Share via

Network request failed - cannot access storage endpoint. Your firewall settings may be preventing network access from this client to the storage data endpoint.

Arron Washington 20 Reputation points Microsoft Employee
2026-03-06T19:14:25.62+00:00

We have a s360 item that is showing that our storage account cannot have public network access enabled. I disabled the public network access, created a NSP and a VNET, however now our storage account container is no longer reachable with the following error:

"Microsoft_Azure_Storage","contentName":"BlobsView.ReactView","resourceId":"/subscriptions/xxxxxxxxxxxxxx". Network request failed - cannot access storage endpoint. Your firewall settings may be preventing network access from this client to the storage data endpoint. CORS settings on your storage account may be preventing network access from this client."

The NSP says that I need to add a Managed Identity, but I am unsure where to assign this as I see no Managed Identity blade within the Storage Account or NSP.

User's image

User's image

Azure Storage
Azure Storage

Globally unique resources that provide access to data management services and serve as the parent namespace for the services.

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Venkatesan S 6,920 Reputation points Microsoft External Staff Moderator
    2026-03-06T19:35:16.49+00:00

    Hi Arron Washington,

    Thanks for reaching out in Microsoft Q&A forum,

    Network request failed - cannot access storage endpoint. Your firewall settings may be preventing network access from this client to the storage data endpoint. CORS settings on your storage account may be preventing network access from this client."

    Your storage account is blocked due to disabled public network access without proper VNet integration or private endpoints, and NSP requires a managed identity for outbound traffic.

    Network Security Perimeter resource in the Azure portal, which acts as a logical security boundary for PaaS services such as Azure Storage. Once the perimeter is created, you use a profile within it to define how traffic should be evaluated. After that, the storage account is associated with the perimeter, where you choose an access mode.

    Steps:

    • Creating inbound rules to define who can access the storage account from public networks, such as specific IP addresses, Azure services, or subscriptions.
    • Creating outbound rules to restrict where the storage account can send data, which is critical for preventing unintended data exfiltration.
    • Validating access behavior before switching to Enforced mode to ensure only approved traffic is allowed.
    • Enabled System-Managed Identity on the storage account using Azure CLI (no Identity blade exists in portal for storage accounts): 
        az storage account identity assign --name [storage-account] --resource-group [rg] --identities [SystemAssigned]
      This resolved the NSP "MissingIdentityConfiguration" error.

    Reference:

    Kindly let us know if the above helps or you need further assistance on this issue.

    Please do not forget to 210246-screenshot-2021-12-10-121802.pngand “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.