Info icon
End of Life Notice: For Trend Cloud One™ - Conformity Customers, Conformity will reach its End of Sale on “July 31st, 2025” and End of Life “July 31st, 2026”. The same capabilities and much more is available in Trend Vision One™ Cloud Risk Management. For details, please refer to Upgrade to Trend Vision One
Logo of Trend Micro
Use the Knowledge Base AI to help improve your Cloud Posture

Ensure Key Rotation Reminders are Enabled for Storage Accounts

Trend Vision One™ provides continuous assurance that gives peace of mind for your cloud infrastructure, delivering over 1100 automated best practice checks.

Risk Level: High (not acceptable risk)

Ensure that key rotation reminders are enabled for all Azure Storage Accounts to help maintain a regular and healthy cadence for access key regeneration activities. Access keys authenticate application access requests to data contained in Storage Accounts. A periodic rotation of these keys is recommended to ensure that potentially compromised keys cannot result in a long-term exploitable credential. The "Rotation Reminder" is an automatic reminder feature for a manual procedure that prompts administrators to regenerate access keys at regular intervals. This feature does not automatically rotate keys but instead sends reminders to help organizations maintain security best practices.

Security
Operational
excellence

Reminders such as those generated by this recommendation help maintain a regular and healthy cadence for activities that improve the overall efficacy of a security program. Cryptographic key rotation periods will vary depending on your organization's security requirements and the type of data being stored in the Storage Account. For the purposes of this security recommendation, 90 days is prescribed as the default reminder period. However, review and adjustment of this 90-day period is recommended and may even be necessary based on your organization's specific security requirements, compliance obligations, and risk tolerance. Organizations should establish key rotation policies that align with their security posture and regulatory requirements.

This recommendation only creates a periodic reminder to regenerate access keys and does not automatically rotate the keys. Failure to update all dependent applications before rotating keys will result in service interruptions and application failures.

Audit

To determine if key rotation reminders are enabled for your Azure Storage Accounts, perform the following operations:

Using Azure Console

01 Sign in to the Microsoft Azure Portal.

02 Navigate to Storage accounts blade available at https://portal.azure.com/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Storage%2FStorageAccounts.

03 Click on the name (link) of the Azure Storage Account that you want to examine.

04 In the left navigation panel, under Security + networking, select Access keys.

05 On the Access keys page, review the rotation reminder status:

  1. If the Edit rotation reminder button is displayed, the Storage Account has key rotation reminders enabled and is compliant. You can click Edit rotation reminder to review the current settings. Verify that the Remind me every field is set to an appropriate period that fits your organization's security requirements (the recommended period is 90 days).
  2. If the Set rotation reminder button is displayed instead, the Storage Account does not have key rotation reminders enabled and is not compliant.

06 Repeat steps no. 3 - 5 for each Azure Storage Account in the current subscription.

07 Repeat steps no. 2 - 6 for each Azure subscription in your Microsoft Azure cloud account.

Note: Checking key rotation reminder settings for Azure Storage Accounts using Azure CLI is not currently supported.

Remediation / Resolution

To enable key rotation reminders for your Azure Storage Accounts, perform the following operations:

Note: Configuring key rotation reminders for Azure Storage Accounts using Azure CLI is not currently supported.

Using Azure Console

01 Sign in to the Microsoft Azure Portal.

02 Navigate to Storage accounts blade available at https://portal.azure.com/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Storage%2FStorageAccounts.

03 Click on the name (link) of the Azure Storage Account that you want to configure.

04 In the left navigation panel, under Security + networking, select Access keys.

05 On the Access keys page, click Set rotation reminder (or Edit rotation reminder if reminders are already configured).

06 In the rotation reminder configuration dialog:

  1. Check (enable) the Enable key rotation reminders checkbox.
  2. In the Send reminders field, select Custom.
  3. Set the Remind me every field to 90 (recommended period).
  4. Set the period dropdown to Days.

07 Click Save to apply the configuration.

08 Repeat steps no. 3 - 7 for each Azure Storage Account that requires key rotation reminders in the current subscription.

09 Repeat steps no. 2 - 8 for each Azure subscription in your Microsoft Azure cloud account.

By default, key rotation reminders are not configured for Azure Storage Accounts. Organizations must explicitly enable this feature and configure the reminder period based on their security requirements.

References

Publication date Jan 28, 2026

Related StorageAccounts rules