title	Manage network security exceptions for Azure Storage
description	Learn how to enable traffic from an Azure service outside of the network boundary by adding a network security exception.
services	storage
author	normesta
ms.service	azure-storage
ms.subservice	storage-common-concepts
ms.topic	how-to
ms.date	08/25/2025
ms.author	normesta

Manage network security exceptions for Azure Storage

You can enable traffic from Azure services outside of your network boundary by adding a network security exception.

For a complete list of trusted Azure services, see Trusted Azure services.

Add a network security exception

Navigate to the storage account for which you want to manage exceptions.
In the service menu, under Security + networking, select Networking, and then under Resource settings: Virtual networks, IP addresses, and exceptions, select View.
Under Exceptions, select the exceptions that you want to grant.
Select Save to apply your changes.

Display the exceptions for the storage account network rules:

(Get-AzStorageAccountNetworkRuleSet -ResourceGroupName "myresourcegroup" -Name "mystorageaccount").Bypass

Configure the exceptions for the storage account network rules:

Update-AzStorageAccountNetworkRuleSet -ResourceGroupName "myresourcegroup" -Name "mystorageaccount" -Bypass AzureServices,Metrics,Logging

Remove the exceptions from the storage account network rules:

Update-AzStorageAccountNetworkRuleSet -ResourceGroupName "myresourcegroup" -Name "mystorageaccount" -Bypass None

Display the exceptions for the storage account network rules:

az storage account show --resource-group "myresourcegroup" --name "mystorageaccount" --query networkRuleSet.bypass

Configure the exceptions for the storage account network rules:

az storage account update --resource-group "myresourcegroup" --name "mystorageaccount" --bypass Logging Metrics AzureServices

Remove the exceptions from the storage account network rules:

az storage account update --resource-group "myresourcegroup" --name "mystorageaccount" --bypass None