storageAccounts
Summary
Details
Ensure that storage accounts are zone or region redundant
Impact: High Category: High Availability
APRL GUID: e6c7e1cc-2f47-264d-aa50-1da421314472
Description:
Redundancy ensures storage accounts meet availability and durability targets amidst failures, weighing lower costs against higher availability. Locally redundant storage offers the least durability at the lowest cost.
Potential Benefits:
High availability and durability for storage
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// Azure Resource Graph Query
// This query will return all storage accounts that are not using Zone or Region replication
Resources
| where type =~ "Microsoft.Storage/storageAccounts"
| where location in~ ("australiaeast", "brazilsouth", "canadacentral", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "germanywestcentral", "israelcentral", "italynorth", "japaneast", "japanwest", "koreacentral", "mexicocentral", "newzealandnorth", "northeurope", "norwayeast", "polandcentral", "qatarcentral", "southafricanorth", "southcentralus", "southeastasia", "spaincentral", "swedencentral", "switzerlandnorth", "uaenorth", "uksouth", "westeurope", "westus2", "westus3", "usgovvirginia", "chinanorth3")
| where sku.name in~ ("Standard_LRS", "Premium_LRS")
| project recommendationId = "e6c7e1cc-2f47-264d-aa50-1da421314472", name, id, tags, param1 = strcat("sku: ", sku.name)
Classic Storage Accounts must be migrated to new Azure Resource Manager resources
Impact: High Category: Service Upgrade and Retirement
APRL GUID: 63ad027e-611c-294b-acc5-8e3234db9a40
Description:
Classic storage accounts will be fully retired on August 31, 2024. If you have classic storage accounts, start planning your migration now.
Potential Benefits:
Avoids service retirement issues
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// Azure Resource Graph Query
// Find all Azure classic Storage Account
resources
| where type =~ 'microsoft.classicstorage/storageaccounts'
| project recommendationId = '63ad027e-611c-294b-acc5-8e3234db9a40', name, id, tags, param1=type
Enable Soft Delete to protect your data
Impact: Medium Category: Disaster Recovery
APRL GUID: 03263c57-c869-3841-9e0a-3dbb9ef3e28d
Description:
The soft delete option enables data recovery if mistakenly deleted, while the Lock feature prevents the accidental deletion of the storage account itself, ensuring additional security and data integrity measures.
Potential Benefits:
Prevents accidental data/account loss
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// under-development
Enable versioning for accidental modification and keep the number of versions below 1000
Impact: Low Category: Disaster Recovery
APRL GUID: 8ebda7c0-e0e1-ed45-af59-2d7ea9a1c05d
Description:
Consider enabling versioning for Azure Storage Accounts to recover from accidental modifications or deletions and manage blob operation latency. Microsoft advises maintaining fewer than 1000 versions per blob to optimize performance. Lifecycle management can help delete old versions automatically.
Potential Benefits:
Recover data, manage latency
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// under-development
Enable point-in-time restore for GPv2 accounts to safeguard against data loss
Impact: Low Category: Disaster Recovery
APRL GUID: 1b965cb9-7629-214e-b682-6bf6e450a100
Description:
Consider enabling point-in-time restore for standard general purpose v2 accounts with flat namespace to protect against accidental deletion or corruption by restoring block blob data to an earlier state.
Potential Benefits:
Protects data from loss/corruption
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// under-development
Monitor all blob storage accounts
Impact: Low Category: Monitoring and Alerting
APRL GUID: 96cb8331-6b06-8242-8ce8-4e2f665dc679
Description:
For critical applications and business processes relying on Azure, monitoring and alerts are crucial. Resource logs are only stored after creating a diagnostic setting to route logs to specified locations, requiring selection of log categories to collect.
Potential Benefits:
Enhanced alerting and log analysis
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// under-development
Consider upgrading legacy storage accounts to v2 storage accounts
Impact: Low Category: Scalability
APRL GUID: 2ad78dec-5a4d-4a30-8fd1-8584335ad781
Description:
General-purpose v2 accounts are recommended for most storage scenarios offering the latest features or the lowest per-gigabyte pricing. Legacy accounts like Standard general-purpose v1 and Blob Storage aren't advised by Microsoft but may fit specific scenarios.
Potential Benefits:
Latest features, lowest cost
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// Azure Resource Graph Query
// Find all Azure Storage Accounts, that upgradeable to General purpose v2.
Resources
| where type =~ "Microsoft.Storage/storageAccounts" and kind in~ ("Storage", "BlobStorage")
| extend
param1 = strcat("AccountKind: ", case(kind =~ "Storage", "Storage (general purpose v1)", kind =~ "BlobStorage", "BlobStorage", kind)),
param2 = strcat("Performance: ", sku.tier),
param3 = strcat("Replication: ", sku.name)
| project recommendationId = "2ad78dec-5a4d-4a30-8fd1-8584335ad781", name, id, tags, param1, param2, param3