![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 19%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
9,017 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 98%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
For storing the boot diagnostics in a storage account, Azure do not need any permissions.
But for the user to view those logs and screenshot, they need read permission and the network from where they are accessing should be white listed(if firewall enabled).
If you have a firewall enabled on the storage account, Then allow your corporate networks router ips in the firewall.
You also need to give read permission for all the users in the active directory to the storage account where boot diagnostics is stored. Through this way, we can control who can access and the IPs which they can use to access.
Other easy option is to enable read access for that storage account to all and restrict the ips in firewall to your corporate routers. By this way anyone in your company can access that boot diagnostics.
Source: https://github.com/MicrosoftDocs/azure-docs/issues/34457
Let me know if you have further questions.
Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer.