Azure storage Firewall restrictions policy prevents policy deployments at configuration level

Riyas 1 Reputation point

Hello All,

I have created 6 azure storage related policies in my subscriptions
Policy 1 - Restrict VNET
Policy 2 - Restrict Public IP
Policy 3 - Deny Public IP access
Policy 4 - Enforce TLS 1_2
Policy 5 - Enforce sas expiry
policy 6 - Enforce access key rotation

If Policy 2 ( restrict Public IP) or policy 3 (Deny Public IP access) is enabled , none of policies (Policy 4, policy 5, policy 6)related to policy deployment configuration changes in storage account is happening.

I removed the policy 3 (Deny Public IP access) but it did not help.
I allowed my IP address in Policy 2 (restrict Public IP) assignment, and added in allowed network in storage account, but still the policy deployment to make changes in configuration fails.




The template deployment failed because of policy violation. Please see details for more information.




Resource 'strtmpdec4ts1' was disallowed by policy. Policy identifiers: '[{"policyAssignment":{"name":"Custom storage Firewall restrictions","id":"/subscriptions/xxxxxxxxxxxxxxxxxxxxx/providers/Microsoft.Authorization/policyAssignments/ac9edf09aaf94d9eb68cda50"},"policyDefinition":{"name":"Custom storage Firewall restrictions","id":"/subscriptions/xxxxxxxxxxxxxxxxxxxxx/providers/Microsoft.Authorization/policyDefinitions/4c97f52f-2615-4e40-b105-d5a1c2c6e9a3"}}]'.

I couldn't identify why firewall restrictions policy not allowing other policy changes in storage account.

Could you guys please assist to understand the behavior.

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,515 questions
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
754 questions
{count} votes