Storage Accounts - List

Lists all the storage accounts available under the subscription. Note that storage keys are not returned; use the ListKeys operation for this.

GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Storage/storageAccounts?api-version=2022-09-01

URI Parameters

Name In Required Type Description
subscriptionId
path True
  • string

The ID of the target subscription.

api-version
query True
  • string

The API version to use for this operation.

Responses

Name Type Description
200 OK

OK -- List of storage accounts was retrieved and returned successfully.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

StorageAccountList

Sample Request

GET https://management.azure.com/subscriptions/{subscription-id}/providers/Microsoft.Storage/storageAccounts?api-version=2022-09-01

Sample Response

{
  "value": [
    {
      "id": "/subscriptions/{subscription-id}/resourceGroups/res2627/providers/Microsoft.Storage/storageAccounts/sto1125",
      "kind": "Storage",
      "location": "eastus",
      "name": "sto1125",
      "properties": {
        "isHnsEnabled": true,
        "creationTime": "2017-05-24T13:28:53.4540398Z",
        "primaryEndpoints": {
          "web": "https://sto1125.web.core.windows.net/",
          "dfs": "https://sto1125.dfs.core.windows.net/",
          "blob": "https://sto1125.blob.core.windows.net/",
          "file": "https://sto1125.file.core.windows.net/",
          "queue": "https://sto1125.queue.core.windows.net/",
          "table": "https://sto1125.table.core.windows.net/",
          "microsoftEndpoints": {
            "web": "https://sto1125-microsoftrouting.web.core.windows.net/",
            "dfs": "https://sto1125-microsoftrouting.dfs.core.windows.net/",
            "blob": "https://sto1125-microsoftrouting.blob.core.windows.net/",
            "file": "https://sto1125-microsoftrouting.file.core.windows.net/",
            "queue": "https://sto1125-microsoftrouting.queue.core.windows.net/",
            "table": "https://sto1125-microsoftrouting.table.core.windows.net/"
          },
          "internetEndpoints": {
            "web": "https://sto1125-internetrouting.web.core.windows.net/",
            "dfs": "https://sto1125-internetrouting.dfs.core.windows.net/",
            "blob": "https://sto1125-internetrouting.blob.core.windows.net/",
            "file": "https://sto1125-internetrouting.file.core.windows.net/"
          }
        },
        "primaryLocation": "eastus",
        "provisioningState": "Succeeded",
        "routingPreference": {
          "routingChoice": "MicrosoftRouting",
          "publishMicrosoftEndpoints": true,
          "publishInternetEndpoints": true
        },
        "encryption": {
          "services": {
            "file": {
              "keyType": "Account",
              "enabled": true,
              "lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
            },
            "blob": {
              "keyType": "Account",
              "enabled": true,
              "lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
            }
          },
          "keySource": "Microsoft.Storage"
        },
        "secondaryLocation": "centraluseuap",
        "statusOfPrimary": "available",
        "statusOfSecondary": "available",
        "supportsHttpsTrafficOnly": false
      },
      "sku": {
        "name": "Standard_GRS",
        "tier": "Standard"
      },
      "tags": {
        "key1": "value1",
        "key2": "value2"
      },
      "type": "Microsoft.Storage/storageAccounts"
    },
    {
      "id": "/subscriptions/{subscription-id}/resourceGroups/testcmk3/providers/Microsoft.Storage/storageAccounts/sto3699",
      "identity": {
        "principalId": "356d057d-cba5-44dd-8a30-b2e547bc416b",
        "tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
        "type": "SystemAssigned"
      },
      "kind": "Storage",
      "location": "eastus",
      "name": "sto3699",
      "properties": {
        "creationTime": "2017-05-24T10:06:30.6093014Z",
        "primaryEndpoints": {
          "blob": "https://sto3699.blob.core.windows.net/",
          "file": "https://sto3699.file.core.windows.net/",
          "queue": "https://sto3699.queue.core.windows.net/",
          "table": "https://sto3699.table.core.windows.net/"
        },
        "primaryLocation": "eastus",
        "provisioningState": "Succeeded",
        "secondaryLocation": "centraluseuap",
        "statusOfPrimary": "available",
        "statusOfSecondary": "available",
        "supportsHttpsTrafficOnly": false
      },
      "sku": {
        "name": "Standard_GRS",
        "tier": "Standard"
      },
      "tags": {
        "key1": "value1",
        "key2": "value2"
      },
      "type": "Microsoft.Storage/storageAccounts"
    },
    {
      "id": "/subscriptions/{subscription-id}/resourceGroups/res9407/providers/Microsoft.Storage/storageAccounts/sto8596",
      "identity": {
        "principalId": "911871cc-ffd1-4fc4-ac11-7a316433ea66",
        "tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
        "type": "SystemAssigned"
      },
      "kind": "Storage",
      "location": "eastus2(stage)",
      "name": "sto8596",
      "properties": {
        "geoReplicationStats": {
          "status": "Live",
          "lastSyncTime": "2018-10-30T00:25:34Z",
          "canFailover": true
        },
        "isHnsEnabled": true,
        "creationTime": "2017-06-01T02:42:41.7633306Z",
        "networkAcls": {
          "resourceAccessRules": [
            {
              "tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
              "resourceId": "/subscriptions/a7e99807-abbf-4642-bdec-2c809a96a8bc/resourceGroups/res9407/providers/Microsoft.Synapse/workspaces/testworkspace"
            }
          ],
          "bypass": "AzureServices",
          "defaultAction": "Allow",
          "ipRules": [],
          "virtualNetworkRules": []
        },
        "primaryEndpoints": {
          "web": "https://sto8596.web.core.windows.net/",
          "dfs": "https://sto8596.dfs.core.windows.net/",
          "blob": "https://sto8596.blob.core.windows.net/",
          "file": "https://sto8596.file.core.windows.net/",
          "queue": "https://sto8596.queue.core.windows.net/",
          "table": "https://sto8596.table.core.windows.net/",
          "microsoftEndpoints": {
            "web": "https://sto8596-microsoftrouting.web.core.windows.net/",
            "dfs": "https://sto8596-microsoftrouting.dfs.core.windows.net/",
            "blob": "https://sto8596-microsoftrouting.blob.core.windows.net/",
            "file": "https://sto8596-microsoftrouting.file.core.windows.net/",
            "queue": "https://sto8596-microsoftrouting.queue.core.windows.net/",
            "table": "https://sto8596-microsoftrouting.table.core.windows.net/"
          },
          "internetEndpoints": {
            "web": "https://sto8596-internetrouting.web.core.windows.net/",
            "dfs": "https://sto8596-internetrouting.dfs.core.windows.net/",
            "blob": "https://sto8596-internetrouting.blob.core.windows.net/",
            "file": "https://sto8596-internetrouting.file.core.windows.net/"
          }
        },
        "primaryLocation": "eastus2(stage)",
        "provisioningState": "Succeeded",
        "routingPreference": {
          "routingChoice": "MicrosoftRouting",
          "publishMicrosoftEndpoints": true,
          "publishInternetEndpoints": true
        },
        "encryption": {
          "services": {
            "file": {
              "keyType": "Account",
              "enabled": true,
              "lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
            },
            "blob": {
              "keyType": "Account",
              "enabled": true,
              "lastEnabledTime": "2019-12-11T20:49:31.7036140Z"
            }
          },
          "keySource": "Microsoft.Keyvault",
          "keyvaultproperties": {
            "keyvaulturi": "https://myvault8569.vault.azure.net",
            "keyname": "wrappingKey",
            "keyversion": "",
            "currentVersionedKeyIdentifier": "https://myvault8569.vault.azure.net/keys/wrappingKey/0682afdd9c104f4285df20107e956cad",
            "lastKeyRotationTimestamp": "2019-12-13T20:36:23.7023290Z"
          }
        },
        "secondaryLocation": "northcentralus(stage)",
        "statusOfPrimary": "available",
        "statusOfSecondary": "available",
        "supportsHttpsTrafficOnly": false
      },
      "sku": {
        "name": "Standard_GRS",
        "tier": "Standard"
      },
      "tags": {
        "key1": "value1",
        "key2": "value2"
      },
      "type": "Microsoft.Storage/storageAccounts"
    },
    {
      "id": "/subscriptions/{subscription-id}/resourceGroups/testcmk3/providers/Microsoft.Storage/storageAccounts/sto6637",
      "identity": {
        "principalId": "911871cc-ffd1-4fc4-ac11-7a316433ea66",
        "tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
        "type": "SystemAssigned"
      },
      "kind": "Storage",
      "location": "eastus",
      "name": "sto6637",
      "properties": {
        "creationTime": "2017-05-24T10:09:39.5625175Z",
        "primaryEndpoints": {
          "blob": "https://sto6637.blob.core.windows.net/",
          "file": "https://sto6637.file.core.windows.net/",
          "queue": "https://sto6637.queue.core.windows.net/",
          "table": "https://sto6637.table.core.windows.net/"
        },
        "primaryLocation": "eastus",
        "provisioningState": "Succeeded",
        "secondaryLocation": "centraluseuap",
        "statusOfPrimary": "available",
        "statusOfSecondary": "available",
        "supportsHttpsTrafficOnly": false
      },
      "sku": {
        "name": "Standard_GRS",
        "tier": "Standard"
      },
      "tags": {
        "key1": "value1",
        "key2": "value2"
      },
      "type": "Microsoft.Storage/storageAccounts"
    },
    {
      "id": "/subscriptions/{subscription-id}/resourceGroups/res8186/providers/Microsoft.Storage/storageAccounts/sto834",
      "kind": "Storage",
      "location": "eastus",
      "name": "sto834",
      "properties": {
        "creationTime": "2017-05-24T13:28:20.8686541Z",
        "primaryEndpoints": {
          "blob": "https://sto834.blob.core.windows.net/",
          "file": "https://sto834.file.core.windows.net/",
          "queue": "https://sto834.queue.core.windows.net/",
          "table": "https://sto834.table.core.windows.net/"
        },
        "primaryLocation": "eastus",
        "provisioningState": "Succeeded",
        "secondaryLocation": "centraluseuap",
        "statusOfPrimary": "available",
        "statusOfSecondary": "available",
        "supportsHttpsTrafficOnly": false
      },
      "sku": {
        "name": "Standard_GRS",
        "tier": "Standard"
      },
      "tags": {
        "key1": "value1",
        "key2": "value2"
      },
      "type": "Microsoft.Storage/storageAccounts"
    },
    {
      "id": "/subscriptions/{subscription-id}/resourceGroups/testcmk3/providers/Microsoft.Storage/storageAccounts/sto9174",
      "identity": {
        "principalId": "933e3ddf-1802-4a51-9469-18a33b576f88",
        "tenantId": "72f988bf-86f1-41af-91ab-2d7cd011db47",
        "type": "SystemAssigned"
      },
      "kind": "Storage",
      "location": "eastus",
      "name": "sto9174",
      "properties": {
        "creationTime": "2017-05-24T09:46:19.6556989Z",
        "primaryEndpoints": {
          "blob": "https://sto9174.blob.core.windows.net/",
          "file": "https://sto9174.file.core.windows.net/",
          "queue": "https://sto9174.queue.core.windows.net/",
          "table": "https://sto9174.table.core.windows.net/"
        },
        "primaryLocation": "eastus",
        "provisioningState": "Succeeded",
        "secondaryLocation": "centraluseuap",
        "statusOfPrimary": "available",
        "statusOfSecondary": "available",
        "supportsHttpsTrafficOnly": false
      },
      "sku": {
        "name": "Standard_GRS",
        "tier": "Standard"
      },
      "tags": {
        "key1": "value1",
        "key2": "value2"
      },
      "type": "Microsoft.Storage/storageAccounts"
    }
  ]
}

Definitions

AccessTier

Required for storage accounts where kind = BlobStorage. The access tier is used for billing. The 'Premium' access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type.

AccountImmutabilityPolicyProperties

This defines account-level immutability policy properties.

AccountImmutabilityPolicyState

The ImmutabilityPolicy state defines the mode of the policy. Disabled state disables the policy, Unlocked state allows increase and decrease of immutability retention time and also allows toggling allowProtectedAppendWrites property, Locked state only allows the increase of the immutability retention time. A policy can only be created in a Disabled or Unlocked state and can be toggled between the two states. Only a policy in an Unlocked state can transition to a Locked state which cannot be reverted.

AccountStatus

Gets the status indicating whether the primary location of the storage account is available or unavailable.

AccountType

Specifies the Active Directory account type for Azure Storage.

Action

The action of virtual network rule.

ActiveDirectoryProperties

Settings properties for Active Directory (AD).

AllowedCopyScope

Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet.

AzureFilesIdentityBasedAuthentication

Settings for Azure Files identity based authentication.

BlobRestoreParameters

Blob restore parameters

BlobRestoreProgressStatus

The status of blob restore progress. Possible values are: - InProgress: Indicates that blob restore is ongoing. - Complete: Indicates that blob restore has been completed successfully. - Failed: Indicates that blob restore is failed.

BlobRestoreRange

Blob range

BlobRestoreStatus

Blob restore status.

Bypass

Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Possible values are any combination of Logging|Metrics|AzureServices (For example, "Logging, Metrics"), or None to bypass none of those traffics.

CustomDomain

The custom domain assigned to this storage account. This can be set via Update.

DefaultAction

Specifies the default action of allow or deny when no other rules match.

DefaultSharePermission

Default share permission for users using Kerberos authentication if RBAC role is not assigned.

DirectoryServiceOptions

Indicates the directory service used. Note that this enum may be extended in the future.

DnsEndpointType

Allows you to specify the type of endpoint. Set this to AzureDNSZone to create a large number of accounts in a single subscription, which creates accounts in an Azure DNS Zone and the endpoint URL will have an alphanumeric DNS Zone identifier.

Encryption

The encryption settings on the storage account.

EncryptionIdentity

Encryption identity for the storage account.

EncryptionService

A service that allows server-side encryption to be used.

EncryptionServices

A list of services that support encryption.

Endpoints

The URIs that are used to perform a retrieval of a public blob, queue, table, web or dfs object.

ExpirationAction

The SAS expiration action. Can only be Log.

ExtendedLocation

The complex type of the extended location.

ExtendedLocationTypes

The type of the extended location.

GeoReplicationStats

Statistics related to replication for storage account's Blob, Table, Queue and File services. It is only available when geo-redundant replication is enabled for the storage account.

GeoReplicationStatus

The status of the secondary location. Possible values are: - Live: Indicates that the secondary location is active and operational. - Bootstrap: Indicates initial synchronization from the primary location to the secondary location is in progress.This typically occurs when replication is first enabled. - Unavailable: Indicates that the secondary location is temporarily unavailable.

Identity

Identity for the resource.

IdentityType

The identity type.

ImmutableStorageAccount

This property enables and defines account-level immutability. Enabling the feature auto-enables Blob Versioning.

IPRule

IP rule with specific IP or IP range in CIDR format.

KeyCreationTime

Storage account keys creation time.

KeyPolicy

KeyPolicy assigned to the storage account.

KeySource

The encryption keySource (provider). Possible values (case-insensitive): Microsoft.Storage, Microsoft.Keyvault

KeyType

Encryption key type to be used for the encryption service. 'Account' key type implies that an account-scoped encryption key will be used. 'Service' key type implies that a default service key is used.

KeyVaultProperties

Properties of key vault.

Kind

Indicates the type of storage account.

LargeFileSharesState

Allow large file shares if sets to Enabled. It cannot be disabled once it is enabled.

MinimumTlsVersion

Set the minimum TLS version to be permitted on requests to storage. The default interpretation is TLS 1.0 for this property.

NetworkRuleSet

Network rule set

PrivateEndpoint

The Private Endpoint resource.

PrivateEndpointConnection

The Private Endpoint Connection resource.

PrivateEndpointConnectionProvisioningState

The current provisioning state.

PrivateEndpointServiceConnectionStatus

The private endpoint connection status.

PrivateLinkServiceConnectionState

A collection of information about the state of the connection between service consumer and provider.

ProvisioningState

Gets the status of the storage account at the time the operation was called.

PublicNetworkAccess

Allow or disallow public network access to Storage Account. Value is optional but if passed in, must be 'Enabled' or 'Disabled'.

ResourceAccessRule

Resource Access Rule.

RoutingChoice

Routing Choice defines the kind of network routing opted by the user.

RoutingPreference

Routing preference defines the type of network, either microsoft or internet routing to be used to deliver the user data, the default option is microsoft routing

SasPolicy

SasPolicy assigned to the storage account.

Sku

The SKU of the storage account.

SkuConversionStatus

This property indicates the current sku conversion status.

SkuName

The SKU name. Required for account creation; optional for update. Note that in older versions, SKU name was called accountType.

SkuTier

The SKU tier. This is based on the SKU name.

State

Gets the state of virtual network rule.

StorageAccount

The storage account.

StorageAccountInternetEndpoints

The URIs that are used to perform a retrieval of a public blob, file, web or dfs object via a internet routing endpoint.

StorageAccountListResult

The response from the List Storage Accounts operation.

StorageAccountMicrosoftEndpoints

The URIs that are used to perform a retrieval of a public blob, queue, table, web or dfs object via a microsoft routing endpoint.

StorageAccountSkuConversionStatus

This defines the sku conversion status object for asynchronous sku conversions.

UserAssignedIdentity

UserAssignedIdentity for the resource.

VirtualNetworkRule

Virtual Network rule.

AccessTier

Required for storage accounts where kind = BlobStorage. The access tier is used for billing. The 'Premium' access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type.

Name Type Description
Cool
  • string
Hot
  • string
Premium
  • string

AccountImmutabilityPolicyProperties

This defines account-level immutability policy properties.

Name Type Description
allowProtectedAppendWrites
  • boolean

This property can only be changed for disabled and unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted.

immutabilityPeriodSinceCreationInDays
  • integer

The immutability period for the blobs in the container since the policy creation, in days.

state

The ImmutabilityPolicy state defines the mode of the policy. Disabled state disables the policy, Unlocked state allows increase and decrease of immutability retention time and also allows toggling allowProtectedAppendWrites property, Locked state only allows the increase of the immutability retention time. A policy can only be created in a Disabled or Unlocked state and can be toggled between the two states. Only a policy in an Unlocked state can transition to a Locked state which cannot be reverted.

AccountImmutabilityPolicyState

The ImmutabilityPolicy state defines the mode of the policy. Disabled state disables the policy, Unlocked state allows increase and decrease of immutability retention time and also allows toggling allowProtectedAppendWrites property, Locked state only allows the increase of the immutability retention time. A policy can only be created in a Disabled or Unlocked state and can be toggled between the two states. Only a policy in an Unlocked state can transition to a Locked state which cannot be reverted.

Name Type Description
Disabled
  • string
Locked
  • string
Unlocked
  • string

AccountStatus

Gets the status indicating whether the primary location of the storage account is available or unavailable.

Name Type Description
available
  • string
unavailable
  • string

AccountType

Specifies the Active Directory account type for Azure Storage.

Name Type Description
Computer
  • string
User
  • string

Action

The action of virtual network rule.

Name Type Description
Allow
  • string

ActiveDirectoryProperties

Settings properties for Active Directory (AD).

Name Type Description
accountType

Specifies the Active Directory account type for Azure Storage.

azureStorageSid
  • string

Specifies the security identifier (SID) for Azure Storage.

domainGuid
  • string

Specifies the domain GUID.

domainName
  • string

Specifies the primary domain that the AD DNS server is authoritative for.

domainSid
  • string

Specifies the security identifier (SID).

forestName
  • string

Specifies the Active Directory forest to get.

netBiosDomainName
  • string

Specifies the NetBIOS domain name.

samAccountName
  • string

Specifies the Active Directory SAMAccountName for Azure Storage.

AllowedCopyScope

Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet.

Name Type Description
AAD
  • string
PrivateLink
  • string

AzureFilesIdentityBasedAuthentication

Settings for Azure Files identity based authentication.

Name Type Description
activeDirectoryProperties

Required if directoryServiceOptions are AD, optional if they are AADKERB.

defaultSharePermission

Default share permission for users using Kerberos authentication if RBAC role is not assigned.

directoryServiceOptions

Indicates the directory service used. Note that this enum may be extended in the future.

BlobRestoreParameters

Blob restore parameters

Name Type Description
blobRanges

Blob ranges to restore.

timeToRestore
  • string

Restore blob to the specified time.

BlobRestoreProgressStatus

The status of blob restore progress. Possible values are: - InProgress: Indicates that blob restore is ongoing. - Complete: Indicates that blob restore has been completed successfully. - Failed: Indicates that blob restore is failed.

Name Type Description
Complete
  • string
Failed
  • string
InProgress
  • string

BlobRestoreRange

Blob range

Name Type Description
endRange
  • string

Blob end range. This is exclusive. Empty means account end.

startRange
  • string

Blob start range. This is inclusive. Empty means account start.

BlobRestoreStatus

Blob restore status.

Name Type Description
failureReason
  • string

Failure reason when blob restore is failed.

parameters

Blob restore request parameters.

restoreId
  • string

Id for tracking blob restore request.

status

The status of blob restore progress. Possible values are: - InProgress: Indicates that blob restore is ongoing. - Complete: Indicates that blob restore has been completed successfully. - Failed: Indicates that blob restore is failed.

Bypass

Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Possible values are any combination of Logging|Metrics|AzureServices (For example, "Logging, Metrics"), or None to bypass none of those traffics.

Name Type Description
AzureServices
  • string
Logging
  • string
Metrics
  • string
None
  • string

CustomDomain

The custom domain assigned to this storage account. This can be set via Update.

Name Type Description
name
  • string

Gets or sets the custom domain name assigned to the storage account. Name is the CNAME source.

useSubDomainName
  • boolean

Indicates whether indirect CName validation is enabled. Default value is false. This should only be set on updates.

DefaultAction

Specifies the default action of allow or deny when no other rules match.

Name Type Description
Allow
  • string
Deny
  • string

DefaultSharePermission

Default share permission for users using Kerberos authentication if RBAC role is not assigned.

Name Type Description
None
  • string
StorageFileDataSmbShareContributor
  • string
StorageFileDataSmbShareElevatedContributor
  • string
StorageFileDataSmbShareReader
  • string

DirectoryServiceOptions

Indicates the directory service used. Note that this enum may be extended in the future.

Name Type Description
AADDS
  • string
AADKERB
  • string
AD
  • string
None
  • string

DnsEndpointType

Allows you to specify the type of endpoint. Set this to AzureDNSZone to create a large number of accounts in a single subscription, which creates accounts in an Azure DNS Zone and the endpoint URL will have an alphanumeric DNS Zone identifier.

Name Type Description
AzureDnsZone
  • string
Standard
  • string

Encryption

The encryption settings on the storage account.

Name Type Default Value Description
identity

The identity to be used with service-side encryption at rest.

keySource Microsoft.Storage

The encryption keySource (provider). Possible values (case-insensitive): Microsoft.Storage, Microsoft.Keyvault

keyvaultproperties

Properties provided by key vault.

requireInfrastructureEncryption
  • boolean

A boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest.

services

List of services which support encryption.

EncryptionIdentity

Encryption identity for the storage account.

Name Type Description
federatedIdentityClientId
  • string

ClientId of the multi-tenant application to be used in conjunction with the user-assigned identity for cross-tenant customer-managed-keys server-side encryption on the storage account.

userAssignedIdentity
  • string

Resource identifier of the UserAssigned identity to be associated with server-side encryption on the storage account.

EncryptionService

A service that allows server-side encryption to be used.

Name Type Description
enabled
  • boolean

A boolean indicating whether or not the service encrypts the data as it is stored. Encryption at rest is enabled by default today and cannot be disabled.

keyType

Encryption key type to be used for the encryption service. 'Account' key type implies that an account-scoped encryption key will be used. 'Service' key type implies that a default service key is used.

lastEnabledTime
  • string

Gets a rough estimate of the date/time when the encryption was last enabled by the user. Data is encrypted at rest by default today and cannot be disabled.

EncryptionServices

A list of services that support encryption.

Name Type Description
blob

The encryption function of the blob storage service.

file

The encryption function of the file storage service.

queue

The encryption function of the queue storage service.

table

The encryption function of the table storage service.

Endpoints

The URIs that are used to perform a retrieval of a public blob, queue, table, web or dfs object.

Name Type Description
blob
  • string

Gets the blob endpoint.

dfs
  • string

Gets the dfs endpoint.

file
  • string

Gets the file endpoint.

internetEndpoints

Gets the internet routing storage endpoints

microsoftEndpoints

Gets the microsoft routing storage endpoints.

queue
  • string

Gets the queue endpoint.

table
  • string

Gets the table endpoint.

web
  • string

Gets the web endpoint.

ExpirationAction

The SAS expiration action. Can only be Log.

Name Type Description
Log
  • string

ExtendedLocation

The complex type of the extended location.

Name Type Description
name
  • string

The name of the extended location.

type

The type of the extended location.

ExtendedLocationTypes

The type of the extended location.

Name Type Description
EdgeZone
  • string

GeoReplicationStats

Statistics related to replication for storage account's Blob, Table, Queue and File services. It is only available when geo-redundant replication is enabled for the storage account.

Name Type Description
canFailover
  • boolean

A boolean flag which indicates whether or not account failover is supported for the account.

lastSyncTime
  • string

All primary writes preceding this UTC date/time value are guaranteed to be available for read operations. Primary writes following this point in time may or may not be available for reads. Element may be default value if value of LastSyncTime is not available, this can happen if secondary is offline or we are in bootstrap.

status

The status of the secondary location. Possible values are: - Live: Indicates that the secondary location is active and operational. - Bootstrap: Indicates initial synchronization from the primary location to the secondary location is in progress.This typically occurs when replication is first enabled. - Unavailable: Indicates that the secondary location is temporarily unavailable.

GeoReplicationStatus

The status of the secondary location. Possible values are: - Live: Indicates that the secondary location is active and operational. - Bootstrap: Indicates initial synchronization from the primary location to the secondary location is in progress.This typically occurs when replication is first enabled. - Unavailable: Indicates that the secondary location is temporarily unavailable.

Name Type Description
Bootstrap
  • string
Live
  • string
Unavailable
  • string

Identity

Identity for the resource.

Name Type Description
principalId
  • string

The principal ID of resource identity.

tenantId
  • string

The tenant ID of resource.

type

The identity type.

userAssignedIdentities

Gets or sets a list of key value pairs that describe the set of User Assigned identities that will be used with this storage account. The key is the ARM resource identifier of the identity. Only 1 User Assigned identity is permitted here.

IdentityType

The identity type.

Name Type Description
None
  • string
SystemAssigned
  • string
SystemAssigned,UserAssigned
  • string
UserAssigned
  • string

ImmutableStorageAccount

This property enables and defines account-level immutability. Enabling the feature auto-enables Blob Versioning.

Name Type Description
enabled
  • boolean

A boolean flag which enables account-level immutability. All the containers under such an account have object-level immutability enabled by default.

immutabilityPolicy

Specifies the default account-level immutability policy which is inherited and applied to objects that do not possess an explicit immutability policy at the object level. The object-level immutability policy has higher precedence than the container-level immutability policy, which has a higher precedence than the account-level immutability policy.

IPRule

IP rule with specific IP or IP range in CIDR format.

Name Type Default Value Description
action Allow

The action of IP ACL rule.

value
  • string

Specifies the IP or IP range in CIDR format. Only IPV4 address is allowed.

KeyCreationTime

Storage account keys creation time.

Name Type Description
key1
  • string
key2
  • string

KeyPolicy

KeyPolicy assigned to the storage account.

Name Type Description
keyExpirationPeriodInDays
  • integer

The key expiration period in days.

KeySource

The encryption keySource (provider). Possible values (case-insensitive): Microsoft.Storage, Microsoft.Keyvault

Name Type Description
Microsoft.Keyvault
  • string
Microsoft.Storage
  • string

KeyType

Encryption key type to be used for the encryption service. 'Account' key type implies that an account-scoped encryption key will be used. 'Service' key type implies that a default service key is used.

Name Type Description
Account
  • string
Service
  • string

KeyVaultProperties

Properties of key vault.

Name Type Description
currentVersionedKeyExpirationTimestamp
  • string

This is a read only property that represents the expiration time of the current version of the customer managed key used for encryption.

currentVersionedKeyIdentifier
  • string

The object identifier of the current versioned Key Vault Key in use.

keyname
  • string

The name of KeyVault key.

keyvaulturi
  • string

The Uri of KeyVault.

keyversion
  • string

The version of KeyVault key.

lastKeyRotationTimestamp
  • string

Timestamp of last rotation of the Key Vault Key.

Kind

Indicates the type of storage account.

Name Type Description
BlobStorage
  • string
BlockBlobStorage
  • string
FileStorage
  • string
Storage
  • string
StorageV2
  • string

LargeFileSharesState

Allow large file shares if sets to Enabled. It cannot be disabled once it is enabled.

Name Type Description
Disabled
  • string
Enabled
  • string

MinimumTlsVersion

Set the minimum TLS version to be permitted on requests to storage. The default interpretation is TLS 1.0 for this property.

Name Type Description
TLS1_0
  • string
TLS1_1
  • string
TLS1_2
  • string

NetworkRuleSet

Network rule set

Name Type Default Value Description
bypass AzureServices

Specifies whether traffic is bypassed for Logging/Metrics/AzureServices. Possible values are any combination of Logging|Metrics|AzureServices (For example, "Logging, Metrics"), or None to bypass none of those traffics.

defaultAction Allow

Specifies the default action of allow or deny when no other rules match.

ipRules

Sets the IP ACL rules

resourceAccessRules

Sets the resource access rules

virtualNetworkRules

Sets the virtual network rules

PrivateEndpoint

The Private Endpoint resource.

Name Type Description
id
  • string

The ARM identifier for Private Endpoint

PrivateEndpointConnection

The Private Endpoint Connection resource.

Name Type Description
id
  • string

Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}

name
  • string

The name of the resource

properties.privateEndpoint

The resource of private end point.

properties.privateLinkServiceConnectionState

A collection of information about the state of the connection between service consumer and provider.

properties.provisioningState

The provisioning state of the private endpoint connection resource.

type
  • string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

PrivateEndpointConnectionProvisioningState

The current provisioning state.

Name Type Description
Creating
  • string
Deleting
  • string
Failed
  • string
Succeeded
  • string

PrivateEndpointServiceConnectionStatus

The private endpoint connection status.

Name Type Description
Approved
  • string
Pending
  • string
Rejected
  • string

PrivateLinkServiceConnectionState

A collection of information about the state of the connection between service consumer and provider.

Name Type Description
actionRequired
  • string

A message indicating if changes on the service provider require any updates on the consumer.

description
  • string

The reason for approval/rejection of the connection.

status

Indicates whether the connection has been Approved/Rejected/Removed by the owner of the service.

ProvisioningState

Gets the status of the storage account at the time the operation was called.

Name Type Description
Creating
  • string
ResolvingDNS
  • string
Succeeded
  • string

PublicNetworkAccess

Allow or disallow public network access to Storage Account. Value is optional but if passed in, must be 'Enabled' or 'Disabled'.

Name Type Description
Disabled
  • string
Enabled
  • string

ResourceAccessRule

Resource Access Rule.

Name Type Description
resourceId
  • string

Resource Id

tenantId
  • string

Tenant Id

RoutingChoice

Routing Choice defines the kind of network routing opted by the user.

Name Type Description
InternetRouting
  • string
MicrosoftRouting
  • string

RoutingPreference

Routing preference defines the type of network, either microsoft or internet routing to be used to deliver the user data, the default option is microsoft routing

Name Type Description
publishInternetEndpoints
  • boolean

A boolean flag which indicates whether internet routing storage endpoints are to be published

publishMicrosoftEndpoints
  • boolean

A boolean flag which indicates whether microsoft routing storage endpoints are to be published

routingChoice

Routing Choice defines the kind of network routing opted by the user.

SasPolicy

SasPolicy assigned to the storage account.

Name Type Default Value Description
expirationAction Log

The SAS expiration action. Can only be Log.

sasExpirationPeriod
  • string

The SAS expiration period, DD.HH:MM:SS.

Sku

The SKU of the storage account.

Name Type Description
name

The SKU name. Required for account creation; optional for update. Note that in older versions, SKU name was called accountType.

tier

The SKU tier. This is based on the SKU name.

SkuConversionStatus

This property indicates the current sku conversion status.

Name Type Description
Failed
  • string
InProgress
  • string
Succeeded
  • string

SkuName

The SKU name. Required for account creation; optional for update. Note that in older versions, SKU name was called accountType.

Name Type Description
Premium_LRS
  • string
Premium_ZRS
  • string
Standard_GRS
  • string
Standard_GZRS
  • string
Standard_LRS
  • string
Standard_RAGRS
  • string
Standard_RAGZRS
  • string
Standard_ZRS
  • string

SkuTier

The SKU tier. This is based on the SKU name.

Name Type Description
Premium
  • string
Standard
  • string

State

Gets the state of virtual network rule.

Name Type Description
Deprovisioning
  • string
Failed
  • string
NetworkSourceDeleted
  • string
Provisioning
  • string
Succeeded
  • string

StorageAccount

The storage account.

Name Type Description
extendedLocation

The extendedLocation of the resource.

id
  • string

Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}

identity

The identity of the resource.

kind

Gets the Kind.

location
  • string

The geo-location where the resource lives

name
  • string

The name of the resource

properties.accessTier

Required for storage accounts where kind = BlobStorage. The access tier is used for billing. The 'Premium' access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type.

properties.allowBlobPublicAccess
  • boolean

Allow or disallow public access to all blobs or containers in the storage account. The default interpretation is true for this property.

properties.allowCrossTenantReplication
  • boolean

Allow or disallow cross AAD tenant object replication. The default interpretation is true for this property.

properties.allowSharedKeyAccess
  • boolean

Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Azure AD). The default value is null, which is equivalent to true.

properties.allowedCopyScope

Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet.

properties.azureFilesIdentityBasedAuthentication

Provides the identity based authentication settings for Azure Files.

properties.blobRestoreStatus

Blob restore status

properties.creationTime
  • string

Gets the creation date and time of the storage account in UTC.

properties.customDomain

Gets the custom domain the user assigned to this storage account.

properties.defaultToOAuthAuthentication
  • boolean

A boolean flag which indicates whether the default authentication is OAuth or not. The default interpretation is false for this property.

properties.dnsEndpointType

Allows you to specify the type of endpoint. Set this to AzureDNSZone to create a large number of accounts in a single subscription, which creates accounts in an Azure DNS Zone and the endpoint URL will have an alphanumeric DNS Zone identifier.

properties.encryption

Encryption settings to be used for server-side encryption for the storage account.

properties.failoverInProgress
  • boolean

If the failover is in progress, the value will be true, otherwise, it will be null.

properties.geoReplicationStats

Geo Replication Stats

properties.immutableStorageWithVersioning

The property is immutable and can only be set to true at the account creation time. When set to true, it enables object level immutability for all the containers in the account by default.

properties.isHnsEnabled
  • boolean

Account HierarchicalNamespace enabled if sets to true.

properties.isLocalUserEnabled
  • boolean

Enables local users feature, if set to true

properties.isNfsV3Enabled
  • boolean

NFS 3.0 protocol support enabled if set to true.

properties.isSftpEnabled
  • boolean

Enables Secure File Transfer Protocol, if set to true

properties.keyCreationTime

Storage account keys creation time.

properties.keyPolicy

KeyPolicy assigned to the storage account.

properties.largeFileSharesState

Allow large file shares if sets to Enabled. It cannot be disabled once it is enabled.

properties.lastGeoFailoverTime
  • string

Gets the timestamp of the most recent instance of a failover to the secondary location. Only the most recent timestamp is retained. This element is not returned if there has never been a failover instance. Only available if the accountType is Standard_GRS or Standard_RAGRS.

properties.minimumTlsVersion

Set the minimum TLS version to be permitted on requests to storage. The default interpretation is TLS 1.0 for this property.

properties.networkAcls

Network rule set

properties.primaryEndpoints

Gets the URLs that are used to perform a retrieval of a public blob, queue, or table object. Note that Standard_ZRS and Premium_LRS accounts only return the blob endpoint.

properties.primaryLocation
  • string

Gets the location of the primary data center for the storage account.

properties.privateEndpointConnections

List of private endpoint connection associated with the specified storage account

properties.provisioningState

Gets the status of the storage account at the time the operation was called.

properties.publicNetworkAccess

Allow or disallow public network access to Storage Account. Value is optional but if passed in, must be 'Enabled' or 'Disabled'.

properties.routingPreference

Maintains information about the network routing choice opted by the user for data transfer

properties.sasPolicy

SasPolicy assigned to the storage account.

properties.secondaryEndpoints

Gets the URLs that are used to perform a retrieval of a public blob, queue, or table object from the secondary location of the storage account. Only available if the SKU name is Standard_RAGRS.

properties.secondaryLocation
  • string

Gets the location of the geo-replicated secondary for the storage account. Only available if the accountType is Standard_GRS or Standard_RAGRS.

properties.statusOfPrimary

Gets the status indicating whether the primary location of the storage account is available or unavailable.

properties.statusOfSecondary

Gets the status indicating whether the secondary location of the storage account is available or unavailable. Only available if the SKU name is Standard_GRS or Standard_RAGRS.

properties.storageAccountSkuConversionStatus

This property is readOnly and is set by server during asynchronous storage account sku conversion operations.

properties.supportsHttpsTrafficOnly
  • boolean

Allows https traffic only to storage service if sets to true.

sku

Gets the SKU.

tags
  • object

Resource tags.

type
  • string

The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

StorageAccountInternetEndpoints

The URIs that are used to perform a retrieval of a public blob, file, web or dfs object via a internet routing endpoint.

Name Type Description
blob
  • string

Gets the blob endpoint.

dfs
  • string

Gets the dfs endpoint.

file
  • string

Gets the file endpoint.

web
  • string

Gets the web endpoint.

StorageAccountListResult

The response from the List Storage Accounts operation.

Name Type Description
nextLink
  • string

Request URL that can be used to query next page of storage accounts. Returned when total number of requested storage accounts exceed maximum page size.

value

Gets the list of storage accounts and their properties.

StorageAccountMicrosoftEndpoints

The URIs that are used to perform a retrieval of a public blob, queue, table, web or dfs object via a microsoft routing endpoint.

Name Type Description
blob
  • string

Gets the blob endpoint.

dfs
  • string

Gets the dfs endpoint.

file
  • string

Gets the file endpoint.

queue
  • string

Gets the queue endpoint.

table
  • string

Gets the table endpoint.

web
  • string

Gets the web endpoint.

StorageAccountSkuConversionStatus

This defines the sku conversion status object for asynchronous sku conversions.

Name Type Description
endTime
  • string

This property represents the sku conversion end time.

skuConversionStatus

This property indicates the current sku conversion status.

startTime
  • string

This property represents the sku conversion start time.

targetSkuName

This property represents the target sku name to which the account sku is being converted asynchronously.

UserAssignedIdentity

UserAssignedIdentity for the resource.

Name Type Description
clientId
  • string

The client ID of the identity.

principalId
  • string

The principal ID of the identity.

VirtualNetworkRule

Virtual Network rule.

Name Type Default Value Description
action Allow

The action of virtual network rule.

id
  • string

Resource ID of a subnet, for example: /subscriptions/{subscriptionId}/resourceGroups/{groupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}.

state

Gets the state of virtual network rule.