Include Azure Automation on Key Vault Firewall under "Trusted Microsoft Services"
Currently, Azure Automation accesses Azure Key Vaults through public endpoints (Azure Data Center Public IPs). As such, Automation cannot function unless a firewall exclusion is in place in the key vault settings. Unfortunately, Azure has hundreds of public IP addresses, which could change at a moments notice. This, in effect, negates use of the Key Vault firewall altogether and requires you to allow incoming untrusted networks.
There is a firewall setting "Allow Trusted Microsoft Services", which allows select services to bypass the firewall. Automation is not included in this list. It would be a great help to include it; immediately securing the platform and making the firewall usable.
Really need this, it is not secure to open key vault for public networks
Joon du Randt commented
This is a big problem for us, have to now extend keyvault automation jobs to add their IP to the KV while executing.
Philipp Molzer commented
this is a big problem and needs to be fixed.
Sam Hodgkinson commented
Any update on this topic
Hans Weerdestijn commented
Same issue here
Gives big issues to us, makes DSC compilations quit troublesome. Please have it fixed on short term.
Wijnand Kroes commented
We have the same issue
Same Issue for us, especially during DSC Compile Jobs