Storage
-
Create a Multi-Region Key Vault. Add Multi-Region Key Vault to Encryption Scope so that it can support RA-GRS.
Encryption Scope depends on Key Vault
Key Vault has a collocation constraint which prevents that it work on multiple regions
Encryption Scope is incompatible with RA-GRS and does not support secondary failover region112 votes -
Enable Soft Delete in Azure Data Lake Gen2
You can turn on the Soft Delete option in Blob Storage, but not when it's got the ADLS Gen2 box checked. Please make this available in the ADLS Gen2 storage accounts. We just had an accidental deletion of a top-level folder in the container and it couldn't be restored by the MS engineers even with the geo-replication going.
180 votes -
Current limitation of 30 server endpoints per server is a deal breaker, we have 56 endpoints and cannot migrate to azure wi
The current limitation of 30 server endpoints per server is a deal-breaker, we have 56 endpoints and cannot migrate to azure without completely changing our directory structure
54 votes -
Improve Microsoft.Storage ARM API to provide full Connection String
In a million ARM templates, people write things like:
[concat('DefaultEndpointsProtocol=https;AccountName=', variables('storageAccountName'), ';AccountKey=', listKeys(variables('storageAccountId'),'2015-05-01-preview').key1)]
It's annoying and this example is not portable to other Azure clouds, a portable example would be even worse.
As a quality-of-life improvement. Please provide a convenient combined property that works for all clouds. It could be something like
[listKeys(variables('storageResourceId'), '2020-12-31').ConnectionString]
13 votes -
Pls. enable authentication support for Azure File SMB access using Azure AD credentials from Windows 10 devices joined to Azure AD.
Pls. enable authentication support for Azure File SMB access using Azure AD credentials from Windows 10 devices joined to Azure AD.
37 votes -
Near real-time detection of a message in previously empty Azure Queue Storage
Currently, Azure Queue Storage consumer must continuously poll for messages an empty Azure Queue Storage to detect when a new message is available. This leads to high cost when fast processing of the first message in a previous empty queue is required.
Possible solutions:
• Support long pooling to reduce the number of requests
• Support events from Azure Queue Storage (to Azure Event Grid) like “Messages Available in a previous empty queue and not consumed for 100ms”.Please note that the following workarounds are not sufficient:
• Use Azure Service Bus instead of Azure Storage Queue.
• Support backoff…19 votes -
Instant Search support for Azure Files Shares within Windows
When searching a file share hosted on Windows Server with Window Search Indexing enabled from a Windows client you get instant search results back from a search query in Windows Explorer.
When searching a file share hosted on Azure Files the search results return slowly as the search operation searches through the folders one by one.
It would be great to have instant search on Azure Files Shares so that files share can be lifted and shifted from Windows Servers and still have the same end user experience.
21 votes -
Alerts for expiring SAS key and storage account expiry
Since we can't automatically renew SAS keys then we should be able to set alerts when a key or storage account comes close to expiry.
16 votes -
Add ARM as trusted Service in Storage Account Firewall.
Please add "Azure Resource Manager(ARM) template deployment service" as Trusted Service in Storage Account Firewall services. Right now when we add IP restrictions and "Allow trusted Microsoft services", the ARM Template deployment fails when it attempts to get the keys for the storage account, because ARM is not added as Trusted Service in Storage Account Firewall.
61 votes -
LDAPS Support for Azure NetApp Files
Please enable LDAPS support for Azure NetApp Files, as we (assuming like many) currently run 2019 Domain Controllers in the cloud, and adhere to best practice configuration. But that now means were unable to connect and use this new service due to the lack of its support for LDAPS.
76 votes -
Dynamic ACL Rule
The ability to automatically assign an ACL to a specific group based on the name of the directory.
For example, a folder in a container with a specific character forward match can be given RWX rights to a specific AD group4 votes -
Option to whitelist all internal data center IP addresses
Currently there is no way to whitelist all of the internal IP addresses used in a data center. This means that if you have an Azure function app running in the same data center as your storage account, you will be IP restricted.
Can we get a check box added in the "Firewalls and virtual networks" section that whitelists all IPs used by the data center that the storage account is hosted in?
Thanks!22 votes -
Azcopy sync with preserved original folders/files time stamp on Blob Storage
Azcopy sync with preserved original folders/files time stamp on Blob Storage.
1 vote -
Worm compliance at object level
Please add a feature to support WORM policies at object level. Currently it's only supporting at container level. This has very potential and AWS already has this feature supporting at both object and bucket level.
12 votes -
SFTP (and FTPS) protocol support for Azure Files
Exposing the SFTP protocol would facilitate a bunch of scenarios where today 2 VMs (with all the management overhead that implies) are required.
5,763 votesThanks for the feedback! We are interested in collecting feedback on this request – please vote for it if this is something you like to see.
We’re also interested in learning more what people want to use the SFTP/FTPS for and which protocol they prefer. Please feel free to leave us a comment letting us know more detail!
Thanks,
Will Gries
Program Manager, Azure Files -
Lifecycle Management for Azure File shares
Lifecycle Management for Azure File shares similar to blobs.
93 votes -
Install MSI from azure file UNC path
If you install an MSI from an Azure file storage SMB you need to map it on a drive. If you do not map it the MSI will result in an MSI error 1619 “This patch package could not be opened. Verify that the patch package exists and that you can access it, or contact the application vendor the verify that this is a valid Windows Installer patch package”. We like to install MSI directly from the UNC path.
59 votes -
Allow AAD joined computers to access Azure File Shares using IAM
Currently IAM based access to Azure File Shares is only supported using VMs joined to AAD DS or when joined to a local domain that has Azure AD Sync enabled. It would be great if Azure AD joined computers (such as Windows 10 clients managed through Intune) could also access Azure File Shares using IAM.
9 votes -
Add Azure File Sync to Products available by region overview
Documentation lacking for Azure File Sync in Azure region overview:
https://azure.microsoft.com/en-us/global-infrastructure/services12 votes -
Pass SAS Token in Authorization header
It should be possible to pass a SAS Token in the Authorization header when accessing Azure Storage resources. It's more a secure and generally better design than passing SAS token as an URI parameter.
Currently (see linked docs for ref) when using SAS Token it have to be passed in the URI as a parameter.
I think such approach is less secure insecure: even when using HTTPS URI parameter is possible to be intercepted:
- server can save it in request log
- browser can save it in browsing history and it's possible to read it from history - by…10 votes
- Don't see your idea?