There are a couple of best practices that should be followed when applying security in your Storage Accounts by enabling firewall and VM features. The first one is to make sure that the Storage Account being used to store the boot diagnostics of your virtual machines is not configured to use firewall and virtual networks. Otherwise, the following error message will be displayed on your virtual machines boot diagnostics.
In that case, the feature was enabled, as depicted in the image below.
The recommended approach is to leave All networks (default setting).
The second recommendation is to avoid locking down Storage Accounts being used by Azure. They are easily spotted by checking the tag with the name ms-resource-usage, as depicted in the image below.
More Quick Tips articles
- New from Microsoft: Azure Security Center onboarding guide
- Fixing Azure Key Vault when moving to a different tenant
- Restore Azure Key Vault using just two PowerShell cmdlets
- This overlooked feature in Visual Studio Code can speed release time
- Enabling Front Door managed certificates in Azure: Status update