Allow VM console access when storage account has firewall enabled
It's pretty ridiculous that the Azure VM serial console won't work when the boot diagnostics storage account has a firewall enabled.
First, it should be possible to use a firewall for additional protection of boot diagnostics. I understand that the storage has to be written from the host server, not the VM, so it might not be on the correct vnet; but this should be considered a "trusted Azure service", or there should be another option to allow it.
Second, the Serial Console is not the same as boot logging. They are two separate things! I should be able to enable and disable the serial console independent of storing boot logs.
The implication is that relatively sensitive information (boot log) cannot be stored with vnet protection.
Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature
John Crim commented
Screenshot of the error message. The serial console won't allow access when the boot diagnostics storage account firewall is enabled.
Apparently this previously worked (see https://feedback.azure.com/forums/216843-virtual-machines/suggestions/35798698-serial-console-works-with-storage-accounts-with-fi), but no longer.