Azure Policy to Restrict Storage Account Firewall Rules

Back in the Jan 2018, I posted a custom Azure Policy definition that restricts the creation of public-facing storage account – in another word, if the storage account you are creating is not attached to a virtual network Service Endpoint, the policy engine will block the creation of this storage account. You can find the original post here: https://blog.tyang.org/2018/01/08/restricting-public-facing-azure-storage-accounts-using-azure-resource-policy/. When a storage account is connected to a Service Endpoint, you can also white-list one or more IP address ranges to allow them accessing the storage account from the outside of your Azure virtual network (i.e. the Internet). Therefore, in order

Continue reading
%d bloggers like this: