blob from azure virtual network
As we follow PCI standards, we need to specify all outbound IP addresses from our services.
This is a problem with azure services as IP ranges to Microsoft/Azure datacenters can change weekly.
We would like to be able to create a site-to-site connection and access our azure resources through an IPSec connection to avoid weekly IP management . As I understand on Azure support, azure virtual network is only available from VMs and not azure services like BLOB storage containers.
This is much desired!

Please look at Azure Service Endpoints at https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview, it is GA for storage as well as SQL.
With service endpoints, service traffic switches to use virtual network private addresses as the source IP addresses when accessing the Azure service from a virtual network. This switch allows you to access the services without the need for reserved, public IP addresses used in IP firewalls.
3 comments
-
Ali Zaman (MSFT) commented
Please look at Azure Service Endpoints at https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview. It is GA for storage and preview for SQL
With service endpoints, service traffic switches to use virtual network private addresses as the source IP addresses when accessing the Azure service from a virtual network. This switch allows you to access the services without the need for reserved, public IP addresses used in IP firewalls
-
Anonymous commented
Please let us know on this and how can we restrict the different PAAS services like Azure Storage, Service Bus, Notification service, Azure Media service to be restricted to a range of IP address.
really will appreciate your response on the same.
-
Stewart Scott commented
Please provide an update.