Can anyone point me to some recommended best practices for configuring a storage account that is going to be used for archiving diagnostic logs from AAD? I am specifically interested in the network configuration recommendations for a scenario in which the only azure resources are AAD and Sentinel, i.e, the are not any VMs or NSGs and none are expected .
