Merge pull request #97304 from damendo/patch-1

Key rotation issue

Author: PRMerger6

articles/network-watcher/network-watcher-nsg-flow-logging-overview.md

@@ -92,6 +92,7 @@ The text that follows is an example of a flow log. As you can see, there are mul
 1. Location: The storage account used must be in the same region as the NSG.
 2. No Firewall: NSG Flow logs is not onboarded as a [trusted Microsoft Service for Azure Storage](https://docs.microsoft.com/azure/storage/common/storage-network-security#trusted-microsoft-services). See [How do I disable the firewall on my storage account?](https://docs.microsoft.com/azure/network-watcher/frequently-asked-questions#how-do-i-disable-the--firewall-on-my-storage-account) to disable the firewall. 
 3. No Service Endpoints: Due to a current limitation, logs can only be directly emitted to storage accounts and not via service endpoints. See [How do I use NSG Flow Logs with Service Endpoints?](https://docs.microsoft.com/azure/network-watcher/frequently-asked-questions#how-do-i-use-nsg-flow-logs-with-service-endpoints) for help with removing existing Service Endpoints.
+4. Self-manage key rotation: If you change/rotate the access keys to your storage account, NSG Flow Logs will stop working. To fix this, you must disable and then re-enable NSG Flow Logs.
 
 **Enable NSG Flow Logging on all NSGs attached to a resource**: Flow logging in Azure is configured on the NSG resource. A flow will only be associated to one NSG Rule. In scenarios where multiple NSGs are utilized, we recommend that NSG flow logging is enabled on all NSGs applied a resource's subnet or network interface to ensure that all traffic is recorded. See [how traffic is evaluated](../virtual-network/security-overview.md#how-traffic-is-evaluated) for more information on Network Security Groups.