Hi!
I will show a new storage account feature which can help you to prevent data breach. This feature will help you to restrict the copy operations at the storage account level.
![](https://zigmax.net/wp-content/uploads/2022/11/Screen-Shot-2022-11-16-at-2.33.09-PM.png)
Three options are available:
- From any storage accounts (default value)
- From storage accounts in the same Azure AD tenant
- From storage accounts that have a private endpoint to the same virtual network
I will recommend you to protect all your storage account with a custom Azure Policy which uses the alias parameter: allowedCopyScope
Maxime.