Storage

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Blob Life cycle management for page blobs

    Provide life cycle management feature for Page blobs too similar to the block blob.
    Currently SQL server 2014 or older version support backing up data to page blobs only. Hence it would be good to have the page blob life cycle management policy on it. This will help in managing the deletion of page blobs on a timely basis.

    61 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow non-public address ranges for Firewall and/or cross-region VNET rules

    Storage accounts firewalls currently allow white-listing of networks within the same region.

    I have peered VNETs in other regions that require access to a Blob Store.

    I am unable to add these VNETs to the white-list and when I try to white-list the address range I am unable to because it is only possible white-list public IPs.

    This leaves no option other than to leave the firewall open to world access. Although it is possible to lock down access using IAM, the addition of a Firewall would be preferred.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  3. Customer Managed Keys for SSE using ARM or Azure Policy

    A common requirement we have is to re-configure Storage Accounts to use Customer Managed Keys for Storage Service Encryption (SSE). Currently, this can only be achieved manually through the Azure Portal, or through a sequence of PowerShell commands.

    To improve manageability and compliance with corporate governance policies, we would like the ability to configure Storage Service Encryption (SSE) as it's own Resource Type using ARM Templates. This would be similar to how "SQL Transparent Data Encrytpion" can be configured... https://docs.microsoft.com/en-us/azure/templates/microsoft.sql/2014-04-01/servers/databases/transparentdataencryption

    This would allow us to:

    a) Create new Storage Accounts with Customer Managed Keys configured by default
    b) Use Azure…

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow internal access to a storage account in any regions from any Microsoft.Storage service endpoint without needing public internet access

    Currently Microsoft has confirmed to me that it is only possible to access storage accounts hosted in a specific location from an Azure VM via the Microsoft.Storage service endpoint without internet access but only if the VM is located in either the primary or secondary (backup replication site) storage account location.

    For example, if I create a blob container in US East 2 (secondary replication location: Central US) I will be able to access a blob (ex. https://someblobname.blob.core.windows.net/somefolder/someblob.txt) from a US East 2 or Central US VM via the storage service endpoint attached to the VMs VNet. However, I…

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  5. Copy VM Image Across Regions through Azure Portal

    I have a new Microsoft customer that recently migrated from AWS. After their migration the customer noticed one major difference in functionality that negatively affects their post migration business plans. AWS has the ability to move images across regions through the AWS portal. The customer expressed that they would benefit greatly if the Azure portal had this same functionality. I understand that this is possible using AzureCLI (image copy estension), however, this option is not viable for the customer's environment.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow Logic App Connectors to dynamically pull a Storage Account Key rather than sticking with a statically configured key value

    Currently, Connectors to Storage Accounts are configured with a Storage Account key during setup. Implementing Microsoft's recommended key rotation breaks the Connector as it's not able to dynamically pull the key value.

    There is a workaround via PowerShell and adding an Azure Automation step to grab the key value and update the Connector prior to running any Logic App steps that require this Connector. While functional, this adds more access and complexity than should be required.

    Data Factory v2 has a connector that dynamically pulls values from a Key Vault (screenshot attached). It would be great if the Storage Account…

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow sorting by file type in Storage Explorer

    I can't sort the files in a container by type/extension in Azure Storage Explorer, which I do frequently with Windows Explorer.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  8. Azure Storage Firewall for Linked ARM Templates

    Add the Azure Resource Manager public IP addresses to the list of services that are "Allow Trusted Microsoft services to access this storage account" so that a blob storage account can be used as a linked ARM template location without having to use SaS tokens in releases.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  9. 6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  10. Microsoft Teams integration

    It would be great to see Azure storage (blob and/or Files) as a data source for Microsoft Teams.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  11. New tool to view Storage Tables on iOS

    Following your encouragement to inform about new tools to work with Azure Storage services I want to inform about my App AzureTabStorClient which can be used to view Azure Storage Tables on iOS devices. See more details at: https://azuretabstorclient.wordpress.com/

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  12. Enable Storage Account Firewall to access from App Service without ASE

    Currently it is not possible to configure storage account firewall to accept requests from App Services event whitelist outbound IP addresses of Appservices.
    It is great if above is possible

    393 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    25 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  13. 21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  14. Azure File Sync - O365 Integration

    It would be great if Azure File Sync could integrate with O365 Group (files & folders) ore O365 SharePoint Document libraries.

    To have the files synced with OnPrem file servers could provide a transparent experience for users while having always quick access.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  15. Storage Account Firewall - Add Option for Trusting Dynamics 365

    When using Azure Blob Storage to store attachments from Dynamics 365, we need the ability to restrict access to the storage account from only the D365 environment. Now that D365 (v9+) is hosted in azure, it is not practical to enter every IP range for all of Azure, nor is it secure because IP ranges are shared with other Azure customers. D365 accesses the storage account using a long-term SAS token, so additional IP restrictions are needed to further secure this.

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  16. Make it possible to send Storage Analytics ($logs) to Log analytics

    Currently Storage accounts can generate detailed logs which are stored under $logs in the storage account. But it is not possible to link this to Log Analytics. This functionality would enable monitoring data access, which is sometimes a regulatory requirement.

    177 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →

    This integration work is started. Log Analytics will be one of export options in diagnostic setting. It’s estimated to have public preview by Q1 2020. Before this built-in connection is offered, you can refer https://azure.microsoft.com/en-us/blog/query-azure-storage-analytics-logs-in-azure-log-analytics/ to build short term solution to export logs to Log Analytics.

    For any further questions, or to discuss your specific scenario, send us an email at azurestoragefeedback@microsoft.com.

  17. Make the $logs container read only

    We need to be sure that all audit logs are there and can not be modified/deleted. Now it is possible to delete audit log files from the $logs folder.

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow CORS rules to be applied via ARM template

    There is currently no support for CORS rules in Azure Resource Manager templates for storage accounts.

    50 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  19. Firewall settings

    I wish more flexible firewall settings like:

    a) Allow inbound packets from Azure infractructure?
    a-0) No.
    a-1) Yes, all. (any)
    a-2) Yes, but only from this and that VNET(s).

    b) Allow inbound packets from the public Internet?
    b-0) No.
    b-1) Yes, all. (0.0.0.0/0)
    b-2) Yes, but only from this and that IP range(s)

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  20. Automate domain replacement in Azure Storage Explorer link generator

    Azure Storage Explorer comes with a default URL generator for all files - http(s)://<storage account>.blob.core.windows.net/<container>/<file name>.

    The application also allows you to bind a custom URL to the service that takes the place of the "<storage account>.blob.core.windows.net/" section of the URL, making it http(s)://<custom domain>/<container>/<file name>.

    It would be super helpful to be able to be able to update the settings to indicate a custom domain is being used so that the "Copy URL" function replaced the root domain for you.

    Currently the advice received from MS is to manually replace the indicated URL segment manually, every time Storage Explorer…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base