Azure storage Firewall restrictions policy prevents policy deployments at configuration level
Hello All,
I have created 6 azure storage related policies in my subscriptions
Policy 1 - Restrict VNET
Policy 2 - Restrict Public IP
Policy 3 - Deny Public IP access
Policy 4 - Enforce TLS 1_2
Policy 5 - Enforce sas expiry
policy 6 - Enforce access key rotation
If Policy 2 ( restrict Public IP) or policy 3 (Deny Public IP access) is enabled , none of policies (Policy 4, policy 5, policy 6)related to policy deployment configuration changes in storage account is happening.
I removed the policy 3 (Deny Public IP access) but it did not help.
I allowed my IP address in Policy 2 (restrict Public IP) assignment, and added in allowed network in storage account, but still the policy deployment to make changes in configuration fails.
Code
InvalidTemplateDeployment
Message
The template deployment failed because of policy violation. Please see details for more information.
Code
RequestDisallowedByPolicy
Message
Resource 'strtmpdec4ts1' was disallowed by policy. Policy identifiers: '[{"policyAssignment":{"name":"Custom storage Firewall restrictions","id":"/subscriptions/xxxxxxxxxxxxxxxxxxxxx/providers/Microsoft.Authorization/policyAssignments/ac9edf09aaf94d9eb68cda50"},"policyDefinition":{"name":"Custom storage Firewall restrictions","id":"/subscriptions/xxxxxxxxxxxxxxxxxxxxx/providers/Microsoft.Authorization/policyDefinitions/4c97f52f-2615-4e40-b105-d5a1c2c6e9a3"}}]'.
I couldn't identify why firewall restrictions policy not allowing other policy changes in storage account.
Could you guys please assist to understand the behavior.