Hello Shashwat Tiwary,
Thank you for posting your query here!
I understand that you’ve taken steps to secure your Azure Storage account by disabling public network access and configuring a private endpoint for SFTP connections. Let’s address the specific issues you’re facing:
Accessing Containers from the Portal:
When using the “Enabled from selected virtual networks and IP addresses” option, ensure that you’ve added the correct virtual network and subnet to the storage account’s firewall rules.
To access containers from the portal via the internet (outside the VNet), you’ll need to allow traffic from your client VM’s public IP address. Make sure you’ve added the VM’s IP to the firewall rules.
Accessing Containers from Inside a Client VM on Another VNet:
Ensure the VNets are peered correctly to allow communication between the client VM's VNet and the VNet containing the storage account's private endpoint. Then route tables are set up to route traffic from the client VM's VNet to the storage account’s private endpoint through the peered VNet.
Or else to allow access from a client VM in a different VNet, add the subnet of that VM to the storage account’s firewall rules.
Access Container via Service Principal:
· Ensure the service principal has the necessary RBAC roles (e.g., Storage Blob Data Contributor) on the storage account.
· If the service principal operates from specific IP addresses, add these IP ranges to the storage account firewall rules.
· When configuring linked services (e.g., in Databricks), use the storage account’s connection string or SAS token for authentication.
Access from Trusted Services (Databricks, KeyVault, Snowflake):
In your storage account, navigate to Networking. Enable the option to allow access from trusted Microsoft services.
Also, for services like Databricks, KeyVault, and Snowflake, use managed identities to authenticate and access the storage account. Ensure managed identities have the necessary RBAC roles on the storage account.
Do let us know if you have any further queries. I’m happy to assist you further.
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.