azurerm_storage_account - Update default value to the Azure Default (hashicorp#31596)

SC-Tobias · sreallymatt · hqhqhqhqhqhqhqhqhqhqhq · commit 3c1fd260ddbe · 2026-02-13T09:10:07.000+11:00
Co-authored-by: sreallymatt &lt;106555974+sreallymatt@users.noreply.github.com&gt;
diff --git a/internal/services/storage/storage_account_resource.go b/internal/services/storage/storage_account_resource.go
@@ -333,7 +333,7 @@ func resourceStorageAccount() *pluginsdk.Resource {
 			"allow_nested_items_to_be_public": {
 				Type:     pluginsdk.TypeBool,
 				Optional: true,
-				Default:  true,
+				Default:  false,
 			},
 
 			"shared_access_key_enabled": {
@@ -1355,6 +1355,12 @@ func resourceStorageAccount() *pluginsdk.Resource {
 			},
 			Deprecated: "this block has been deprecated and superseded by the `azurerm_storage_account_queue_properties` resource and will be removed in v5.0 of the AzureRM provider",
 		}
+
+		resource.Schema["allow_nested_items_to_be_public"] = &pluginsdk.Schema{
+			Type:     pluginsdk.TypeBool,
+			Optional: true,
+			Default:  true,
+		}
 	}
 
 	return resource
@@ -2186,7 +2192,10 @@ func resourceStorageAccountFlatten(ctx context.Context, d *pluginsdk.ResourceDat
 
 		// NOTE: The Storage API returns `null` rather than the default value in the API response for existing
 		// resources when a new field gets added - meaning we need to default the values below.
-		allowBlobPublicAccess := true
+		allowBlobPublicAccess := false
+		if !features.FivePointOh() {
+			allowBlobPublicAccess = true
+		}
 		if props.AllowBlobPublicAccess != nil {
 			allowBlobPublicAccess = *props.AllowBlobPublicAccess
 		}
diff --git a/website/docs/5.0-upgrade-guide.html.markdown b/website/docs/5.0-upgrade-guide.html.markdown
@@ -448,6 +448,7 @@ Please follow the format in the example below for listing breaking changes in re
 * The property `min_tls_version` no longer accepts `TLS1_0` or `TLS1_1` as a value.
 * The deprecated `queue_properties` block has been removed and superseded by the `azurerm_storage_account_queue_properties` resource.
 * The deprecated `static_website` block has been removed and superseded by the `azurerm_storage_account_static_website` resource.
+* The property `allow_nested_items_to_be_public` now defaults to `false`.
 
 ### `azurerm_storage_account_customer_managed_key`
 
