Share via

How to create a custom policy to disable Azure Storage Account firewall option?

Madhu Rao 40 Reputation points
2024-01-11T00:27:33.5866667+00:00

I want to disable the Azure Storage Account firewall option. Forcing traffic to use Private EndPoint. I have found a few policies, but it is not disabling the feature. I would like to disable the option that is underlined in red.azurestorage

Thanks in advance.

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,759 questions
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
805 questions
Accepted answer
  1. Stanislav Zhelyazkov 21,506 Reputation points MVP
    2024-01-11T07:00:42.1833333+00:00

    Hi, What the portal displays is not relevant if you can configure the setting or not. The Azure Portal does not have logic to find what policies you have applied in order to disable certain UI elements. All you need to do is configure policy Configure storage accounts to disable public network access (/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d) with effect Modify on the subscription(s) where your storage accounts will be created. This will apply all your storage accounts that are created or modified to select the option Public Network Access - Disabled. When Public network access is disabled, you cannot configure virtual network rules or firewall rules as those are irrelevant in that case. When you configure private endpoints, you need to disable public network access besides creating the private endpoint.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Nehruji R 2,966 Reputation points Microsoft Vendor
    2024-01-15T06:26:59.6866667+00:00

    Hello Madhu Rao,  

    Greetings!  Welcome to Microsoft Q&A forum.  

    Adding on to previous response, to disable the Azure Storage Account firewall option and force traffic to use Private Endpoint, you can follow the below steps:

      1.In the Azure portal, navigate to your storage account for which you would like to restrict all access to the public endpoint. refer - Use private endpoints - Azure Storage | Microsoft Learn and configure a private endpoint by restricting the public access/endpoint Configure storage accounts to disable public network access - Microsoft Azure.  

    2.While Azure Policy may not directly disable the firewall feature, You can create custom policies that ensure Private Endpoint is configured and that the firewall settings on your Azure resources can be turned off. refer - Built-in policy definitions for Azure Storage | Microsoft Learn  

    Hope this answer helps ! Please let us know if you have any further queries. I’m happy to assist you further.  

    0 comments