VM connecting to Storage account via Managed Identity(system-assigned).If permission removed,VM is able to transact against storage account.
Dave Norton
1
Reputation point
We have picked up a behavior where a Virtual Machine with Windows Server 2019 is connecting to a Storage account with Blob Data Contributor rights via a Managed Identity(system-assigned). We have found when the permission is removed, the virtual machine is still able to transact against the storage account for some time afterwards. Is this expected? If so, are there any guidelines as to how long the permission propagation takes to come into effect? Is there a way to force the permission removal immediately?
Thanks.