Skip to content

Commit e96dd7e

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #208179 from sumeetmittal/patch-69
Update the process - enrolling into the globalSE
2 parents b6636a3 + 9c1982d commit e96dd7e

File tree

1 file changed

+7
-2
lines changed

1 file changed

+7
-2
lines changed

articles/storage/common/storage-network-security.md

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -150,13 +150,18 @@ When planning for disaster recovery during a regional outage, you should create
150150
151151
### Enabling access to virtual networks in other regions (preview)
152152
153-
To enable access from a virtual network that is located in another region, register the `AllowGlobalTagsForStorage` feature in the subscription of the virtual network. All the subnets in the subscription that has the _AllowedGlobalTagsForStorage_ feature enabled will no longer use a public IP address to communicate with any storage account. Instead, all the traffic from these subnets to storage accounts will use a private IP address as a source IP. As a result, any storage accounts that use IP network rules to permit traffic from those subnets will no longer have an effect.
154-
153+
>
155154
> [!IMPORTANT]
156155
> This capability is currently in PREVIEW.
157156
>
158157
> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
159158
159+
To enable access from a virtual network that is located in another region over service endpoints, register the `AllowGlobalTagsForStorage` feature in the subscription of the virtual network. All the subnets in the subscription that has the _AllowedGlobalTagsForStorage_ feature enabled will no longer use a public IP address to communicate with any storage account. Instead, all the traffic from these subnets to storage accounts will use a private IP address as a source IP. As a result, any storage accounts that use IP network rules to permit traffic from those subnets will no longer have an effect.
160+
161+
> [!NOTE]
162+
> For updating the existing service endpoints to access a storage account in another region, perform an [update subnet](https://docs.microsoft.com/cli/azure/network/vnet/subnet?view=azure-cli-latest#az-network-vnet-subnet-update) operation on the subnet after registering the subscription with the `AllowGlobalTagsForStorage` feature. Similarly, to go back to the old configuration, perform an [update subnet](https://docs.microsoft.com/cli/azure/network/vnet/subnet?view=azure-cli-latest#az-network-vnet-subnet-update) operation after deregistering the subscription with the `AllowGlobalTagsForStorage` feature.
163+
164+
160165
#### [Portal](#tab/azure-portal)
161166
162167
During the preview you must use either PowerShell or the Azure CLI to enable this feature.

0 commit comments

Comments
 (0)