| _key | core | string | |
| access_tier | core | string | Required for storage accounts where kind = BlobStorage. The access tier is used for billing. The 'Premium' access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type. |
| account_migration_in_progress | core | bool | If customer initiated account migration is in progress, the value will be true else it will be null. |
| allow_blob_public_access | core | bool | Allow or disallow public access to all blobs or containers in the storage account. The default interpretation is false for this property. |
| allow_cross_tenant_replication | core | bool | Allow or disallow cross AAD tenant object replication. Set this property to true for new or existing accounts only if object replication policies will involve storage accounts in different AAD tenants. The default interpretation is false for new accounts to follow best security practices by default. |
| allow_shared_key_access | core | bool | Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Azure AD). The default value is null, which is equivalent to true. |
| allowed_copy_scope | core | string | Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet. |
| blob_services | core | json | |
| creation_time | core | string | Gets the creation date and time of the storage account in UTC. |
| default_to_o_auth_authentication | core | bool | A boolean flag which indicates whether the default authentication is OAuth or not. The default interpretation is false for this property. |
| dns_endpoint_type | core | string | Allows you to specify the type of endpoint. Set this to AzureDNSZone to create a large number of accounts in a single subscription, which creates accounts in an Azure DNS Zone and the endpoint URL will have an alphanumeric DNS Zone identifier. |
| encryption | core | json | Encryption settings to be used for server-side encryption for the storage account. |
| id | core | string | Fully qualified resource ID for the resource. Ex - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} |
| identity | core | json | The identity of the resource. |
| is_local_user_enabled | core | bool | Enables local users feature, if set to true |
| is_sftp_enabled | core | bool | Enables Secure File Transfer Protocol, if set to true |
| is_sku_conversion_blocked | core | bool | This property will be set to true or false on an event of ongoing migration. Default value is null. |
| kind | core | string | Gets the Kind. |
| large_file_shares_state | core | string | Allow large file shares if sets to Enabled. It cannot be disabled once it is enabled. |
| location | core | string | The geo-location where the resource lives |
| management_policy | core | json | |
| minimum_tls_version | core | string | Set the minimum TLS version to be permitted on requests to storage. The default interpretation is TLS 1.0 for this property. |
| name | core | string | The name of the resource |
| network_acls | core | json | Network rule set |
| primary_endpoints | core | json | Gets the URLs that are used to perform a retrieval of a public blob, queue, or table object. Note that Standard_ZRS and Premium_LRS accounts only return the blob endpoint. |
| primary_location | core | string | Gets the location of the primary data center for the storage account. |
| private_endpoint_connections | core | json | List of private endpoint connection associated with the specified storage account |
| provisioning_state | core | string | Gets the status of the storage account at the time the operation was called. |
| public_network_access | core | string | Allow or disallow public network access to Storage Account. Value is optional but if passed in, must be 'Enabled' or 'Disabled'. |
| resource_group | core | string | |
| secondary_endpoints | core | json | Gets the URLs that are used to perform a retrieval of a public blob, queue, or table object from the secondary location of the storage account. Only available if the SKU name is Standard_RAGRS. |
| secondary_location | core | string | Gets the location of the geo-replicated secondary for the storage account. Only available if the accountType is Standard_GRS or Standard_RAGRS. |
| sku | core | json | Gets the SKU. |
| status_of_primary | core | string | Gets the status indicating whether the primary location of the storage account is available or unavailable. |
| status_of_secondary | core | string | Gets the status indicating whether the secondary location of the storage account is available or unavailable. Only available if the SKU name is Standard_GRS or Standard_RAGRS. |
| subscription_id | core | string | |
| subscription_name | core | string | |
| supports_https_traffic_only | core | bool | Allows https traffic only to storage service if sets to true. |
| tags | core | hstore | |
| type | core | string | The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts" |
