@Paraytset Welcome to Microsoft Q&A Forum, Thank you for posting your Query here!
Apologies for the delay response!
For better understanding the issue : Do you want to enable for "VMs in Azure with Service EndPoint"?
Are you looking for IP Groups in Azure Firewall in Azure Storage account? I
Yes, you can achieve the desired functionality by using Azure Application Security Groups (ASGs) in combination with Network Security Groups (NSGs) for your storage account in Microsoft Azure.
Application Security Groups (ASGs) allow you to group multiple IP addresses together based on certain criteria. They provide a way to simplify network security rules by using named groups rather than individual IP addresses. By using ASGs, you can also add information about each IP, such as ownership and company, as you mentioned.
Here's a step-by-step guide on how to set up this configuration:
Step 1: Create Application Security Groups (ASGs)
- Go to the Azure portal and navigate to the "Networking" section.
- Click on "Application security groups."
- Create a new ASG and give it a name (e.g., "CompanyA-ASG").
Step 2: Add IP addresses to the Application Security Group
- After creating the ASG, click on it to open its details page.
- Under "Settings," click on "IP configurations."
- Click on "Add IP configuration" and enter the details for each IP address, including the ownership and company information for each one.
- Repeat this step for each IP address you want to include in the ASG.
Step 3: Create Network Security Groups (NSGs)
- Go back to the "Networking" section in the Azure portal.
- Click on "Network security groups."
- Create a new NSG and give it a name (e.g., "CompanyA-NSG").
Step 4: Add inbound security rules using the Application Security Group
- After creating the NSG, click on it to open its details page.
- Under "Settings," click on "Inbound security rules."
- Click on "Add inbound security rule."
- Fill in the rule details, and in the "Source" field, select "Application security group" and choose the previously created "CompanyA-ASG."
- Configure other rule properties as per your requirements.
- Repeat this step for each rule you want to add.
Step 5: Associate the Network Security Group with your Storage Account
- Navigate to your storage account in the Azure portal.
- In the left-hand menu, click on "Firewalls and virtual networks."
- Under "Virtual networks," click on "Selected networks."
- Click on "Add existing virtual network" and choose the virtual network where you have the NSG attached.
By following these steps, you'll have a Network Security Group with inbound rules based on an Application Security Group, which contains multiple IP addresses along with their corresponding information like ownership and company details. This configuration will restrict access to your storage account only to the IP addresses specified in the Application Security Group.
Please let us know if you have any further queries. I’m happy to assist you further.
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.