes in the report only those blobs, which were created in the last three days. | No |
 | prefixMatch | Array of up to 10 strings for prefixes to be matched. | If you don't define *prefixMatch* or provide an empty prefix, the rule applies to all blobs within the storage account. A prefix must be a container name prefix or a container name. For example, `container`, `container1/foo`. | No |
 | excludePrefix | Array of up to 10 strings for prefixes to be excluded. | Specifies the blob paths to exclude from the inventory report.<br><br>An *excludePrefix* must be a container name prefix or a container name. An empty *excludePrefix* would mean that all blobs with names matching any *prefixMatch* string will be listed.<br><br>If you want to include a certain prefix, but exclude some specific subset from it, then you could use the excludePrefix filter. For example, if you want to include all blobs under `container-a` except those under the folder `container-a/folder`, then *prefixMatch* should be set to `container-a` and *excludePrefix* should be set to `container-a/folder`. | No |
 | includeSnapshots | boolean | Specifies whether the inventory should include snapshots. Default is `false`. This field isn't applicable for inventory on a container, (objectType: `container`). | No |
@@ -227,7 +227,7 @@ View the JSON for inventory rules by selecting the **Code view** tab in the **Bl
 | IncrementalCopy | ![Yes](../media/icons/yes-icon.png) | ![Yes](../media/icons/yes-icon.png) | 
 | x-ms-blob-sequence-number | ![Yes](../media/icons/yes-icon.png) | ![No](../media/icons/no-icon.png) | 
 
-<sup>1</sup> Disabled by default. [Optionally enable access time tracking](lifecycle-management-policy-configure.md#optionally-enable-access-time-tracking).
+<sup>1</sup> Disabled by default. [Optionally enable access time tracking](blob-inventory-how-to.md#optionally-enable-access-time-tracking).
 
 ### Custom schema fields supported for container inventory
 
@@ -249,8 +249,8 @@ View the JSON for inventory rules by selecting the **Code view** tab in the **Bl
 | HasImmutabilityPolicy  | ![Yes](../media/icons/yes-icon.png) | ![Yes](../media/icons/yes-icon.png) |
 | HasLegalHold  | ![Yes](../media/icons/yes-icon.png) | ![Yes](../media/icons/yes-icon.png) |
 | ImmutableStorageWithVersioningEnabled  | ![Yes](../media/icons/yes-icon.png) | ![Yes](../media/icons/yes-icon.png) | 
-| Deleted (Will appear only if include deleted containers is selected)  | ![Yes](../media/icons/yes-icon.png) | ![Yes](../media/icons/yes-icon.png) | 
-| Version (Will appear only if include deleted containers is selected)  | ![Yes](../media/icons/yes-icon.png) | ![Yes](../media/icons/yes-icon.png) | 
+| Deleted (Appears only if include deleted containers is selected)  | ![Yes](../media/icons/yes-icon.png) | ![Yes](../media/icons/yes-icon.png) | 
+| Version (Appears only if include deleted containers is selected)  | ![Yes](../media/icons/yes-icon.png) | ![Yes](../media/icons/yes-icon.png) | 
 | DeletedTime (Will appear only if include deleted containers is selected)  | ![Yes](../media/icons/yes-icon.png) | ![Yes](../media/icons/yes-icon.png) | 
 | RemainingRetentionDays (Will appear only if include deleted containers is selected)  | ![Yes](../media/icons/yes-icon.png) | ![Yes](../media/icons/yes-icon.png) | 
 
@@ -415,7 +415,7 @@ An inventory job can take a longer amount of time in these cases:
 
   An inventory job might take more than one day to complete for hierarchical namespace enabled accounts that have hundreds of millions of blobs. Sometimes the inventory job fails and doesn't create an inventory file. If a job doesn't complete successfully, check subsequent jobs to see if they're complete before contacting support.
 
-- There is no option to generate a report retrospectively for a particular date.
+- There's no option to generate a report retrospectively for a particular date.
 
 ### Inventory jobs can't write reports to containers that have an object replication policy
 
@@ -427,7 +427,7 @@ You can't configure an inventory policy in the account if support for version-le
 
 ### Reports might exclude soft-deleted blobs in accounts that have a hierarchical namespace
 
-If a container or directory is deleted with soft-delete enabled, then the container or directory and all its contents are marked as soft-deleted. However, only the container or directory (reported as a zero-length blob) appears in an inventory report and not the soft-deleted blobs in that container or directory even if you set the `includeDeleted` field of the policy to **true**.  This can lead to a difference between what appears in capacity metrics that you obtain in the Azure Portal and what is reported by an inventory report. 
+If a container or directory is deleted with soft-delete enabled, then the container or directory and all its contents are marked as soft-deleted. However, only the container or directory (reported as a zero-length blob) appears in an inventory report and not the soft-deleted blobs in that container or directory even if you set the `includeDeleted` field of the policy to **true**.  This can lead to a difference between what appears in capacity metrics that you obtain in the Azure portal and what is reported by an inventory report. 
 
 Only blobs that are explicitly deleted appear in reports. Therefore, to obtain a complete listing of all soft-deleted blobs (directory and all child blobs), workloads should delete each blob in a directory before deleting the directory itself.
 

articles/storage/blobs/lifecycle-management-policy-configure.md

@@ -23,17 +23,17 @@ A lifecycle management policy is composed of one or more rules that define a set
 - The number of days since the blob was last modified.
 - The number of days since the blob was last accessed. To use this condition in an action, you should first [optionally enable last access time tracking](#optionally-enable-access-time-tracking).
 
-When the selected condition is true, then the management policy performs the specified action. For example, if you have defined an action to move a blob from the hot tier to the cool tier if it has not been modified for 30 days, then the lifecycle management policy will move the blob 30 days after the last write operation to that blob.
+When the selected condition is true, then the management policy performs the specified action. For example, if you have defined an action to move a blob from the hot tier to the cool tier if it hasn't been modified for 30 days, then the lifecycle management policy will move the blob 30 days after the last write operation to that blob.
 
 For a blob snapshot or version, the condition that is checked is the number of days since the snapshot or version was created.
 
 ## Optionally enable access time tracking
 
 Before you configure a lifecycle management policy, you can choose to enable blob access time tracking. When access time tracking is enabled, a lifecycle management policy can include an action based on the time that the blob was last accessed with a read or write operation. To minimize the effect on read access latency, only the first read of the last 24 hours updates the last access time. Subsequent reads in the same 24-hour period don't update the last access time. If a blob is modified between reads, the last access time is the more recent of the two values.
 
-If [last access time tracking](lifecycle-management-overview.md#move-data-based-on-last-accessed-time) is not enabled, **daysAfterLastAccessTimeGreaterThan** uses the date the lifecycle policy was enabled instead of the `LastAccessTime` property of the blob. This date is also used when the `LastAccessTime` property is a null value. For more information about using last access time tracking, see [Move data based on last accessed time](lifecycle-management-overview.md#move-data-based-on-last-accessed-time).
+If [last access time tracking](lifecycle-management-overview.md#move-data-based-on-last-accessed-time) isn't enabled, **daysAfterLastAccessTimeGreaterThan** uses the date the lifecycle policy was enabled instead of the `LastAccessTime` property of the blob. This date is also used when the `LastAccessTime` property is a null value. For more information about using last access time tracking, see [Move data based on last accessed time](lifecycle-management-overview.md#move-data-based-on-last-accessed-time).
 
-#### [Portal](#tab/azure-portal)
+### [Portal](#tab/azure-portal)
 
 To enable last access time tracking with the Azure portal, follow these steps:
 
@@ -44,34 +44,17 @@ To enable last access time tracking with the Azure portal, follow these steps:
    > [!div class="mx-imgBorder"]
    > ![Screenshot showing how to enable last access tracking in Azure portal.](media/lifecycle-management-policy-configure/last-access-tracking-enable.png)
 
-#### [PowerShell](#tab/azure-powershell)
+### [PowerShell](#tab/azure-powershell)
 
-To enable last access time tracking with PowerShell, call the [Enable-AzStorageBlobLastAccessTimeTracking](/powershell/module/az.storage/enable-azstoragebloblastaccesstimetracking) command, as shown in the following example. Remember to replace placeholder values in angle brackets with your own values:
+[!INCLUDE [azure-storage-set-last-access-time-powershell](../../../includes/azure-storage-set-last-access-time-powershell.md)]
 
-```powershell
-# Initialize these variables with your values.
-$rgName = "<resource-group>"
-$accountName = "<storage-account>"
+### [Azure CLI](#tab/azure-cli)
 
-Enable-AzStorageBlobLastAccessTimeTracking  -ResourceGroupName $rgName `
-    -StorageAccountName $accountName `
-    -PassThru
-```
-
-#### [Azure CLI](#tab/azure-cli)
+[!INCLUDE [azure-storage-set-last-access-time-azure-cli](../../../includes/azure-storage-set-last-access-time-azure-cli.md)]
 
-To enable last access time tracking with Azure CLI, call the [az storage account blob-service-properties update](/cli/azure/storage/account/blob-service-properties#az-storage-account-blob-service-properties-update) command, as shown in the following example. Remember to replace placeholder values in angle brackets with your own values:
-
-```azurecli
-az storage account blob-service-properties update \
-    --resource-group <resource-group> \
-    --account-name <storage-account> \
-    --enable-last-access-tracking true
-```
-
-# [Template](#tab/template)
+### [Template](#tab/template)
 
-To enable last access time tracking for a new or existing storage account with an Azure Resource Manager template, include the **lastAccessTimeTrackingPolicy** object in the template definition. For details, see the [Microsoft.Storage/storageAccounts/blobServices 2021-02-01 - Bicep & ARM template reference](/azure/templates/microsoft.storage/2021-02-01/storageaccounts/blobservices?tabs=json). The **lastAccessTimeTrackingPolicy** object is available in the Azure Storage Resource Provider REST API for versions 2019-06-01 and later.
+[!INCLUDE [azure-storage-set-last-access-time-template](../../../includes/azure-storage-set-last-access-time-template.md)]
 
 ---
 
@@ -110,7 +93,7 @@ There are two ways to add a policy through the Azure portal.
 
 1. Select **Add** to add the new policy.
 
-Keep in mind that a lifecycle management policy will not delete the current version of a blob until any previous versions or snapshots associated with that blob have been deleted. If blobs in your storage account have previous versions or snapshots, then you should select **Base blobs**, **Snapshots**, and **Versions** in the **Blob Subtype** section when you are specifying a delete action as part of the policy.
+Keep in mind that a lifecycle management policy won't delete the current version of a blob until any previous versions or snapshots associated with that blob are deleted. If blobs in your storage account have previous versions or snapshots, then you should select **Base blobs**, **Snapshots**, and **Versions** in the **Blob Subtype** section when you're specifying a delete action as part of the policy.
 
 #### Code view
 

articles/storage/blobs/media/blob-inventory-how-to/portal-blob-inventory-disable.png

@@ -0,0 +1,16 @@
+---
+ author: normesta
+ ms.service: storage
+ ms.topic: include
+ ms.date: 05/02/2024
+ ms.author: normesta
+---
+
+To enable last access time tracking with Azure CLI, call the [az storage account blob-service-properties update](/cli/azure/storage/account/blob-service-properties#az-storage-account-blob-service-properties-update) command, as shown in the following example. Remember to replace placeholder values in angle brackets with your own values:
+
+```azurecli
+az storage account blob-service-properties update \
+    --resource-group <resource-group> \
+    --account-name <storage-account> \
+    --enable-last-access-tracking true
+```

articles/storage/blobs/media/blob-inventory-how-to/portal-blob-inventory-enable.png

@@ -0,0 +1,19 @@
+---
+ author: normesta
+ ms.service: storage
+ ms.topic: include
+ ms.date: 05/02/2024
+ ms.author: normesta
+---
+
+To enable last access time tracking with PowerShell, call the [Enable-AzStorageBlobLastAccessTimeTracking](/powershell/module/az.storage/enable-azstoragebloblastaccesstimetracking) command, as shown in the following example. Remember to replace placeholder values in angle brackets with your own values:
+
+```powershell
+# Initialize these variables with your values.
+$rgName = "<resource-group>"
+$accountName = "<storage-account>"
+
+Enable-AzStorageBlobLastAccessTimeTracking  -ResourceGroupName $rgName `
+    -StorageAccountName $accountName `
+    -PassThru
+```

articles/storage/blobs/media/blob-inventory-how-to/portal-blob-inventory-last-access-time.png

@@ -0,0 +1,9 @@
+---
+ author: normesta
+ ms.service: storage
+ ms.topic: include
+ ms.date: 05/02/2024
+ ms.author: normesta
+---
+
+To enable last access time tracking for a new or existing storage account with an Azure Resource Manager template, include the **lastAccessTimeTrackingPolicy** object in the template definition. For details, see the [Microsoft.Storage/storageAccounts/blobServices 2021-02-01 - Bicep & ARM template reference](/azure/templates/microsoft.storage/2021-02-01/storageaccounts/blobservices?tabs=json). The **lastAccessTimeTrackingPolicy** object is available in the Azure Storage Resource Provider REST API for versions 2019-06-01 and later.