Access Denied when Storage Firewall in place
When a storage account firewall to only allow access to selected networks are in place, access is denied when trying to view the services in the storage account from places outside of the allowed network. This is expected according to document but we would like to know whether there can be improvement.
Is it possible that an additional option to grant certain login ID’s permission to the object, regardless of where users login from?
This is a massive security hole in Azure
Alex Lutsenko commented
This idea was posted in 2017 initially and now in 2020 it is still a problem (even with "Allow trusted Microsoft services to access this storage account").
This should be listed as a bug as it effectively prevents hosting a secure web app in Azure.
Ian Morgan commented
In particular, when an authorized user is logged into the Azure Portal, attempting to access the storage account still produces "Access Denied" errors without any further explanation that the error is due to firewall restrictions (rather than account level privileges).