Configuring WORM Storage Lock

You can configure WORM storage lock in Commvault using the following procedure.

Before You Begin

Before configuring WORM storage lock, make sure to perform the following:

Create or configure the following in cloud storage:


For information on permissions to configure cloud storages, see Creating a Cloud Storage Library.


Before You Begin Tasks

Amazon S3

  • Create a bucket in Amazon S3 cloud storage, with object lock enabled.


Disable default retention when object lock is enabled.

  • Verify that the PutObjectRetention permission is assigned to the bucket along with the other permissions needed to configure Amazon S3. For more information about the other permissions, see the Amazon S3 pages.

  • Commvault uses Compliance mode with object lock on AWS S3.

  • For a bucket with versioning enabled, you must have the DeleteObjectVersion permission to delete versioned objects.

S3 Compatible

  • Same tasks as Amazon S3
  • Commvault uses Compliance mode with object lock on S3 Compatible.
  • Disable default retention when object lock is enabled or set retention days to 0.
  • Additionally, you should configure life cycle policy to remove delete markers.

Google Cloud Storage

Create a bucket in Google Cloud Storage.


From Commvault Platform Release 2024 (11.34), Commvault supports object lock on Google Cloud Storage, but only for new storage buckets. Upgraded storage buckets remain bucket lock enabled.

Microsoft Azure Storage

  • Create a storage account and a container with version-level immutability support in Microsoft Azure Storage.

  • Verify that the Storage Blob Data Contributor role is assigned in Azure.


  1. From the navigation pane, go to Storage > Cloud.

    The Cloud page appears.

  2. Click the cloud storage for which you want to configure WORM storage mode.

    The cloud storage page appears.

  3. On the Configuration tab, in the WORM section, do the following:

    a. Move the WORM storage lock toggle key to the right.

    The Retention rules page appears.


    • This action also enables compliance lock on all associated backup destinations.

    • This action is irreversible and you cannot lower the retention.

    • If you enabled WORM storage lock unintentionally, we recommend you to create a new storage pool with a new storage pointing to a new container or bucket.

    b. In the Retention period option, specify the amount of time to retain the backups, and then click OK.

    The Do you want to enable WORM storage lock? dialog box appears.

    c. Select the options to confirm your agreement, type Confirm in the confirmation box, and then click CONFIRM.