Share via

Trusted Microsoft services

Diksha Singh 0 Reputation points
2026-05-06T11:39:09.1+00:00

You have a storage account named storage1 with the following firewall configuration:Default action: DenyVirtual network rules: Subnet1 in VNET1 is allowedIP rules: xx.xx.xx.xx/24 is allowedTrusted Microsoft services: EnabledAn Azure Logic App in the same subscription tries to access storage1 over the internet (not from VNET1). The Logic App's outbound IP is xx.xx.xx.x.Can the Logic App access storage1?A. Yes — Logic Apps are trusted Microsoft servicesB. Yes — xx.xx.xx.x falls within an allowed IP rangeC. No — xx.xx.xx.x is not in the allowed IP rulesD. No — Logic Apps cannot access storage accounts with firewalls enabled

Removed PII

Azure Storage
Azure Storage

Globally unique resources that provide access to data management services and serve as the parent namespace for the services.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ravi Varma Mudduluru 11,475 Reputation points Microsoft External Staff Moderator
    2026-05-06T12:26:05.27+00:00

    Hello @ **Diksha Singh,

    Thank you for reaching out to Microsoft Q&A.

    In this scenario the correct answer is A – Yes, Logic Apps are one of the “trusted Microsoft services” that can bypass the storage account firewall when that setting is enabled.

    Why?

    • You’ve got DefaultAction=Deny, a VNet rule, an IP rule (xx.xx.xx.x/24), and you’ve turned on “Allow trusted Microsoft services.”

    • The documentation for “Trusted Azure services” shows that Azure Logic Apps (both the Microsoft.Logic/integrationAccounts and Microsoft.Logic/workflows resource providers) are explicitly on the list of services allowed to access storage accounts behind a firewall when trusted services is enabled.

    • Because of that, your Logic App – even though it’s coming over the internet from xx.xx.xx.x – is allowed through by the firewall. You don’t need to add its outbound IP to your IP rules.

    References:

    • Trusted Azure services: https://learn.microsoft.com/azure/storage/common/storage-network-security-trusted-azure-services

    • “Azure Logic Apps” entry under Trusted Azure services table in the above doc

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.