@superminiek Thanks for your feedback! We will investigate and update as appropriate.

@superminiek this answer from Gaurav breaks down the accessibility of Storage account from different subscriptions: https://stackoverflow.com/questions/31024894/accessing-azure-storage-services-from-a-different-subscription
Let me know if this helps.

Requests to storage are Source-NAT'ed so we do not see the public IP address of the VM.

You can use VNET rules across different subscriptions, as long as they are in subscriptions sharing the same Azure AD Tenant.

@NarayanAnnamalai , FYI

I've got the same issue. Adding a VM to a VNet and then attaching the VNet/subnet to the storage account fixes the issue.

However I can't find away to get it to work for requests coming from an App Service

you can use an App Service Environment to get App Service in a VNET.

https://docs.microsoft.com/en-us/azure/app-service/environment/intro#virtual-network-support

Regarding "Requests to storage are Source-NAT'ed so we do not see the public IP address of the VM." - after connecting to another VM I can see that IP (source) is correct, for storage - not so it seems that still it is not working properly or it is planned somehow. In which business cases ASF would be helpful here? I understand that I cannot use ASF for restrict access to File storage from VM.

Except the app service environment costs almost nearly as much on its own as our whole azure environment.

To me it does not make sense that Azure does not provide away to securely store files in the cloud. I get that a storage account is access secured, but ultimately it's accessible from anywhere on the internet. Which does make it vulnerable. Good luck passing a security audit from a financial institution. It has a password on it does not really provide confidence. 😔

@zyrow123 I'd highly recommend adding your feedback here: https://feedback.azure.com/forums/217313-networking , it will be examined by the product group.

Thanks,
Adam