I have a storage account that is used for Media Services input and output assets, and after each transcode is done I set the container permissions to BlobContainerPublicAccessType.Blob via the Storage Client Library v4.3.0. Once set, we don't change it.
Days or weeks later, on dozens of the containers, the permissions are discovered to have mysteriously been reset to BlobContainerPublicAccessType.Off. Tired of manually discovering them by playback failures, I finally wrote an app that enumerates all the containers and sets the permissions back to Blob again if they are Off, and I run this periodically as needed. They often seem to be a bit "clumped" together in terms of StorageUri proximity (ie: GUIDs in path are often close to each other).
Is there anything at all that is "known" about this, or does anyone have any clues? If not I'll submit a support ticket.
Thanks,
Galan