eehret
commented
1 month ago @ElSrJuez Hi there, just happened to notice this issue as I was browsing others.
To me the error sounds more like a network issue and not an authentication issue. Things I would check: does the storage account have a private endpoint? does the fully qualified name for the storage account resolve to the private IP of the storage account's private endpoint from the location where you are running the New-GuestConfigurationPolicy command?
This should work with a private storage account on which public access has been disabled; this is how we have it set up here. We have a fully private storage account and using Entra ID authentication initially to fetch the storage account key, which is used for subsequent operations (generating SAS key for the guest policy, etc).
Hope that helps... :)
I am getting "Invoke-WebRequest: PublicAccessNotPermittedPublic access is not permitted on this storage account." when trying to create a new Azure Machine Configuration policy, it doesnt seem right that it requires that the Storage Account must be public?
Reviewing the code, I dont see any authentication parameters on the code that grabs the file? https://github.com/Azure/GuestConfiguration/blob/80dd21616cf5553851193ae6d30e6f15c3b6a962/source/Public/New-GuestConfigurationPolicy.ps1#L287