With the release of the Private Link feature some 6 months ago, we also released the capability to link storage account to a workspace. This capability complements Private Link but also serves Customer Managed Keys (CMK) scenarios, as explained below (you can use the same storage for all scenarios, or separate ones). Now, we're releasing new Azure portal UX to make linking and configuration of linked storage accounts easier.
Why link a storage account to your workspace?
Ingesting IIS logs or Custom logs over a Private Link
IIS logs and Custom logs are ingested to Log Analytics through an intermediate storage account, typically provided by the Log Analytics service. When Private Link is used the Log Analytics agents can't access the service-managed storage as it's not part of the Private Link. Only customer-owned storage accounts can be accessible over a Private Link. Customers should select which storage accounts they want to use for the ingestion of these data types and link them to their workspace.
Applying CMK encryption to saved queries and log-based alerts
Customers that wish to encrypt their saved queries and log-based alerts with CMK should store them on their own storage accounts and link these storages to the workspace.
Read Using customer-managed storage accounts in Azure Monitor Log Analytics to learn more.
As always, you're invited to comment and let us know what you think.