MicrosoftDocs
diff --git a/‎articles/backup/backup-azure-security-feature-cloud.md
Lines changed: 5 additions & 1 deletion b/‎articles/backup/backup-azure-security-feature-cloud.md
Lines changed: 5 additions & 1 deletion
diff --git a/‎articles/backup/powershell-backup-samples.md
Lines changed: 2 additions & 0 deletions b/‎articles/backup/powershell-backup-samples.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎articles/backup/scripts/backup-powershell-script-undelete-file-share.md
Lines changed: 207 additions & 0 deletions b/‎articles/backup/scripts/backup-powershell-script-undelete-file-share.md
Lines changed: 207 additions & 0 deletions
diff --git a/‎articles/backup/scripts/disable-soft-delete-for-file-shares.md
Lines changed: 121 additions & 0 deletions b/‎articles/backup/scripts/disable-soft-delete-for-file-shares.md
Lines changed: 121 additions & 0 deletions
@@ -10,7 +10,11 @@ Concerns about security issues, like malware, ransomware, and intrusion, are inc
 
 One such feature is soft delete. With soft delete, even if a malicious actor deletes a backup (or backup data is accidentally deleted), the backup data is retained for 14 additional days, allowing the recovery of that backup item with no data loss. The additional 14 days retention of backup data in the "soft delete" state don't incur any cost to the customer.
 
-[Soft delete protection for Azure virtual machines](soft-delete-virtual-machines.md) and [Soft delete for SQL server in Azure VM and soft delete for SAP HANA in Azure VM workloads](soft-delete-sql-saphana-in-azure-vm.md) are available to everyone.
+Soft delete protection is available for these services:
+
+- [Soft delete for Azure virtual machines](soft-delete-virtual-machines.md)
+- [Soft delete for SQL server in Azure VM and soft delete for SAP HANA in Azure VM workloads](soft-delete-sql-saphana-in-azure-vm.md)
+- [Soft delete for Azure file shares](soft-delete-afs.md)
 
 This flow chart shows the different steps and states of a backup item when Soft Delete is enabled:
 
 
@@ -13,3 +13,5 @@ The following table links to PowerShell script samples that use Azure Backup to
 |---|---|
 | [Back up an encrypted virtual machine to Azure](./scripts/backup-powershell-sample-backup-encrypted-vm.md) | Back up all data on the encrypted virtual machine.|
 | [Find Registered Storage Account](./scripts/backup-powershell-script-find-recovery-services-vault.md) | Find the recovery services vault where the storage account is registered |
+| [Disable Soft delete for File Shares in a Storage Account](./scripts/disable-soft-delete-for-file-shares.md) | Disable Soft delete for File Shares in a Storage Account|
+| [Undelete accidentally deleted File share](./scripts/backup-powershell-script-undelete-file-share.md) | Undelete accidentally deleted File share |
@@ -0,0 +1,207 @@
+---
+title: PowerShell Script - Undelete a deleted File share
+description: Learn how to use an Azure PowerShell script to undelete an accidentally deleted File share.
+ms.topic: sample
+ms.date: 02/02/2020
+---
+
+# Powershell script to undelete an accidentally deleted File share
+
+This script helps you to undelete a file share, if you deleted it accidentally. The soft delete security feature for file shares provides you the option of undeleting a file share within the 14 days retention period, allowing recovery of all your file share contents, snapshots, and recovery points. To learn more about soft delete, visit this [link](../soft-delete-afs.md).
+
+## Sample script
+
+```powershell
+#Import-Module Az.Storage -MinimumVersion 1.7.0 -Scope Local
+Param(
+        [Parameter(Mandatory=$True)][System.String] $ResourceGroupName,
+        [Parameter(Mandatory=$True)][System.String] $StorageAccountName,
+        [Parameter(Mandatory=$True)][System.String] $FileShareName,
+        [Parameter(Mandatory=$True)][System.String] $SubscriptionId,
+        [Parameter(Mandatory=$False)][System.Boolean] $ListOption,
+        [Parameter(Mandatory=$False)][System.String] $DeletedShareVersion
+    )
+
+Function Restore-DeletedFileShare
+{
+    Param(
+        [Parameter(Mandatory=$True)][Microsoft.WindowsAzure.Commands.Common.Storage.LazyAzureStorageContext] $Context,
+        [Parameter(Mandatory=$True)][System.String] $FileShareName,
+        [Parameter(Mandatory=$False)][System.String] $DeletedShareVersion
+        )
+
+    if ([string]::IsNullOrWhiteSpace($FileShareName))
+    {
+        Write-Error "Please specify the required input parameter: FileShareName" -ErrorAction Stop
+    }
+
+    $FileShareName = $FileShareName.ToLowerInvariant()
+
+    Write-Verbose "Restoring a file share with the name: $FileShareName" -Verbose
+
+
+    Write-Information -MessageData "Started: Creating SASToken to List File Shares" -InformationAction Continue
+
+    $listToken = New-AzStorageAccountSASToken -Context $Context -Service File -ResourceType Service -Permission "l" -Protocol HttpsOrHttp -StartTime (Get-Date).AddHours(-1) -ExpiryTime (Get-Date).AddHours(1)
+
+    Write-Information -MessageData "Completed: Creating SASToken to List File Shares" -InformationAction Continue
+
+    Write-Information -MessageData "Started: Listing File Shares to find the deleted file share" -InformationAction Continue
+
+    $listSharesUrl = [string]::Concat($Context.FileEndPoint, "?include=metadata,deleted&comp=list&api-version=2019-10-10&", $listToken.Substring(1))
+
+    $listSharesResponse = Invoke-WebRequest $listSharesUrl -Method "GET" -Verbose
+
+    if ($listSharesResponse.StatusCode -ne 200)
+    {
+        Write-Error "Request to list file shares failed." -ErrorAction Stop
+    }
+
+    Write-Verbose $listSharesResponse.RawContent -Verbose
+
+    $listSharesResponseContent = $listSharesResponse.Content.Substring(3)
+
+    Write-Information -MessageData "Completed: Listing File Shares to find the deleted file share" -InformationAction Continue
+
+    Write-Information -MessageData "Started: Search for a deleted file share with the specified name" -InformationAction Continue
+
+    $deletedFileShares = Select-Xml -Content $listSharesResponseContent -XPath "/EnumerationResults/Shares/Share[Deleted=""true"" and Name=""$FileShareName""]"
+
+    $matchedCount = 0
+    $deletedShareVersions = New-Object System.Collections.Generic.List[string]
+
+    foreach($share in $deletedFileShares)
+    {
+        if($matchedCount -eq 0)
+        {
+          Write-Verbose $share.Node.InnerXml -Verbose
+
+          Write-Information -MessageData "Completed: Search for a deleted file share with the specified name And Found versions" -InformationAction Continue
+        }
+
+        $shareVer = $share.Node.Item("Version").InnerText
+        $shareDelTime = $share.Node.Item("Properties").Item("DeletedTime").InnerText
+        $retDays = $share.Node.Item("Properties").Item("RemainingRetentionDays").InnerText
+
+        $deletedShareVersions.Add($share.Node.Item("Version").InnerText)
+
+        Write-Information -MessageData "DeletedVersion: $shareVer, DeletedTime: $shareDelTime, RemainingRetentionDays: $retDays"  -InformationAction Continue
+
+        $matchedCount++
+    }
+
+    if($ListOption -eq $True)
+    {
+       return;
+    }
+
+    if ($matchedCount -eq 0)
+    {
+        Write-Error "Deleted file share with the specified name was not found." -ErrorAction Stop
+    }
+    elseif($matchedCount -eq 1 -and ([string]::IsNullOrWhiteSpace($DeletedShareVersion) -or $deletedShareVersions.Contains($DeletedShareVersion)))
+    {
+      $DeletedShareVersion = $deletedShareVersions
+    }
+    elseif ($matchedCount -gt 1)
+    {
+      if ([string]::IsNullOrWhiteSpace($DeletedShareVersion) -or !$deletedShareVersions.Contains($DeletedShareVersion))
+      {
+        Write-Error "More than one share with the specified name was found. Please specify a valid DeletedShareVersion parameter from above possible values." -ErrorAction Stop
+      }
+    }
+
+    Write-Information -MessageData "Completed: Search for a deleted file share with the specified name And Found version: $DeletedShareVersion" -InformationAction Continue
+
+    Write-Information -MessageData "Started: Creating SASToken to Restore File Share" -InformationAction Continue
+
+    $restoreToken = New-AzStorageAccountSASToken -Context $Context -Service File -ResourceType Container -Permission "w" -Protocol HttpsOrHttp -StartTime (Get-Date).AddHours(-1) -ExpiryTime (Get-Date).AddHours(1)
+
+    Write-Information -MessageData "Completed: Creating SASToken to Restore File Share" -InformationAction Continue
+
+    Write-Information -MessageData "Started: Restore File Share" -InformationAction Continue
+
+ $restoreShareUrl = [string]::Concat($Context.FileEndPoint, $FileShareName, "?restype=share&comp=undelete&api-version=2019-10-10&", $restoreToken.Substring(1))
+
+    $restoreHeaders = @{"x-ms-deleted-share-name" = $FileShareName; "x-ms-deleted-share-version" = $DeletedShareVersion}
+
+    $restoreResponse = Invoke-WebRequest $restoreShareUrl -Headers $restoreHeaders -Method "PUT" -Verbose
+
+    if ($restoreResponse.StatusCode -ne 201)
+    {
+        Write-Error "Request to restore a file share failed." -ErrorAction Stop
+    }
+
+    Write-Verbose $restoreResponse.RawContent -Verbose
+
+    Write-Information -MessageData "Completed: Restore File Share" -InformationAction Continue
+}
+
+Connect-AzAccount
+Select-AzSubscription -Subscription $SubscriptionId
+$sa = Get-AzStorageAccount -ResourceGroupName $ResourceGroupName -Name $StorageAccountName
+
+
+Restore-DeletedFileShare $sa.Context $FileShareName $DeletedShareVersion
+```
+
+## How to use the script in different scenarios
+
+### Prerequisites
+
+1. Install the latest Azure PowerShell Az modules from [this link](https://docs.microsoft.com//powershell/azure/install-az-ps?view=azps-3.3.0) before running the script.
+2. Keep the following details handy as you will need to pass them as values for different parameters of the script:
+
+    * **-SubscriptionId** - ID of the subscription where the file share is present.
+    * **-ResourceGroupName** - Resource Group of the Storage Account hosting the file share.
+    * **-StorageAccountName** - Name of the storage account hosting the file share.
+    * **-FileShareName** - Name of the file share to be undeleted
+
+### Execution steps
+
+1. Save the script above on your machine with a name of your choice. In this example, we saved it as *Undelete.ps1*
+2. Run the script according to the scenario that fits your requirements.
+
+#### Scenario 1
+
+There are no multiple deleted versions with the same name as the file share you are trying to undelete.
+
+The following example undeletes the file share *share1* present in storage account *afsshare*.
+
+```powershell
+   .\UnDelete.ps1 -ResourceGroupName afsshare -StorageAccountName afsshare -SubscriptionId f75d8d8b-6735-4697-82e1-1a7a3ff0d5d4 -FileShareName share1
+```
+
+The output should show the message `Completed:Restore File Share`
+
+#### Scenario 2
+
+There are multiple deleted versions with the same name as the fileshare you are trying to undelete.
+
+The following example undeletes a version of the file share *share1*
+
+##### Step 1
+
+Execute the script as follows by providing the file share name.
+
+```PowerShell
+   .\UnDelete.ps1 -ResourceGroupName afsshare -StorageAccountName afsshare -SubscriptionId f75d8d8b-6735-4697-82e1-1a7a3ff0d5d4 -FileShareName share1
+```
+
+```Output
+Completed: Search for a deleted file share with the specified name and Found versions
+DeletedVersion: 01D5D7F77ACC7864, DeletedTime: Fri, 31 Jan 2020 05:30:33 GMT, RemainingRetentionDays: 14
+DeletedVersion: 01D5D7F7A76CAF42, DeletedTime: Fri, 31 Jan 2020 05:31:25 GMT, RemainingRetentionDays: 14
+Restore-DeletedFileShare : More than one share with the specified name was found. Please specify a valid DeletedShareVersion parameter from above possible values.
+```
+
+##### Step 2
+
+Choose the version from the output of step 1 that you want to undelete and pass it as a value for the **-DeletedShareVersion** parameter.
+
+The following example undeletes the *01D5D7F77ACC7864* version of the *share1* file share.
+
+```powershell
+   .\UnDelete.ps1 -ResourceGroupName afsshare-StorageAccountName afsshare -SubscriptionId f75d8d8b-6735-4697-82e1-1a7a3ff0d5d4 -FileShareName share1 -DeletedShareVersion 01D5D7F77ACC7864
+```
+
@@ -0,0 +1,121 @@
+---
+title: Script Sample - Disable Soft delete for File Share
+description: Learn how to use a script to disable soft delete for file shares in a storage account.
+ms.topic: sample
+ms.date: 02/02/2020
+---
+
+# Disable soft delete for file shares in a storage account
+
+This document explains the process to disable soft delete for file shares in a storage account.
+
+Follow these steps:
+
+1. Install armclient. To learn how to install it, visit [this link](https://github.com/projectkudu/ARMClient).
+
+2. Save the following two request body files to a folder on your machine.
+
+    ```json
+    rqbody-enableSoftDelete.json
+
+    {
+    "properties": {
+        "shareDeleteRetentionPolicy": {
+        "enabled":true,
+        "days": 14
+        }
+    },
+    "cors": {
+        "corsRules": []
+    }
+    }
+
+    rqbody-disableSoftDelete.json
+
+    {
+    "properties": {
+        "shareDeleteRetentionPolicy": {
+        "enabled":false,
+        "days": 0
+        }
+    },
+    "cors": {
+        "corsRules": []
+    }
+    }
+    ```
+
+3. Keep your storage account ARM Id handy. For example: `/subscriptions/37aa2d43-d4f5-4322-bae0-6ee11c627f50/resourceGroups/afsshare/providers/Microsoft.Storage/storageAccounts/inquirytest`
+
+4. Sign in using your credentials by running **armclient login**.
+
+5. Get the current soft delete properties of file shares in storage account.
+
+    The following GET operation fetches the soft delete properties for file shares in the *inquirytest* account:
+
+    ```cmd
+    armclient get /subscriptions/37aa2d43-d4f5-4322-bae0-6ee11c627f50/resourceGroups/afsshare /providers/Microsoft.Storage/storageAccounts/inquirytest/fileServices/default?api-version=2019-04-01
+    ```
+
+    ```output
+    {
+    "id": "/subscriptions/37aa2d43-d4f5-4322-bae0-6ee11c627f50/resourceGroups/Bugbash/providers/Microsoft.Storage/storageAccounts/inquirytest/fileServices/de
+    fault",
+    "name": "default",
+    "type": "Microsoft.Storage/storageAccounts/fileServices",
+    "properties": {
+        "cors": {
+        "corsRules": []
+        },
+        "shareDeleteRetentionPolicy": {
+        "enabled": true,
+        "days": 14
+        }
+    }
+    }
+    ```
+
+6. Disable Soft Delete for File shares in storage account.
+
+    The following PUT operation disables the soft delete properties for file shares in the *inquirytest* account:
+
+    ```cmd
+    armclient put /subscriptions/37aa2d43-d4f5-4322-bae0-6ee11c627f50/resourceGroups/afsshare /providers/Microsoft.Storage/storageAccounts/inquirytest/fileServices/default?api-version=2019-04-01 .\rqbody-disableSoftDelete.json
+    ```
+
+    ```Output
+    {
+    "id": "/subscriptions/37aa2d43-d4f5-4322-bae0-6ee11c627f50/resourceGroups/Bugbash/providers/Microsoft.Storage/storageAccounts/inquirytest/fileServices/de
+    fault",
+    "name": "default",
+    "type": "Microsoft.Storage/storageAccounts/fileServices",
+    "properties": {
+        "shareDeleteRetentionPolicy": {
+        "enabled": false,
+        "days": 0
+        }
+    }
+    }
+    ```
+
+7. If you want to reenable soft delete, use the following sample.
+
+    The following PUT operation enables the soft delete properties for file shares in “inquirytest “account.
+
+    ```cmd
+    armclient put /subscriptions/37aa2d43-d4f5-4322-bae0-6ee11c627f50/resourceGroups/afsshare /providers/Microsoft.Storage/storageAccounts/inquirytest/fileServices/default?api-version=2019-04-01 .\rqbody-EnableSoftDelete.json
+    ```
+
+    ```Output
+    {
+    "id": "/subscriptions/37aa2d43-d4f5-4322-bae0-6ee11c627f50/resourceGroups/Bugbash/providers/Microsoft.Storage/storageAccounts/inquirytest/fileServices/default",
+    "name": "default",
+    "type": "Microsoft.Storage/storageAccounts/fileServices",
+    "properties": {
+        "shareDeleteRetentionPolicy": {
+        "enabled": true,
+        "days": 14
+        }
+    }
+    }
+    ```