We're using 'Enable with managed storage account'. The Reader permission is not enough.
We're using 'Enable with managed storage account'. The Reader permission is not enough.
For storing the boot diagnostics in a storage account, Azure do not need any permissions.
But for the user to view those logs and screenshot, they need read permission and the network from where they are accessing should be white listed(if firewall enabled).
If you have a firewall enabled on the storage account, Then allow your corporate networks router ips in the firewall.
You also need to give read permission for all the users in the active directory to the storage account where boot diagnostics is stored. Through this way, we can control who can access and the IPs which they can use to access.
Other easy option is to enable read access for that storage account to all and restrict the ips in firewall to your corporate routers. By this way anyone in your company can access that boot diagnostics.
Source: https://github.com/MicrosoftDocs/azure-docs/issues/34457
Let me know if you have further questions.
Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer.
Thank you, I saw this post too. Read access to the storage account might work for the non managed storage account, but it doesn't seem to apply to the current method of configuring this setting.
15 people are following this question.