customer managed Storage Account with private endpoint for boot diagnostic ?

AdamBudzinskiAZA-0329 91 Reputation points
2024-04-22T18:36:50.4366667+00:00

hi,

I've assigned the policy Storage account public Blob access should be disallowed in audit mode. Now looking at the data I can see a lot storage accounts that are storage accounts used for VM boot diagnostic. Now, I don't think a VM to storage account in this case makse much sense, maybe one would be enough, however the question is would a storage account behind private endpoint work in this case or are there any limitations ?

Thanks !

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,255 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Marcin Policht 13,175 Reputation points MVP
    2024-04-22T19:54:55.2966667+00:00

    Limitations tie to the I/O throughput of the storage account.

    Switch to the managed storage account instead


    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments No comments

  2. TP 78,826 Reputation points
    2024-04-22T21:26:57.54+00:00

    Hi Adam,

    Yes, you can use Private Endpoint for the VM to access custom diagnostics storage account, with public network access disabled on the storage account. One limitation would be serial console doesn't work, so if/when you need that you could temporarily change the firewall setting on the storage account.

    Please click Accept Answer if the above was helpful.

    Thanks.

    -TP