To prevent new content added to an Azure Blob container from being modified or deleted for a specific duration (in this case, one year), you must configure an immutability policy by setting a time-based retention policy or legal hold within an access policy on the container.
According to Microsoft’s Azure Storage documentation, immutability policies are configured under “Immutable blob storage”, which allows you to store data in a WORM (Write Once, Read Many) state. When a time-based retention policy is set (for example, one year), any blob data added to that container cannot be modified or deleted until the retention period expires.
The configuration is done by defining an access policy on the container and specifying parameters like retentionPeriodInDays. This ensures compliance with regulations such as SEC 17a-4(f), CFTC 1.31(d), and FINRA Rule 4511.
Other options such as access level, IAM settings, and access tier control visibility, permissions, or storage costs but do not enforce immutability or write protection.
Hence, to achieve the goal of preventing modifications to new blobs for one year, you must configure an access policy with a time-based immutability (retention) policy on the container.
✅ Final Verified Answer: C. an access policy
