Storage

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure Storage Firewalls support for Azure Site Recovery

    Configure Azure Storage Firewalls and Virtual Networks (preview) function is not supported now. many of my customer wants to restrict any unexpected access to keep their resource safe. In the cloud, it is important that security is guaranteed, so we strongly request that this function can be used.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  2. Please remove the dependency on storage account per each devtest lab


    1. One storage account is created for each devtest lab, may be provide option to use existing storage account while creating devtest lab.


    2. Please provide a ability to choose an image from Managed Images in the subscription when creating vms in devtest labs. (rather requiring to have devtest lab image)


    3. Remove the requirement to copy custom .vhds into each devtest lab storage account to use them for VM deployments.


    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  3. Store storage account key last generated date

    It would be helpful if Azure tracked the last time a storage account's keys were regenerated. This would allow us to enforce policies around key lifetimes.

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow the selection of "Azure storage" tag in Azure route table

    recently new feature came in NSG adding "Azure.storage" to allow NSG rule.
    Same way required in Azure Route Table to add rules.

    Why because Azure storage, KeyVault .. ect are associated with dynamic Public IP and customer is not aware of it when the IP will changes

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  5. Firewall/ACLs for Azure storage

    Asks:
    Firewall/ACLs in front of the Azure Storage account (like SQL DB)
    Ability to mark storage account as "internal only", making URL only usable by internal Azure Cloud Services (not resolvable from outside via URL)
    Same for Cloud Service - ability to use internally only, without accessible URL from outside Azure

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add Alerts for Storage Account Usage

    Add alerts for storage account usage, user should be able to set an alert for say 500GB usage.

    Thanks

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  7. Manage SAS Token by Name and Include in Audit Logs

    Give SAS tokens a name when generating then:
    - allow report/table of all generated token
    - allow revoke of exisiting token (or modification of access)
    - use the SAS token name in storage audit logs

    At the moment, the storage access logs do not show any useful information about who has made access, and this is critical to a practical audit function.

    43 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback. Currently you can use a stored access policy to manage revocation of an existing token. You are also able to track requests made using an existing stored access policy in the storage account logs. See https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1#controlling-a-sas-with-a-stored-access-policy for more details. For any further questions, or to discuss your specific scenario, send us an email at azurestoragefeedback@microsoft.com.

  8. Allow SASKey generation without revealing storage keys

    I would like to be able to allow authorized users to generate SAS keys but not see (list) the storage account primary (master) keys. If someone is in possession of a master key, you cannot stop data exfiltration (until you become aware and change the keys). As least with an SAS key, the act of creating it can be detected (e.g., if they create an SAS token without a proper IP address restriction, etc.). Furthermore, the act of creating an SAS key is logged in the Azure Activity log.

    So I would like to suggest defining a new RBAC action…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  9. virus checking/scanning mechanism for azure storage on file upload. Possibly optional for improved performance(bound to container).

    It would be nice to have an integrated virus checking/scanning mechanism on Azure storage without having to rely on 3rd party software.

    50 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  10. Remove or dramatically increase the max number of stored access policies per container, file share, table, or queue

    Today the maximum policy you can have is 5. This is way to low as we are using blob storage in a data sharing scenario between providers and consumers and we need to use policies to be able to revoke issued SAS tokens in this sharing scenario. 5 policies means that we can only control 5 SAS keys that can be revoked. We need a lot more.

    39 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  11. CloudStorageAccount.Parse(): Support SafeString

    CloudStorageAccount.Parse(): Today takes string as parameter, as it contains username/password, I think it would be better if it took a SafeString.

    0 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  12. Support deduplication of Azure storage objects (blobs and files)

    Add support for deduplication of files stored in Azure Files to save storage space (cost). General file savings are about 50% when using deduplication in Windows Server

    215 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    11 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow sas with spesific content-type

    I would like to have sas which only able to read only file with .jpg,.js,.css for example

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  14. Improving the indexed partitioning criteria for handling storage accounts with same naming conventions

    As described in detail here: https://azure.microsoft.com/en-us/documentation/articles/storage-performance-checklist/#subheading47 , Azure handles indexed partitioning with an index with aphabetical criteria, so storage accounts starting with A-H will go into one partition, H’-R will go into a different partition and last R’-Z will go into another different partition too.
    We discovered that this could affect High Availability of VMs if you take care of putting them into Availability Set and use different storage accounts for their virtual disks, but same naming convention for accounts. In this case, if a fail happens on a given partition for example during an internal maintenance task or storage…

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  15. Passwords for Hadoop creation are rough/silly?

    10 characters, lower+upper case, number, special character? Even my onePass fully-hashed passwords don't meet this criteria. If there is a security policy that requires passwords to be that long, then can you please show all error warnings at the same time, such that I don't have to try three different passwords (because I didn't know it needed to be 10 characaters long, etc.)

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  16. SAS with secret httpost authentication

    I want to prevent different clients, who sit behind the same public IP, from sharing SAS based URI's among each other.

    If we can enable HTTP Post requests to a URI with the SAS attached, we can include authentication "secrets" as hidden fields in the request which can then be validated against the relevant SAS policy.

    The process for authentication will be as follows:
    1. Web server requests a new SAS and submits a "secret", which is stored with the Fileshare policy.
    2. A SAS-token is generated (which does not contain the secret) and returned to the webserver.
    3. The…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  17. storage stamp option

    Provide the option to define storage accounts to use the same of different storage stamps. we have scenarios where the ability to define same or different stamps make an huge impact in the end result.

    55 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  18. A standard GUI for upload, download, sync of stored data! Searching forums and blogs for a beta app doesn't inspire confidence.

    A standard GUI for upload, download, sync of stored data! Searching forums and blogs for a beta app doesn't inspire confidence.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow Storage Replica in Windows Server 2016 to replicate directly to Azure

    I think there is a business case for allowing the Storage Replica feature in Windows Server 2016 to replicate directly to Azure, "Storage Replica as a Service" if you will.

    The reason for this is to be able to set up a simple DR solution for any volume on any Windows Server 2016. In the case of a disaster at the on-premise datacenter the customer can elect to either set up a new VM in Azure and replicate the data back to that server or set up a new server on-premise and replicate the data back to that server.

    This…

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  20. Scale to Premium Storage from standard Storage

    Please allow us to switch from Standard Storage to Premium Storage and the other way around. Or at least provide us with the option to scale up from Standard Storage to Premium Storage (one way).

    The current process involves stopping the affected VM, copying the disk using AzCopy and recreating the VM in the new storage account.
    I'm pretty sure Micorosft's team can take care of this process behind the scenes and just provide us with a user interface option and/or an API method.

    Currently we have multiple VMs (about 20+) running on standard storage that need to be upgraded…

    61 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base