Storage
-
Create storage account sharding infrastructure.
Create storage account sharding infrastructure. It's an enormous, error prone task to create this infrastructure by hand. This really needs to be baked into the infrastructure.
9 votes -
API / CLI Request for max allowed size of storage account
We have to know for an automation purpose the maximum size of storage accounts in all azure regions. There is currently know way to identify via API / CLI the max possible account size per region,
Based on that, we have to create alerts rules for the storage accounts to monitor the used capacity / threshold.
9 votes -
Azure Storage Firewall for Linked ARM Templates
Add the Azure Resource Manager public IP addresses to the list of services that are "Allow Trusted Microsoft services to access this storage account" so that a blob storage account can be used as a linked ARM template location without having to use SaS tokens in releases.
8 votes -
A Storage Account responses timeout error when increasing the bandwide of requests
A Storage Account responses a ServerTimeoutError when increasing in Client Receive Bytes because of By-design of Load distributed processing.
We want design change request so that the storage account does not send a ServerTimeoutError even increasing in Client Receive Bytes.8 votes -
Block deleting of Storage Accounts if Not Empty
If I am supposed to store Terra Bytes of data, in Management Portal easy delete option is very dangerous. Along with no way to retrieve deleted data. Even accidentally it does happen, today I created a test blob storage to test media services and then decided to delete it. I noticed, I could easily have selected something else and deleted it.
- Two Factor Delete Operation, send a code to email and ask user to enter the code to delete.
- Perform delete after actual 24 hours.
- Use some sort of warning indication in email that delete request is under processing.
I…
8 votesThanks for your feedback! We have plans to improve our delete experience in the coming year. In addition, we now require you to type the name of your Storage account to confirm deletion.
-
Azure File Sync - O365 Integration
It would be great if Azure File Sync could integrate with O365 Group (files & folders) ore O365 SharePoint Document libraries.
To have the files synced with OnPrem file servers could provide a transparent experience for users while having always quick access.
7 votes -
Email Notifications of Storage/Capacity
have email notifications of storage limit or service capacities. Recently ran out of space w/ no warning...
7 votesThanks for your feedback! We now offer email alerts for blob capacity via the Portal. Email alerts for file, table, and queue capacity is on our backlog.
-
Storage Account Firewall - Add Option for Trusting Dynamics 365
When using Azure Blob Storage to store attachments from Dynamics 365, we need the ability to restrict access to the storage account from only the D365 environment. Now that D365 (v9+) is hosted in azure, it is not practical to enter every IP range for all of Azure, nor is it secure because IP ranges are shared with other Azure customers. D365 accesses the storage account using a long-term SAS token, so additional IP restrictions are needed to further secure this.
7 votes -
SAS with secret httpost authentication
I want to prevent different clients, who sit behind the same public IP, from sharing SAS based URI's among each other.
If we can enable HTTP Post requests to a URI with the SAS attached, we can include authentication "secrets" as hidden fields in the request which can then be validated against the relevant SAS policy.
The process for authentication will be as follows:
1. Web server requests a new SAS and submits a "secret", which is stored with the Fileshare policy.
2. A SAS-token is generated (which does not contain the secret) and returned to the webserver.
3. The…6 votes -
Allow sas with spesific content-type
I would like to have sas which only able to read only file with .jpg,.js,.css for example
6 votes -
6 votes
-
Allow SASKey generation without revealing storage keys
I would like to be able to allow authorized users to generate SAS keys but not see (list) the storage account primary (master) keys. If someone is in possession of a master key, you cannot stop data exfiltration (until you become aware and change the keys). As least with an SAS key, the act of creating it can be detected (e.g., if they create an SAS token without a proper IP address restriction, etc.). Furthermore, the act of creating an SAS key is logged in the Azure Activity log.
So I would like to suggest defining a new RBAC action…
6 votes -
Remove custom domain from storage account
Classic storage accounts enable a custom domain to be associated. But it does not allow removal?
6 votes -
Add Alerts for Storage Account Usage
Add alerts for storage account usage, user should be able to set an alert for say 500GB usage.
Thanks
6 votes -
User assigned identity in storage account (ARM template for custom key SSE)
We are trying to define ARM template for storage accounts using custom key for SSE. Such definition is required for Azure Blueprints.
Currently the only way to enable custom key for SSE is 3 step process: 1-Create SystemAssigned identity in storage account, 2-Update Keyvault access policies for that identity, 3-Update storage encryption settings.
If we can get User (customer) assigned identity into storage account for accessing Keyvault, then we can pre-prepare / isolate step 1 and 2. Then we can have ARM template definition with custom key for SSE defined for a new storage account as a single step (3).
6 votes -
Automate domain replacement in Azure Storage Explorer link generator
Azure Storage Explorer comes with a default URL generator for all files - http(s)://<storage account>.blob.core.windows.net/<container>/<file name>.
The application also allows you to bind a custom URL to the service that takes the place of the "<storage account>.blob.core.windows.net/" section of the URL, making it http(s)://<custom domain>/<container>/<file name>.
It would be super helpful to be able to be able to update the settings to indicate a custom domain is being used so that the "Copy URL" function replaced the root domain for you.
Currently the advice received from MS is to manually replace the indicated URL segment manually, every time Storage Explorer…
6 votes -
Firewall rule that can accept connections from VNET on the other AAD tenant
Currently Storage firewall have a limitation, that source VNET must be in the same AAD tenant.
https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security?toc=%2fazure%2fvirtual-network%2ftoc.json#required-permissionsIt would be nice if cross tenant connection is enabled. It is quite useful to protect storage data by VNET basis and at the same time can accept connection from other partner companies who want to work on the specific storage account.
5 votes -
Improving the indexed partitioning criteria for handling storage accounts with same naming conventions
As described in detail here: https://azure.microsoft.com/en-us/documentation/articles/storage-performance-checklist/#subheading47 , Azure handles indexed partitioning with an index with aphabetical criteria, so storage accounts starting with A-H will go into one partition, H’-R will go into a different partition and last R’-Z will go into another different partition too.
We discovered that this could affect High Availability of VMs if you take care of putting them into Availability Set and use different storage accounts for their virtual disks, but same naming convention for accounts. In this case, if a fail happens on a given partition for example during an internal maintenance task or storage…4 votes -
4 votes
-
Please add Azure Disk Encryption support for RHEL 7.7 and 8.0 and CentOS 7.7 and 8.0 (as soon as it's available).
Please add Azure Disk Encryption support for RHEL 7.7 and 8.0 and CentOS 7.7 and 8.0 (as soon as it's available).
4 votes
- Don't see your idea?