This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
How can I secure the Azure Storage account to allow my Function App?
I need to secure it using the Storage Account firewall settings, but not sure how to list the items or configure it properly.
Selecting the Checkbox still doesn't work.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 31%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVK%3C/text%3E%3C/svg%3E)
Just checking to see if the suggestion provided by Vinodh247 helped you to solve your issue, please let us know if you have any further queries. If the above suggestion helps you to solve your issue, please accept the answer, this can be beneficial to other community members.
Just checking to see if the suggestion provided by Vinodh247 helped you to solve your issue, please let us know if you have any further queries. If the above suggestion helps you to solve your issue. Your contribution is highly appreciated. Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 96%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECW%3C/text%3E%3C/svg%3E)
To save others time that may stumble upon this, I would recommend reading this thread
I'm happy to delete this if I am proven wrong but I do not believe you can just add an exception for Function Apps.
Hi ,
Thanks for reaching out to Microsoft Q&A.
To allow your Azure Function App to securely access your Azure Storage Account using the Storage Account firewall settings, follow these steps precisely:
From your screenshot, you have already selected:
"Enabled from selected virtual networks and IP addresses"
This is correct. It ensures only approved networks or resources can access the storage account.
This step is crucial and often overlooked.
Steps:
Scroll to the "Resource instances" section in the Networking blade.
Resource type: Select "Function App" from the dropdown.
Instance name: After selecting the resource type, it should auto-populate with Function Apps in your subscription.
Select the appropriate Function App that needs access.
Note: The Function App must be in the same region and same subscription as the storage account, and it must have a system-assigned managed identity enabled.
Even if the network rule is in place, access will fail without proper permissions.
5 . Restart the function
If the Function App still cannot access:
Confirm that the Function App’s outbound IP is not blocked.
Use Azure Monitor Logs or Application Insights to trace the exact error.
Please feel free to click the 'Upvote' (Thumbs-up) button and 'Accept as Answer'. This helps the community by allowing others with similar queries to easily find the solution.
I am attempting to follow your steps and the storage account does not have an option for Microsoft.Web/sites (Function Apps) under Resource Instances. Furthermore, looking at the documentation that is referenced in the Exceptions section, function apps are not in the list. I am confused on how this is appearing for you? Could you provide a screenshot/demo of this working?
It seems the only way (other than creating a VNET) is to manually add the IP ranges for Function Apps (dependent on the region). More information here: