There are a couple of best practices that should be followed when applying security in your Storage Accounts by enabling firewall and VM features. The first one is to make sure that the Storage Account being used to store the boot diagnostics of your virtual machines is not configured to use firewall and virtual networks. Otherwise, the following error message will be displayed on your virtual machines boot diagnostics.
In that case, the feature was enabled, as depicted in the image below.
The recommended approach is to leave All networks (default setting).
The second recommendation is to avoid locking down Storage Accounts being used by Azure. They are easily spotted by checking the tag with the name ms-resource-usage, as depicted in the image below.
More Quick Tips articles
- Using Azure ephemeral disks when provisioning VMs with ARM
- Checking services availability in Azure and Azure Stack Hub
- Reading text files with PowerShell and Linux bash shell
- Integrating Microsoft Defender with Cloud App Security
- New from Microsoft: Azure Security Center onboarding guide