You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Resources of some services that are registered in your subscription can access your storage account in the same subscription for selected operations, such as writing logs or running backups. The following table describes each service and the allowed operations.
to include that other subscription can access the storage account if they are in the same tenant when allow Azure Services in firewall setting are checked
I'm able to send Event Grid dead letter from storage account in my subscription to storage account in another subscription (same tenant) while firewall is enabled and only the Allow Azure services on the trusted services list to access this storage account is checked and the document does not mention that Azure trusted services can access storage account in another subscription under Same Tenant
this has been reported by customer and asked to be updated
Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
ID: 2632af75-7664-b79b-ac5b-c7c17e6a609a
Version Independent ID: 6ecf71b6-77c4-3ab6-8ec9-353ea407d70f
In addition to the above report discrepancy, the language in the caution note needs to be clear.
Caution
By design, access to a storage account from trusted services takes the highest precedence over other network access restrictions. If you set Public network access to Disabled after previously setting it to Enabled from selected virtual networks and IP addresses, any resource instances and exceptions that you previously configured, including Allow Azure services on the trusted services list to access this storage account, will remain in effect. As a result, those resources and services might still have access to the storage account.
The last statement needs update/correction. either it will have access or it won't. Why the "might"?
The following Section in the document needs to be updated https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security?tabs=azure-portal#trusted-access-for-resources-registered-in-your-subscription
as it say:
Resources of some services that are registered in your subscription can access your storage account in the same subscription for selected operations, such as writing logs or running backups. The following table describes each service and the allowed operations.
to include that other subscription can access the storage account if they are in the same tenant when allow Azure Services in firewall setting are checked
I'm able to send Event Grid dead letter from storage account in my subscription to storage account in another subscription (same tenant) while firewall is enabled and only the Allow Azure services on the trusted services list to access this storage account is checked and the document does not mention that Azure trusted services can access storage account in another subscription under Same Tenant
this has been reported by customer and asked to be updated
Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.
The text was updated successfully, but these errors were encountered: