Storage Accounts microsoft.storage/storageaccounts Azure Resource type

Storage Accounts - Microsoft Azure Resource type
microsoft.storage/storageaccounts

Resource provider (RP) - Microsoft Storage [Microsoft.Storage]
RP	Microsoft.Storage
RP display name	Microsoft Storage
RP Resource types	Resource types: 77
RP aliases	RP aliases: 576
RP Azure Policy	Azure Policy definitions: 143 • if: 133 • then.deployment: 23 • then.details: 0 • then.existenceCondition: 1 • then.operations: 0
RP RBAC operations	RP RBAC operations: 212 • RP RBAC operationType action: 68 • RP RBAC operationType delete: 24 • RP RBAC operationType read: 77 • RP RBAC operationType write: 43
RP RBAC Roles & Operation actions	Unique RBAC Roles: 65 • RBAC Roles with action operationType: 36 • RBAC Roles with delete operationType: 20 • RBAC Roles with read operationType: 60 • RBAC Roles with write operationType: 29
RP related 1st party Service Principals	RP related 1st party Service Principals: 6 • Storage Resource Provider (appId: a6aa9161-5291-40bb-8c5c-923b567bee3b) [ JSON;CSV] • Storage Data Management RP Prod FPA (appId: 3a3b6b87-84e2-4ad2-aa37-d76c339371a4) [ JSON;CSV] • Azure Storage Insights Resource Provider (Azure Storage Discovery Resource Provider) (appId: b15f3d14-f6d1-4c0d-93da-d4136c97f006) [ JSON;CSV] • Azure Storage Actions Resource Provider Service (appId: 7d3471e1-ec8b-4655-92f3-bb331362b5ae) [ JSON;CSV] • Azure Storage (appId: e406a681-f3d4-42a8-90b6-c2b029497af1) [ JSON;CSV] • Azure Files (appId: 69dda2a9-33ca-4ed0-83fb-a9b7b8973ff4) [ JSON;CSV]
All Azure RPs	• Microsoft Learn • AzResourceTypesAdvertizer (Microsoft only)

Resource provider (RP) - Microsoft Storage [Microsoft.Storage]

Microsoft.Storage

RP display name

Microsoft Storage

RP Resource types

Resource types: 77

RP aliases

RP aliases: 576

RP Azure Policy

Azure Policy definitions: 143
• if: 133
• then.deployment: 23
• then.details: 0
• then.existenceCondition: 1
• then.operations: 0

RP RBAC operations

RP RBAC operations: 212
• RP RBAC operationType action: 68
• RP RBAC operationType delete: 24
• RP RBAC operationType read: 77
• RP RBAC operationType write: 43

RP RBAC Roles & Operation actions

Unique RBAC Roles: 65
• RBAC Roles with action operationType: 36
• RBAC Roles with delete operationType: 20
• RBAC Roles with read operationType: 60
• RBAC Roles with write operationType: 29

RP related 1st party Service Principals

RP related 1st party Service Principals: 6
• Storage Resource Provider (appId: a6aa9161-5291-40bb-8c5c-923b567bee3b) [ JSON;CSV]
• Storage Data Management RP Prod FPA (appId: 3a3b6b87-84e2-4ad2-aa37-d76c339371a4) [ JSON;CSV]
• Azure Storage Insights Resource Provider (Azure Storage Discovery Resource Provider) (appId: b15f3d14-f6d1-4c0d-93da-d4136c97f006) [ JSON;CSV]
• Azure Storage Actions Resource Provider Service (appId: 7d3471e1-ec8b-4655-92f3-bb331362b5ae) [ JSON;CSV]
• Azure Storage (appId: e406a681-f3d4-42a8-90b6-c2b029497af1) [ JSON;CSV]
• Azure Files (appId: 69dda2a9-33ca-4ed0-83fb-a9b7b8973ff4) [ JSON;CSV]

All Azure RPs

• Microsoft Learn
• AzResourceTypesAdvertizer (Microsoft only)

RT information

microsoft.storage/storageaccounts

RT display name

Storage Accounts

RT type only
(without RP)

storageAccounts

RT sub- Resource types

sub-Resource types: 58

RT schema

RT schema API versions: 26

• 2024-01-01
• 2023-05-01
• 2023-04-01
• 2023-01-01
• 2022-09-01
• 2022-05-01
• 2021-09-01
• 2021-08-01
• 2021-06-01
• 2021-04-01
• 2021-02-01
• 2021-01-01
• 2020-08-01-preview
• 2019-06-01
• 2019-04-01
• 2018-11-01
• 2018-07-01
• 2018-03-01-preview
• 2018-02-01
• 2017-10-01
• 2017-06-01
• 2016-12-01
• 2016-05-01
• 2016-01-01
• 2015-06-15
• 2015-05-01-preview

All Microsoft Azure RTs

AzResourceTypesAdvertizer

Aliases and Azure Policy

Aliases

aliases: 150

Azure Policy

Azure Policy definitions: 113
• if: 99
• then.deployment: 21
• then.details: 0
• then.existenceCondition: 1
• then.operations: 0

RBAC Operations and Roles & Roles related operation actions

RBAC operations

RBAC operations: 19
• RBAC operationType action: 16
• RBAC operationType delete: 1
• RBAC operationType read: 1
• RBAC operationType write: 1

RBAC Roles & Operation actions

Unique RBAC Roles: 45
• RBAC Roles with action operationType: 7
• RBAC Roles with delete operationType: 10
• RBAC Roles with read operationType: 43
• RBAC Roles with write operationType: 15

Capabilities & Locations

Diagnostic logs

False

Azure Resource Diagnostic settings metrics

Diagnostic metrics

True
metrics

Customer-managed key (CMK) [experimental]

True
• Microsoft Learn
• Enforce Encryption with a customer-managed key (CMK) at scale

System-Assigned-Resource-Identity

True

Cross-ResourceGroup-Resource-Move

True

Cross-Subscription-Resource-Move

True

Tags

True

Extension

False

Private-Endpoint

True

Supported Locations for Private-Endpoint

Supported Locations for Private-Endpoint: 44
australiacentral, australiaeast, australiasoutheast, brazilsouth, canadacentral, canadaeast, centralindia, centralus, eastasia, eastus, eastus2, francecentral, germanywestcentral, indonesiacentral, israelcentral, italynorth, japaneast, japanwest, jioindiawest, koreacentral, koreasouth, mexicocentral, newzealandnorth, northcentralus, northeurope, norwayeast, polandcentral, qatarcentral, southafricanorth, southcentralus, southeastasia, southindia, spaincentral, swedencentral, switzerlandnorth, uaenorth, uksouth, ukwest, westcentralus, westeurope, westindia, westus, westus2, westus3

Non supported Locations for Private-Endpoint

Non supported Locations for Private-Endpoint: 14
brazilus, eastusstg, centraluseuap, eastus2euap, southcentralusstg, southafricawest, australiacentral2, jioindiacentral, francesouth, germanynorth, norwaywest, switzerlandwest, uaecentral, brazilsoutheast

Location

True

Locations

Locations: 43
australiacentral, australiaeast, australiasoutheast, brazilsouth, canadacentral, canadaeast, centralindia, centralus, eastasia, eastus, eastus2, francecentral, germanywestcentral, indonesiacentral, israelcentral, italynorth, japaneast, japanwest, koreacentral, koreasouth, mexicocentral, newzealandnorth, northcentralus, northeurope, norwayeast, polandcentral, qatarcentral, southafricanorth, southcentralus, southeastasia, southindia, spaincentral, swedencentral, switzerlandnorth, uaenorth, uksouth, ukwest, westcentralus, westeurope, westindia, westus, westus2, westus3

Not locations

Not locations: 54
asia, asiapacific, australia, australiacentral2, brazil, brazilsoutheast, brazilus, canada, centraluseuap, centralusstage, eastasiastage, eastus2euap, eastus2stage, eastusstage, eastusstg, europe, france, francesouth, germany, germanynorth, global, india, indonesia, israel, italy, japan, jioindiacentral, jioindiawest, korea, mexico, newzealand, northcentralusstage, norway, norwaywest, poland, qatar, singapore, southafrica, southafricawest, southcentralusstage, southcentralusstg, southeastasiastage, spain, sweden, switzerland, switzerlandwest, taiwan, uae, uaecentral, uk, unitedstates, unitedstateseuap, westus2stage, westusstage

Assessment tooling

Azure Advisor

Azure Advisor recommendations: 26

• Cost [Medium] Based on your high transactions/TB ratio, there's a possibility that premium storage might be more cost effective in addition to being performant for your scenario. More details on pricing for premium and standard accounts can be found here
• Cost [Medium] Revisit retention policy for classic log data in storage accounts
• HighAvailability [High] Use Managed Disks for storage accounts reaching capacity limit
• HighAvailability [Medium] Configure blob backup
• HighAvailability [Medium] Enable Soft Delete to protect your blob data
• OperationalExcellence [High] Prevent hitting subscription limit for maximum storage accounts
• Performance [High] Increase provisioned size of premium file share to avoid throttling of requests
• Performance [Medium] Convert Unmanaged Disks from Standard HDD to Premium SSD for performance
• Performance [Medium] Enable SMB Multichannel for storage account
• Performance [Medium] No Snapshots Detected
• Performance [Medium] Upgrade to Standard SSD Disks for consistent and improved performance
• Performance [Medium] Upgrade your Storage Client Library to the latest version for better reliability and performance
• Performance [Medium] Upgrade your Storage Client Library to the latest version for better reliability and performance
• Performance [Medium] Use premium performance block blob storage
• Performance [Medium] Use Put Blob for blobs smaller than 256 MB
• Security [High] Secure transfer to storage accounts should be enabled
• Security [Low] [Enable if required] Storage accounts should use customer-managed key (CMK) for encryption
• Security [Low] Access to storage accounts with firewall and virtual network configurations should be restricted
• Security [Low] Storage accounts should be migrated to new Azure Resource Manager resources
• Security [Medium] Storage account public access should be disallowed
• Security [Medium] Storage account should use a private link connection
• Security [Medium] Storage account should use a private link connection
• Security [Medium] Storage accounts should prevent shared key access
• Security [Medium] Storage accounts should prevent shared key access
• Security [Medium] Storage accounts should restrict network access using virtual network rules
• Security [Medium] Storage accounts should restrict network access using virtual network rules

Azure Proactive Resilience Library v2 (APRLv2)

Azure Proactive Resilience Library v2 recommendations: 6
• DisasterRecovery [Low] Enable versioning for accidental modification and keep the number of versions below 1000
• DisasterRecovery [Low] Enable point-in-time restore for GPv2 accounts to safeguard against data loss
• DisasterRecovery [Medium] Enable Soft Delete to protect your data
• HighAvailability [High] Ensure that storage accounts are zone or region redundant
• MonitoringAndAlerting [Low] Monitor all blob storage accounts
• Scalability [Low] Consider upgrading legacy storage accounts to v2 storage accounts

PSRule for Azure

PSRule for Azure rules: 13

• Operational Excellence [Awareness] Use valid storage account names
• Reliability [Important] Storage Account is available in a single zone
• Reliability [Important] Use blob soft delete
• Reliability [Important] Use container soft delete
• Reliability [Important] Use soft delete on files shares
• Security [Critical] Enable Microsoft Defender
• Security [Critical] Malware Scanning
• Security [Critical] Sensitive data threat detection
• Security [Critical] Use secure protocols for Storage Accounts
• Security [Important] Configure Azure Storage firewall
• Security [Important] Disallow anonymous access to blob service
• Security [Important] Enforce encrypted Storage connections
• Security [Important] Use private blob containers

Azure Quick Review (AZQR)

Azure Quick Review (AZQR) recommendations: 11

• DisasterRecovery [Low] Storage Account should have inmutable storage versioning enabled
• DisasterRecovery [Medium] Storage Account should have soft delete enabled
• Governance [Low] Storage Account should have tags
• Governance [Low] Storage Name should comply with naming conventions
• HighAvailability [High] Ensure that storage accounts are zone or region redundant
• HighAvailability [High] Storage should have a SLA
• MonitoringAndAlerting [Low] Storage should have diagnostic settings enabled
• Scalability [Low] Consider upgrading legacy storage accounts to v2 storage accounts
• Security [High] Storage Account should use HTTPS only
• Security [Low] Storage Account should enforce TLS >= 1.2
• Security [Medium] Enable Azure Private Link service for storage accounts

Infrastructure as Code (IaC)

ARM (Azure Resource Manager) templates

ARM (Azure Resource Manager) template API versions: 26
• latest

Bicep templates

Bicep template API versions: 26
• latest

Terraform provider

Terraform providers: 7
• security_center_storage_defender
• storage_account
• storage_account_customer_managed_key
• storage_account_network_rules
• storage_account_queue_properties
• storage_account_static_website
• storage_blob_inventory_policy

AzAPI Terraform templates

AzAPI Terraform template API versions: 26
• latest

Pulumi provider

Pulumi providers: 1
• storage/storageaccount

OpenTofu provider

OpenTofu TF providers: 7
• security_center_storage_defender
• storage_account
• storage_account_customer_managed_key
• storage_account_network_rules
• storage_account_queue_properties
• storage_account_static_website
• storage_blob_inventory_policy

Azure Verified Modules (AVM) Bicep

Storage Account

Azure Verified Modules (AVM) Terraform

• GitHub: Storage Account
• Terraform registry: Storage Account

REST-API (Representational State Transfer - Application Programming Interface)

REST-API versions

REST-API versions: 27

• 2024-01-01
• 2023-05-01
• 2023-04-01
• 2023-01-01
• 2022-09-01
• 2022-05-01
• 2021-09-01
• 2021-08-01
• 2021-06-01
• 2021-05-01
• 2021-04-01
• 2021-02-01
• 2021-01-01
• 2020-08-01-preview
• 2019-06-01
• 2019-04-01
• 2018-11-01
• 2018-07-01
• 2018-03-01-preview
• 2018-02-01
• 2017-10-01
• 2017-06-01
• 2016-12-01
• 2016-05-01
• 2016-01-01
• 2015-06-15
• 2015-05-01-preview

REST-API version default

2024-01-01

API profiles

API profiles: 5
• 2017-10-01;2019-03-01-hybrid
• 2017-10-01
• 2017-03-09-profile
• 2016-01-01;2018-06-01-profile
• 2016-01-01;2018-03-01-hybrid

Resource naming

Azure Naming Tool

The Azure Naming Tool was created to help administrators define and manage their naming conventions, while providing a simple interface for users to generate a compliant name.

Resource naming details

[
  {
    "property": "VM Storage Account",
    "ShortName": "stvm",
    "scope": "global",
    "lengthMin": "3",
    "lengthMax": "24",
    "validText": "Lowercase letters and numbers.",
    "invalidText": "",
    "invalidCharacters": "",
    "invalidCharactersStart": "",
    "invalidCharactersEnd": "",
    "invalidCharactersConsecutive": "",
    "regx": "^[a-z0-9]{3,24}$",
    "staticValues": ""
  },
  {
    "property": "",
    "ShortName": "st",
    "scope": "global",
    "lengthMin": "3",
    "lengthMax": "24",
    "validText": "Lowercase letters and numbers.",
    "invalidText": "",
    "invalidCharacters": "",
    "invalidCharactersStart": "",
    "invalidCharactersEnd": "",
    "invalidCharactersConsecutive": "",
    "regx": "^[a-z0-9]{3,24}$",
    "staticValues": ""
  }
]

Storage Accounts - Microsoft Azure Resource typemicrosoft.storage/storageaccounts

Storage Accounts - Microsoft Azure Resource type
microsoft.storage/storageaccounts