![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 90%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,931 questions
Greetings!
To understand the caller IP addresses in Azure Storage diagnostic logs, follow these steps:
- Check Diagnostic Logs: Ensure you have the storage diagnostic logs available.
- Focus on Key Fields: Examine the
callerIPAddressanduserAgentHeaderfields to determine the source of the operation. - Authorization Check: If Microsoft Entra ID is used for authorization, the
RequestObjectIdfield will help identify the user. Shared Key and SAS authentication do not audit individual identities, making thecallerIPAddressanduserAgentHeaderfields essential. - Verify IP Addresses: You can verify if the IP addresses belong to Azure resources by downloading the Azure IP ranges from the Microsoft Download Center.
- Example Case: In a support scenario, an IP address provided by a customer was identified as belonging to Microsoft. This was confirmed by checking the user agent header and verifying against Azure IP ranges.
For more detailed information, you can refer to the Azure documentation on Auditing data plane operations.
Resources:
Hope this helps. If you have any follow-up questions, please let me know. I would be happy to help.
Please do not forget to "up-vote" wherever the information provided helps you, as this can be beneficial to other community members.