There are a couple of best practices that should be followed when applying security in your Storage Accounts by enabling firewall and VM features. The first one is to make sure that the Storage Account being used to store the boot diagnostics of your virtual machines is not configured to use firewall and virtual networks. Otherwise, the following error message will be displayed on your virtual machines boot diagnostics.
In that case, the feature was enabled, as depicted in the image below.
The recommended approach is to leave All networks (default setting).
The second recommendation is to avoid locking down Storage Accounts being used by Azure. They are easily spotted by checking the tag with the name ms-resource-usage, as depicted in the image below.
More Quick Tips articles
- Using location in a consistent way in your ARM template parameters
- Using environment as variables in your Azure DevOps pipelines
- Removing Log Analytics with the soft-delete option
- Using conditions in ARM templates when deploying infrastructure-as-code
- Monitor your Azure VM from your mobile device by scanning a QR code