![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 27%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAL%3C/text%3E%3C/svg%3E)
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,863 questions
@Alison Liu Welcome to Microsoft Q&A Forum, Thank you for posting your query here!
Based on the error message, please refer to this article: Choose to allow or disallow blob public access on Azure Storage accounts
The error message you are seeing indicates that you are trying to create a Function App using a storage account that is disallowed by policy. Specifically, the policy is disallowing public access to the storage account.
To resolve this issue, you will need to update the policy to allow public access to the storage account. Here are the steps to update the policy:
Open the Azure portal and navigate to the policy that is disallowing public access to the storage account.
Click on the policy to open the policy details.
Click on the "Edit" button to edit the policy.
In the policy editor, locate the section that disallows public access to storage accounts.
Change the policy to allow public access to the storage account.
Save the policy changes.
Once you have updated the policy to allow public access to the storage account, you should be able to create the Function App without encountering the error message.
Note that allowing public access to a storage account can be a security risk, so you should carefully consider the implications before making this change.
Additional information: If you disable public access in the storage account, only selected IP ranges based on firewall rules or private endpoints configured can access the storage account. This is why the deployment of Azure Function also failed with 403 error since it was not authorized to access the storage account.
When you create a new function app, you can secure a new storage account via private endpoint as described in doc: Restrict your storage account to a virtual network and Secure storage account linked to Function App with private endpoint (this feature is not supported in Consumption plans). However, if you want to link existing storage account, then this cannot be done via azure portal. Instead, you need to modify ARM template for just creating a new file share in the storage account (new file share creation still needed), do VNET integration, configure WEBSITE_CONTENTSHARE, WEBSITE_CONTENTOVERVNET etc. to point to the file share.
There is a feature request: Deploy function app and storage account with network restrictions posted in our feedback forum and suggest you sharing the feedback in the link. I will also share your feedback internally with our product team. Check out similar discussion related to this issue and sharing it for reference.
Option 2: To disable anonymous access to the Storage account, run the following command:
$rgName = "<resource-group >"
$accountName = "<storage-account>"
# Read the AllowBlobPublicAccess property for the storage account.
(Get-AzStorageAccount -ResourceGroupName $rgName -Name $accountName).AllowBlobPublicAccess
# Set AllowBlobPublicAccess set to false
Set-AzStorageAccount -ResourceGroupName $rgName -Name $accountName -AllowBlobPublicAccess $false
# Read the AllowBlobPublicAccess property.
(Get-AzStorageAccount -ResourceGroupName $rgName -Name $accountName).AllowBlobPublicAccess
Refer to Remediate anonymous public read access to blob data for more details.
Accessing Azure Storage Accounts After Disabling the Public Access : https://stackoverflow.com/questions/78521184/accessing-azure-storage-accounts-after-disabling-the-public-access
Please let us know if you have any further queries. I’m happy to assist you further.
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.