I have setup custom backup of azure web app to storage account and it will only work when the public access is enabled for all networks. What I would like to achieve is to apply restriction to storage account and limit public access to only allow the vnet that I have integrated my web app to. So far I get 403 error as storage account refuses access to web app when I run custom backup. I have tried the following:
added subnet from vnet that my web app is integrated with, enabled the service endpoint for Microsoft.Storage
enabled system-assigned managed identity for the web app, granted this identity a Storage Blob Data Contributor permission to the storage account that will store the backups
Anyone have any idea what else I have to enable to achieve this?
Thanks in advance