Make sure that trusted Microsoft services have network access to your Microsoft Azure container registries. To securely connect to your network-restricted registries, enable the **Allow trusted Microsoft services to access this container registry** option in the registry's firewall settings.
Enabling network firewall rules for your Azure container registries will block incoming data requests, including those from other Microsoft Azure services. To allow these services to function properly and access your registries, you must add an exception that allows trusted Microsoft Azure services to bypass your network rules. When the Allow trusted Microsoft services to access this container registry exception is enabled, a trusted service instance can securely bypass the registry's network firewall rules and perform operations such as pulling or pushing images.
Audit
To determine if trusted Microsoft services are allowed to access your network-restricted container registries, perform the following operations:
Remediation / Resolution
To ensure that trusted Microsoft services are allowed to access your network-restricted container registries, perform the following operations:
References
- Azure Official Documentation
- About registries, repositories, and artifacts
- Allow trusted services to securely access a network-restricted container registry
- Azure Command Line Interface (CLI) Documentation
- az acr list
- az acr show
- az acr update