Storage

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure File Sync - O365 Integration

    It would be great if Azure File Sync could integrate with O365 Group (files & folders) ore O365 SharePoint Document libraries.

    To have the files synced with OnPrem file servers could provide a transparent experience for users while having always quick access.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  2. App Service AAD Authentication on Azure Storage Static Site Hosting

    Currently, after exposing a site through Azure Storage Static Site Hosting, the only login method is to use ADAL.js or similiar. This means that no private info can be kept in the static site, and has to be retrieved from a backend which is secured using AAD. This is because even if I redirect to login, search crawlers will pick up the info.

    In practice, as soon as I have a site with potentially sensitive info on it, I drop to using an App Service for just one feature: AAD Authentication.

    If we could have a system identical to App…

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  3. Storage Account Firewall - Add Option for Trusting Dynamics 365

    When using Azure Blob Storage to store attachments from Dynamics 365, we need the ability to restrict access to the storage account from only the D365 environment. Now that D365 (v9+) is hosted in azure, it is not practical to enter every IP range for all of Azure, nor is it secure because IP ranges are shared with other Azure customers. D365 accesses the storage account using a long-term SAS token, so additional IP restrictions are needed to further secure this.

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  4. Firewall/ACLs for Azure storage

    Asks:
    Firewall/ACLs in front of the Azure Storage account (like SQL DB)
    Ability to mark storage account as "internal only", making URL only usable by internal Azure Cloud Services (not resolvable from outside via URL)
    Same for Cloud Service - ability to use internally only, without accessible URL from outside Azure

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  5. SAS with secret httpost authentication

    I want to prevent different clients, who sit behind the same public IP, from sharing SAS based URI's among each other.

    If we can enable HTTP Post requests to a URI with the SAS attached, we can include authentication "secrets" as hidden fields in the request which can then be validated against the relevant SAS policy.

    The process for authentication will be as follows:
    1. Web server requests a new SAS and submits a "secret", which is stored with the Fileshare policy.
    2. A SAS-token is generated (which does not contain the secret) and returned to the webserver.
    3. The…

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow the selection of "Azure storage" tag in Azure route table

    recently new feature came in NSG adding "Azure.storage" to allow NSG rule.
    Same way required in Azure Route Table to add rules.

    Why because Azure storage, KeyVault .. ect are associated with dynamic Public IP and customer is not aware of it when the IP will changes

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  7. Create storage account sharding infrastructure.

    Create storage account sharding infrastructure. It's an enormous, error prone task to create this infrastructure by hand. This really needs to be baked into the infrastructure.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  8. Use Azure service principal for authentication to storage, instead of account key

    At the moment, it is a bit complicated to use the CLI to upload files to Azure storage.

    First you need to login to Azure:

    az login --service-principal --username $USERNAME --password $PASSWORD --tenant $TENANT

    Then you need to retrieve the keys for the storage account:

    az storage account keys list --account-name $STORAGEACCOUNTNAME --resource-group $RESOURCE_GROUP

    Then you have to parse the result and retrieve the keys.

    Then you can use the keys to upload some files:

    az storage blob upload-batch --account-name $STORAGEACCOUNTNAME --account-key $STORAGEACCOUNTKEY --destination /css --source /css --pattern '*.css' --content-type text/css"

    Why can't I…

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  9. Azure Storage Firewall for Linked ARM Templates

    Add the Azure Resource Manager public IP addresses to the list of services that are "Allow Trusted Microsoft services to access this storage account" so that a blob storage account can be used as a linked ARM template location without having to use SaS tokens in releases.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow sorting by file type in Storage Explorer

    I can't sort the files in a container by type/extension in Azure Storage Explorer, which I do frequently with Windows Explorer.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  11. A Storage Account responses timeout error when increasing the bandwide of requests

    A Storage Account responses a ServerTimeoutError when increasing in Client Receive Bytes because of By-design of Load distributed processing.
    We want design change request so that the storage account does not send a ServerTimeoutError even increasing in Client Receive Bytes.

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  12. Block deleting of Storage Accounts if Not Empty

    If I am supposed to store Terra Bytes of data, in Management Portal easy delete option is very dangerous. Along with no way to retrieve deleted data. Even accidentally it does happen, today I created a test blob storage to test media services and then decided to delete it. I noticed, I could easily have selected something else and deleted it.


    1. Two Factor Delete Operation, send a code to email and ask user to enter the code to delete.

    2. Perform delete after actual 24 hours.

    3. Use some sort of warning indication in email that delete request is under processing.

    I…

    8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  13. Email Notifications of Storage/Capacity

    have email notifications of storage limit or service capacities. Recently ran out of space w/ no warning...

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  14. Please add Azure Disk Encryption support for RHEL 7.7 and 8.0 and CentOS 7.7 and 8.0 (as soon as it's available).

    Please add Azure Disk Encryption support for RHEL 7.7 and 8.0 and CentOS 7.7 and 8.0 (as soon as it's available).

    7 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  15. Pass SAS Token in Authorization header

    It should be possible to pass a SAS Token in the Authorization header when accessing Azure Storage resources. It's more a secure and generally better design than passing SAS token as an URI parameter.

    Currently (see linked docs for ref) when using SAS Token it have to be passed in the URI as a parameter.

    I think such approach is less secure insecure: even when using HTTPS URI parameter is possible to be intercepted:
    - server can save it in request log
    - browser can save it in browsing history and it's possible to read it from history - by…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow sas with spesific content-type

    I would like to have sas which only able to read only file with .jpg,.js,.css for example

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  17. 6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow SASKey generation without revealing storage keys

    I would like to be able to allow authorized users to generate SAS keys but not see (list) the storage account primary (master) keys. If someone is in possession of a master key, you cannot stop data exfiltration (until you become aware and change the keys). As least with an SAS key, the act of creating it can be detected (e.g., if they create an SAS token without a proper IP address restriction, etc.). Furthermore, the act of creating an SAS key is logged in the Azure Activity log.

    So I would like to suggest defining a new RBAC action…

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  19. Remove custom domain from storage account

    Classic storage accounts enable a custom domain to be associated. But it does not allow removal?

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add Alerts for Storage Account Usage

    Add alerts for storage account usage, user should be able to set an alert for say 500GB usage.

    Thanks

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base