Storage

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Make storage service logging ARM managed

    Currently, it appears that the storage account diagnostic settings are controlled via service provider API and not ARM API. Therefore, Azure Policy cannot enforce storage service logging settings, although such logging can be a security requirement. From that perspective, it would be better if storage service logging (and perhaps the diagnostic settings generally) were moved under the control of the ARM API and given Azure Policy aliases.

    This is a similar request to:
    https://feedback.azure.com/forums/217298-storage/suggestions/34242376-azure-policy-for-preventing-public-blob-containers

    11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  2. Enable Storage Account Firewall to access from App Service without ASE

    Currently it is not possible to configure storage account firewall to accept requests from App Services event whitelist outbound IP addresses of Appservices.
    It is great if above is possible

    328 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    20 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  3. Blob Life cycle management for page blobs

    Provide life cycle management feature for Page blobs too similar to the block blob.
    Currently SQL server 2014 or older version support backing up data to page blobs only. Hence it would be good to have the page blob life cycle management policy on it. This will help in managing the deletion of page blobs on a timely basis.

    41 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  4. Whitelist all Microsoft services in Storage account Firewall

    Whitelist all Microsoft services including Azure Data Factory when the "Firewall and Virtual Network" option is enabled on Storage account and "Allow trusted Microsoft services to access this storage account" option is selected.

    Similar option is already available on Azure Data Lake store, where we can access Data Lake from Data Factory pipelines after the firewall option is enabled.

    577 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    35 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  5. Netapp Files AV Offload

    Azure Netapp Files should be able to offload AV scannign to a number of VM's running the stnadard ICAP model as it can when deployed onpremise.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  6. Please add Azure Disk Encryption support for RHEL 7.7 and 8.0 and CentOS 7.7 and 8.0 (as soon as it's available).

    Please add Azure Disk Encryption support for RHEL 7.7 and 8.0 and CentOS 7.7 and 8.0 (as soon as it's available).

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  7. User assigned identity in storage account (ARM template for custom key SSE)

    We are trying to define ARM template for storage accounts using custom key for SSE. Such definition is required for Azure Blueprints.

    Currently the only way to enable custom key for SSE is 3 step process: 1-Create SystemAssigned identity in storage account, 2-Update Keyvault access policies for that identity, 3-Update storage encryption settings.

    If we can get User (customer) assigned identity into storage account for accessing Keyvault, then we can pre-prepare / isolate step 1 and 2. Then we can have ARM template definition with custom key for SSE defined for a new storage account as a single step (3).

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow Azure SignalR service CORS rules to be applied via ARM template

    There is currently no support to configure CORS settings of an Azure SignalR Service using ARM templates.

    (See template reference: https://docs.microsoft.com/en-us/azure/templates/microsoft.signalrservice/2018-10-01/signalr)

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  9. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  10. Create an Azure Instance type with NVDIMM memories for high speed Storage Cache

    An NVDIMM (https://en.wikipedia.org/wiki/NVDIMM) is a type of memory used by Storage vendors as local cache, to accelerate High Performance Computing, Deep Learning, Deep Analytics, Simulations, and other storage-and-compute-intensive applications.

    Currently no cloud vendor supports instances with NVDIMMs, and Azure could break new ground here. We already have GPU's, FPGA's and other specialized hardware on our instances.

    NVDIMM would enable certain ISVs who cater for the HPC, Deep Learning, Simulation, and Deep Analytics crowd, and enable them to provide innovative solutions that today only exist in Private Cloud on on-premises applications.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  11. Customer Managed Keys for SSE using ARM or Azure Policy

    A common requirement we have is to re-configure Storage Accounts to use Customer Managed Keys for Storage Service Encryption (SSE). Currently, this can only be achieved manually through the Azure Portal, or through a sequence of PowerShell commands.

    To improve manageability and compliance with corporate governance policies, we would like the ability to configure Storage Service Encryption (SSE) as it's own Resource Type using ARM Templates. This would be similar to how "SQL Transparent Data Encrytpion" can be configured... https://docs.microsoft.com/en-us/azure/templates/microsoft.sql/2014-04-01/servers/databases/transparentdataencryption

    This would allow us to:

    a) Create new Storage Accounts with Customer Managed Keys configured by default
    b) Use Azure…

    25 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  12. API / CLI Request for max allowed size of storage account

    We have to know for an automation purpose the maximum size of storage accounts in all azure regions. There is currently know way to identify via API / CLI the max possible account size per region,

    Based on that, we have to create alerts rules for the storage accounts to monitor the used capacity / threshold.

    9 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  13. Immutable storage cannot be unlocked

    Function: Immutable storage

    Issue: Customer can easily lock his resources in storage accounts, but he cannot unlock them by himself when the lock is no longer needed.

    Ref document: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage#faq

    Recommend: Provide an "unlock" button to customer.

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  14. Make it possible to send Storage Analytics ($logs) to Log analytics

    Currently Storage accounts can generate detailed logs which are stored under $logs in the storage account. But it is not possible to link this to Log Analytics. This functionality would enable monitoring data access, which is sometimes a regulatory requirement.

    130 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →

    This integration work is started. Log Analytics will be one of export options in diagnostic setting. It’s estimated to have public preview by Nov CY2019. Before this built-in connection is offered, you can refer https://azure.microsoft.com/en-us/blog/query-azure-storage-analytics-logs-in-azure-log-analytics/ to build short term solution to export logs to Log Analytics.

    For any further questions, or to discuss your specific scenario, send us an email at azurestoragefeedback@microsoft.com.

  15. Include Logic Apps in the Trusted Microsoft Services for Storage Accounts

    Include Logic Apps in the Trusted Microsoft Services for Storage Accounts when configuring diagnostic settings in the Logic App to "archive to a storage account". Security Center flags logic app for not having this configured but then after configuring the storage account is flagged for not restriction access, "Restrict access to storage accounts with firewall and virtual network configurations (Preview)". Since the logic app can not be assigned to a virtual network this cannot be resolved/secured properly without taking my environment in to an App Service Environment.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  16. Forecast or Show Approximate Storage Size for Selected Items for Azure Backup before the actual/scheduled Backup

    Hi Azure Microsoft Team

    Highly appreciate if you can calculate or forecast the selected items to Backup in the Schedule Backup Wizard for Azure Backup so that we can determine the file size storage are being backup rather than after the backup job success.

    It will be another awesome feature to be added.

    Thank you

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  17. Give size limitations on imports and exports. Is there any size limitation especially dealing with drives.

    Please update the documentation with import/export sizes and increase the level of detail with application in limitations.

    2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  18. Copy VM Image Across Regions through Azure Portal

    I have a new Microsoft customer that recently migrated from AWS. After their migration the customer noticed one major difference in functionality that negatively affects their post migration business plans. AWS has the ability to move images across regions through the AWS portal. The customer expressed that they would benefit greatly if the Azure portal had this same functionality. I understand that this is possible using AzureCLI (image copy estension), however, this option is not viable for the customer's environment.

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  19. Firewall rule that can accept connections from VNET on the other AAD tenant

    Currently Storage firewall have a limitation, that source VNET must be in the same AAD tenant.
    https://docs.microsoft.com/en-us/azure/storage/common/storage-network-security?toc=%2fazure%2fvirtual-network%2ftoc.json#required-permissions

    It would be nice if cross tenant connection is enabled. It is quite useful to protect storage data by VNET basis and at the same time can accept connection from other partner companies who want to work on the specific storage account.

    5 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow internal access to a storage account in any regions from any Microsoft.Storage service endpoint without needing public internet access

    Currently Microsoft has confirmed to me that it is only possible to access storage accounts hosted in a specific location from an Azure VM via the Microsoft.Storage service endpoint without internet access but only if the VM is located in either the primary or secondary (backup replication site) storage account location.

    For example, if I create a blob container in US East 2 (secondary replication location: Central US) I will be able to access a blob (ex. https://someblobname.blob.core.windows.net/somefolder/someblob.txt) from a US East 2 or Central US VM via the storage service endpoint attached to the VMs VNet. However, I…

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5
  • Don't see your idea?

Feedback and Knowledge Base