Azure traffic to storage account

Hi Kidd,

Thanks for the response. This seems a much better solution and I assume this is the guideline for the implementation:

https://learn.microsoft.com/en-us/azure/architecture/networking/guide/cross-tenant-secure-access-private-endpoints

Thanks for suggesting this.

Having said that, do we know why traffic from cross tenants is being logged as 10.x.x.x in storage account? Or possibly why we can't see the public IP of the VM in the logs? IP filtering worked for me, is there any explanation why it worked? I assume the below text:

You can't use IP network rules to restrict access to clients in the same Azure region as the storage account. IP network rules have no effect on requests that originate from the same Azure region as the storage account. Use Virtual network rules to allow same-region requests.

From:

https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security-limitations#:~:text=You%20can%27t%20use%20IP%20network%20rules%20to%20restrict%20access%20to%20clients%20in%20the%20same%20Azure%20region%20as%20the%20storage%20account.%20IP%20network%20rules%20have%20no%20effect%20on%20requests%20that%20originate%20from%20the%20same%20Azure%20region%20as%20the%20storage%20account.%20Use%20Virtual%20network%20rules%20to%20allow%20same%2Dregion%20requests.

Only applicable when traffic comes within the same tenant and same region.