Restricting Public-Facing Azure Storage Accounts Using Azure Resource Policy

Background Back in September 2017, Microsoft has announced Virtual Network Service Endpoints for Azure Storage and Azure SQL at Ignite. This feature prevents Storage Accounts and Azure SQL Databases from being accessed from the public Internet. A customer had a requirement to enforce all storage accounts to be attached to VNets as part of their security policies. The Azure Resource Policy seems to be the logical solution for this requirement. In order to make this possible, I have contacted the Azure Policy product team, and thanks for their prompt response, this is now possible – although at the time of

%d bloggers like this: