Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,173 questions
VM connecting to Storage account via Managed Identity(system-assigned).If permission removed,VM is able to transact against storage account.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 85%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDN%3C/text%3E%3C/svg%3E)
Dave Norton
1
Reputation point
We have picked up a behavior where a Virtual Machine with Windows Server 2019 is connecting to a Storage account with Blob Data Contributor rights via a Managed Identity(system-assigned). We have found when the permission is removed, the virtual machine is still able to transact against the storage account for some time afterwards. Is this expected? If so, are there any guidelines as to how long the permission propagation takes to come into effect? Is there a way to force the permission removal immediately?
Thanks.
{count} votes
-
prmanhas-MSFT 17,891 Reputation points Microsoft Employee2021-09-02T07:21:32.557+00:00 @Dave Norton Apologies for the delay in response and all the inconvenience caused because of the issue.
I am checking on this issue with my internal team and will keep you posted once I have an update.
Thanks
Sign in to comment