Storage

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Customer Managed Keys for SSE using ARM or Azure Policy

    A common requirement we have is to re-configure Storage Accounts to use Customer Managed Keys for Storage Service Encryption (SSE). Currently, this can only be achieved manually through the Azure Portal, or through a sequence of PowerShell commands.

    To improve manageability and compliance with corporate governance policies, we would like the ability to configure Storage Service Encryption (SSE) as it's own Resource Type using ARM Templates. This would be similar to how "SQL Transparent Data Encrytpion" can be configured... https://docs.microsoft.com/en-us/azure/templates/microsoft.sql/2014-04-01/servers/databases/transparentdataencryption

    This would allow us to:

    a) Create new Storage Accounts with Customer Managed Keys configured by default
    b) Use Azure…

    26 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  2. Copy VM Image Across Regions through Azure Portal

    I have a new Microsoft customer that recently migrated from AWS. After their migration the customer noticed one major difference in functionality that negatively affects their post migration business plans. AWS has the ability to move images across regions through the AWS portal. The customer expressed that they would benefit greatly if the Azure portal had this same functionality. I understand that this is possible using AzureCLI (image copy estension), however, this option is not viable for the customer's environment.

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  3. Microsoft Teams integration

    It would be great to see Azure storage (blob and/or Files) as a data source for Microsoft Teams.

    23 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  4. Option to whitelist all internal data center IP addresses

    Currently there is no way to whitelist all of the internal IP addresses used in a data center. This means that if you have an Azure function app running in the same data center as your storage account, you will be IP restricted.
    Can we get a check box added in the "Firewalls and virtual networks" section that whitelists all IPs used by the data center that the storage account is hosted in?
    Thanks!

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  5. Please add Azure Disk Encryption support for RHEL 7.7 and 8.0 and CentOS 7.7 and 8.0 (as soon as it's available).

    Please add Azure Disk Encryption support for RHEL 7.7 and 8.0 and CentOS 7.7 and 8.0 (as soon as it's available).

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add x-ms- request headers in Shared Access Signatures URI

    As SAS is defined as a URI that grants restricted access rights to Azure Storage resources. I think it will be helpful to add custom headers to the URI. For example, the request for Put Blob could be https://...&...&x-ms-blob-type=BlockBlob. In this way, we can set what we need in the URI and just focus on it.

    21 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  7. Allow Storage Replica in Windows Server 2016 to replicate directly to Azure

    I think there is a business case for allowing the Storage Replica feature in Windows Server 2016 to replicate directly to Azure, "Storage Replica as a Service" if you will.

    The reason for this is to be able to set up a simple DR solution for any volume on any Windows Server 2016. In the case of a disaster at the on-premise datacenter the customer can elect to either set up a new VM in Azure and replicate the data back to that server or set up a new server on-premise and replicate the data back to that server.

    This…

    20 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  8. Azure Storage Firewalls support for Azure Site Recovery

    Configure Azure Storage Firewalls and Virtual Networks (preview) function is not supported now. many of my customer wants to restrict any unexpected access to keep their resource safe. In the cloud, it is important that security is guaranteed, so we strongly request that this function can be used.

    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  9. Please remove the dependency on storage account per each devtest lab


    1. One storage account is created for each devtest lab, may be provide option to use existing storage account while creating devtest lab.


    2. Please provide a ability to choose an image from Managed Images in the subscription when creating vms in devtest labs. (rather requiring to have devtest lab image)


    3. Remove the requirement to copy custom .vhds into each devtest lab storage account to use them for VM deployments.


    19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  10. Make the $logs container read only

    We need to be sure that all audit logs are there and can not be modified/deleted. Now it is possible to delete audit log files from the $logs folder.

    18 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  11. Possibility to migrate a Storage Account to an Affinity Group

    It would be very practical to be able to move or migrate a storage account into an affinifty group after it's creation.

    17 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  12. Alerts for expiring SAS key and storage account expiry

    Since we can't automatically renew SAS keys then we should be able to set alerts when a key or storage account comes close to expiry.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  13. Implement an SSRS delivery extension for Azure Storage

    Implement a SQL Server report Delivery extension for Azure Storage destinations (eg Azure File/CDN/ Blob).

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow control of storage account DefaultServiceVersion through Azure Panel for true HTTP/1.1

    By default, when a new Storage Account is created, the DefaultServiceVersion property is set to 2009-09-19, which is really old. Many storage accounts created now don't need backwards compatibility with this very old version.
    It would be very useful to allow control of DefaultServiceVersion through Azure control panel or better, when creating a new Storage Account (same way you can select Windows release when creating VM) so that one can select it to a more recent version and thus allow storage account to respond to HTTP/1.1 Range request.

    15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  15. Secure Azure Storage access using WAAD/ACS

    I'd like to expose access to Azure storage resources directly to my tenants, but I need to use the same security mechanisms that my users use for accessing other parts of my system (e.g., web apps).

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  16. Store storage account key last generated date

    It would be helpful if Azure tracked the last time a storage account's keys were regenerated. This would allow us to enforce policies around key lifetimes.

    14 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow sorting by file type in Storage Explorer

    I can't sort the files in a container by type/extension in Azure Storage Explorer, which I do frequently with Windows Explorer.

    13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  18. Make storage service logging ARM managed

    Currently, it appears that the storage account diagnostic settings are controlled via service provider API and not ARM API. Therefore, Azure Policy cannot enforce storage service logging settings, although such logging can be a security requirement. From that perspective, it would be better if storage service logging (and perhaps the diagnostic settings generally) were moved under the control of the ARM API and given Azure Policy aliases.

    This is a similar request to:
    https://feedback.azure.com/forums/217298-storage/suggestions/34242376-azure-policy-for-preventing-public-blob-containers

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  19. API / CLI Request for max allowed size of storage account

    We have to know for an automation purpose the maximum size of storage accounts in all azure regions. There is currently know way to identify via API / CLI the max possible account size per region,

    Based on that, we have to create alerts rules for the storage accounts to monitor the used capacity / threshold.

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  20. 12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base