How can we improve Azure Storage?

Whitelist all Microsoft services in Storage account Firewall

Whitelist all Microsoft services including Azure Data Factory when the "Firewall and Virtual Network" option is enabled on Storage account and "Allow trusted Microsoft services to access this storage account" option is selected.

Similar option is already available on Azure Data Lake store, where we can access Data Lake from Data Factory pipelines after the firewall option is enabled.

92 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Vivek shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    13 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Joe Zuchora commented  ·   ·  Flag as inappropriate

        Any chance we can get Recovery Service - File Share added to the list of trusted services?

      • Filipe Ines commented  ·   ·  Flag as inappropriate

        We need to enable SQL server auditing to access the Blob storage account, with "firewall and virtual network" enable, but it's not possible this message pop up "Please choose a storage account without any firewall rules or virtual network configurations."

      • Alek J commented  ·   ·  Flag as inappropriate

        Any update on this fix? It's been open for about a year now, and is a bug by any definition -- not a new feature request. These aren't preview features we're talking about, but production services which don't work as advertised.

      • Andreas Bohn commented  ·   ·  Flag as inappropriate

        Whitelist Azure WebApp Backups to be a "trusted Microsoft service" for Storage Account Firewalls

      • Anonymous commented  ·   ·  Flag as inappropriate

        some news? Azure cognitive service Indexers will crawl firewalled storage accounts?

      • Anonymous commented  ·   ·  Flag as inappropriate

        Any update on the future state of being able to whitelist other Microsoft services?

      • Anonymous commented  ·   ·  Flag as inappropriate

        We need add SQL DB auditing to access to Blob storage account when "Allow trusted Microsoft services to access this storage account" option is selected.

      • Blaine commented  ·   ·  Flag as inappropriate

        In my particular case, I'd like to have my Azure Automation Runbooks be able to access an Azure storage account that is firewalled.

      • Benjamin Cohen commented  ·   ·  Flag as inappropriate

        I am having trouble allowing my Web App Service's to access my storage account for backups and web jobs when they are inside the same virtual network and the storage account does not allow connections from all IPs on the internet.

      • Adrian Walker commented  ·   ·  Flag as inappropriate

        Agreed. Another half-a-job implementation. The "Allow trusted Microsoft services to access this storage account" option is worthless. It also affects AzureRM.Automation. New-AzureRmAutomationModule doesn't work when the SA firewall is enabled.

        https://github.com/Azure/azure-powershell/issues/5885

        I thought about adding the published Azure DataCenter IP addresses to the firewall. I added all UK South and UK South 2 IP ranges, no luck.

        In creating the github issue, the debug output seems to suggest the automation account is actually in West Europe. I started adding the West Europe IP ranges, before hitting a limit on the maximum number of IP addresses / ranges that can be entered.

        @Microsoft, if you can't give us more information on what IP ranges do what, then allow us to add more ranges. Whilst you're about it, I suggest you add a separate blade for the IP range list, as it's going to get very long and ugly.

        @Microsoft moderator: If you move this suggestion, would you kindly let us know where you move it to.

      • Peder Thode commented  ·   ·  Flag as inappropriate

        Agreed that all MS services should be allowed. I am currently having compliancy issues with my firewalled file shares since they can't be backed up. So I might have to remove security to be able to back up my files.

      Feedback and Knowledge Base