Make Blob access policies Azure Resource Manager managed
In order to apply Azure Policies the item you want to control has to be ARM managed. Apparently Blob Access Policies are not ARM managed (i.e. resource that can be managed by calling https://management.azure.com/[ResourceId]). Because of this the Azure Policies product group can't make a policy alias to audit/deny the use of public containers/blobs, see: https://github.com/Azure/azure-policy/issues/131.
This is a big issue because the use of anonymous access to storage containing enterprise data is a huge risk.
The feedback is well received. Azure Storage team is working on the feature for this scenario. It’s estimated to ship in CY2019.