Whitelist all Microsoft services in Storage account Firewall
Whitelist all Microsoft services including Azure Data Factory when the "Firewall and Virtual Network" option is enabled on Storage account and "Allow trusted Microsoft services to access this storage account" option is selected.
Similar option is already available on Azure Data Lake store, where we can access Data Lake from Data Factory pipelines after the firewall option is enabled.
Any update on the future state of being able to whitelist other Microsoft services?
We need add SQL DB auditing to access to Blob storage account when "Allow trusted Microsoft services to access this storage account" option is selected.
In my particular case, I'd like to have my Azure Automation Runbooks be able to access an Azure storage account that is firewalled.
Benjamin Cohen commented
I am having trouble allowing my Web App Service's to access my storage account for backups and web jobs when they are inside the same virtual network and the storage account does not allow connections from all IPs on the internet.
Adrian Walker commented
Agreed. Another half-a-job implementation. The "Allow trusted Microsoft services to access this storage account" option is worthless. It also affects AzureRM.Automation. New-AzureRmAutomationModule doesn't work when the SA firewall is enabled.
I thought about adding the published Azure DataCenter IP addresses to the firewall. I added all UK South and UK South 2 IP ranges, no luck.
In creating the github issue, the debug output seems to suggest the automation account is actually in West Europe. I started adding the West Europe IP ranges, before hitting a limit on the maximum number of IP addresses / ranges that can be entered.
@Microsoft, if you can't give us more information on what IP ranges do what, then allow us to add more ranges. Whilst you're about it, I suggest you add a separate blade for the IP range list, as it's going to get very long and ugly.
@Microsoft moderator: If you move this suggestion, would you kindly let us know where you move it to.
Peder Thode commented
Agreed that all MS services should be allowed. I am currently having compliancy issues with my firewalled file shares since they can't be backed up. So I might have to remove security to be able to back up my files.