Forum Discussion
Limit which storage accounts which can be written to for a subscription
Would like to have a feature where we can set a policy that only a specific list of storage accounts can be written to from a subscription. Example a VM within the virtual network no matter who is l...
RyanStevensonThis would also be for any service within a subscription. The reason for this request is we want to say that the no one could create a storage account in another subscription and through a VM or any other service write to that storage account and exfiltrate data.
Klaas Langhout
Microsoft
MicrosoftRyanStevenson, I can see the value of providing this. We currently provide AAD authentication (including for MSI), as well as VNET and firewall security (where VM's could be added to a VNET to provide access to a storage account) which isn't as simple as your request. I'll add this for consideration with the right PM's in storage. Thanks, Klaas, Azure Storage