Storage

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Relax the restrictions on storage account name

    Unlike most other azure resources, storage accounts have an overly strict naming restriction (must be globally unique, 3-24 length of lowercase letters and numbers only).

    This means Azure users cannot add any meaningful naming conventions to them compared to other azure resources - e.g. they can't contain hyphens, must be less than 24 characters, they can't have the same storage account name per environment, and have to be different GLOBALLY, etc.

    This restriction is overly limiting and means storage accounts are a pain to manage.

    I think this restriction only exists because the storage account name is put in the…

    3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  2. Can we store Azure Storage Metrics in Eventhub?

    Can we store Azure Storage Metrics in Eventhub? I've created a diagnostic setting for the Azure Storage account with a destination to an eventhub. However I don't see the stream. Do the logs and metrics only stay in the storage blobs?

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  3. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  4. Accept-Ranges: bytes header

    Blob storage REST API supports returning partial responses when a Range header is included in the HTTP request

    Blob storage however doesn't provide 'Accept-Ranges: bytes' in the response headers for GET nor HEAD requests, which would indicate to the client/browser that the server supports these types of requests.

    Documented here:
    https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Ranges

    Http spec here:
    https://tools.ietf.org/html/rfc7233#section-2.3

    Please add 'Accept-Ranges: bytes' to the headers of Blob Storage REST API responses

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  5. Alerts for expiring SAS key and storage account expiry

    Since we can't automatically renew SAS keys then we should be able to set alerts when a key or storage account comes close to expiry.

    16 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  6. Pass SAS Token in Authorization header

    It should be possible to pass a SAS Token in the Authorization header when accessing Azure Storage resources. It's more a secure and generally better design than passing SAS token as an URI parameter.

    Currently (see linked docs for ref) when using SAS Token it have to be passed in the URI as a parameter.

    I think such approach is less secure insecure: even when using HTTPS URI parameter is possible to be intercepted:
    - server can save it in request log
    - browser can save it in browsing history and it's possible to read it from history - by…

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  7. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  8. Life cycle policy prefix match shall match container name instead of start with

    Currently when we set prefix match for container name in life cycle policy is actually query as container name start with which will affect all container name using similar container name . For example i got 2 container ALI and ALI-Monthly. If i put prefix match equal ALI. Both blob files in container ALI and ALI-Monthly will get deleted. Please enhance it so that only ALI will get deleted.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  9. Option to whitelist all internal data center IP addresses

    Currently there is no way to whitelist all of the internal IP addresses used in a data center. This means that if you have an Azure function app running in the same data center as your storage account, you will be IP restricted.
    Can we get a check box added in the "Firewalls and virtual networks" section that whitelists all IPs used by the data center that the storage account is hosted in?
    Thanks!

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  10. Filter and sort files/blobs easily

    Enable filtering of files/blobs by their type rather than only their name, and enable ordering list per date of modification or file size.
    Right now it's a bit cumbersome to use when we're debugging.

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  11. Netapp Files AV Offload

    Azure Netapp Files should be able to offload AV scannign to a number of VM's running the stnadard ICAP model as it can when deployed onpremise.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  12. Please add Azure Disk Encryption support for RHEL 7.7 and 8.0 and CentOS 7.7 and 8.0 (as soon as it's available).

    Please add Azure Disk Encryption support for RHEL 7.7 and 8.0 and CentOS 7.7 and 8.0 (as soon as it's available).

    22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  13. Make storage service logging ARM managed

    Currently, it appears that the storage account diagnostic settings are controlled via service provider API and not ARM API. Therefore, Azure Policy cannot enforce storage service logging settings, although such logging can be a security requirement. From that perspective, it would be better if storage service logging (and perhaps the diagnostic settings generally) were moved under the control of the ARM API and given Azure Policy aliases.

    This is a similar request to:
    https://feedback.azure.com/forums/217298-storage/suggestions/34242376-azure-policy-for-preventing-public-blob-containers

    12 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  14. User assigned identity in storage account (ARM template for custom key SSE)

    We are trying to define ARM template for storage accounts using custom key for SSE. Such definition is required for Azure Blueprints.

    Currently the only way to enable custom key for SSE is 3 step process: 1-Create SystemAssigned identity in storage account, 2-Update Keyvault access policies for that identity, 3-Update storage encryption settings.

    If we can get User (customer) assigned identity into storage account for accessing Keyvault, then we can pre-prepare / isolate step 1 and 2. Then we can have ARM template definition with custom key for SSE defined for a new storage account as a single step (3).

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  15. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow Azure SignalR service CORS rules to be applied via ARM template

    There is currently no support to configure CORS settings of an Azure SignalR Service using ARM templates.

    (See template reference: https://docs.microsoft.com/en-us/azure/templates/microsoft.signalrservice/2018-10-01/signalr)

    4 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  17. Create an Azure Instance type with NVDIMM memories for high speed Storage Cache

    An NVDIMM (https://en.wikipedia.org/wiki/NVDIMM) is a type of memory used by Storage vendors as local cache, to accelerate High Performance Computing, Deep Learning, Deep Analytics, Simulations, and other storage-and-compute-intensive applications.

    Currently no cloud vendor supports instances with NVDIMMs, and Azure could break new ground here. We already have GPU's, FPGA's and other specialized hardware on our instances.

    NVDIMM would enable certain ISVs who cater for the HPC, Deep Learning, Simulation, and Deep Analytics crowd, and enable them to provide innovative solutions that today only exist in Private Cloud on on-premises applications.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  18. Immutable storage cannot be unlocked

    Function: Immutable storage

    Issue: Customer can easily lock his resources in storage accounts, but he cannot unlock them by himself when the lock is no longer needed.

    Ref document: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-immutable-storage#faq

    Recommend: Provide an "unlock" button to customer.

    6 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  19. App Service AAD Authentication on Azure Storage Static Site Hosting

    Currently, after exposing a site through Azure Storage Static Site Hosting, the only login method is to use ADAL.js or similiar. This means that no private info can be kept in the static site, and has to be retrieved from a backend which is secured using AAD. This is because even if I redirect to login, search crawlers will pick up the info.

    In practice, as soon as I have a site with potentially sensitive info on it, I drop to using an App Service for just one feature: AAD Authentication.

    If we could have a system identical to App…

    10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
  20. Include Logic Apps in the Trusted Microsoft Services for Storage Accounts

    Include Logic Apps in the Trusted Microsoft Services for Storage Accounts when configuring diagnostic settings in the Logic App to "archive to a storage account". Security Center flags logic app for not having this configured but then after configuring the storage account is flagged for not restriction access, "Restrict access to storage accounts with firewall and virtual network configurations (Preview)". Since the logic app can not be assigned to a virtual network this cannot be resolved/secured properly without taking my environment in to an App Service Environment.

    1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  General  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5
  • Don't see your idea?

Feedback and Knowledge Base