Allow storage account with vnet and behind firewall to be used for SQL's advanced threat protection.
As described in Microsoft documentation https://docs.microsoft.com/en-us/azure/sql-database/sql-database-auditing#subheading-1 a storage account behind firewall and a storage account with vnet is currently not supported for SQL's advanced threat protection.
This possess a high security risk where the logs will visible to anyone with access to the subscription, sas uri or storage account key.
We expect this to be fixed and enhanced so that a storage account with vnet and behind firewall can be used for SQL's advanced threat protection.
Yes, I agree this needs to be sorted ASAP. It also creates issues with bulk XML upload.
Chris Burger commented
We have the same issue with Azure SQL audit logs and virtual machine boot diagnostic logs. A solution would be very useful.