Can network security groups (NSG) with service tags be used to prevent access to one Azure Storage account and allow access to another Azure Storage Account?
Experience Level: Junior
Tags: Azure CloudAzure StorageAzure Virtual Networks
Answer
Service tags represent IP ranges of Azure Storage. As Azure Storage is PaaS service, there can be multiple Azure Storage accounts behind the IP range. For that reason, NSG with service tags cannot be used to allow access to some storage accounts while preventing access to other storage accounts.
Service endpoints and Azure Storage firewall can be used to achieve this.
Related Azure Cloud job interview questions
What is Azure ExpressRoute?
Azure CloudAzure ExpressRoute JuniorYou are migrating hub-to-spoke topology to Azure Virtual WAN. What are the steps that you should do?
Azure CloudAzure Virtual NetworksAzure Virtual WAN JuniorYou use Azure storage account that is accessed from your virtual network using service endpoint. What steps do you need to do to support disaster recovery?
Azure CloudAzure StorageAzure Virtual Networks JuniorYou use Azure Storage with GRS settings. What is the target location where data is replicated to?
Azure CloudAzure Storage JuniorYour Azure virtual machines are assigned to availability zone 1 and 2. Your Azure NAT gateway is assigned to zone 1. Can both virtual machines use the NAT gateway for outgoing traffic?
Azure Cloud Junior
