Azure services like Storage Accounts, Key Vaults, and Cosmos DB offer built-in firewalls and network rules to restrict access. On the surface, they appear secure - locked to specific IPs, subnets, or trusted Microsoft services.

But here’s the catch: network rules don’t always mean isolation. In this session, we’ll break down the real behavior of Azure Service Firewalls and uncover how misconfigured or misunderstood settings can quietly expose your critical data to unauthorized access.

Through live demonstrations, we’ll show how attackers can bypass these controls by abusing trusted service paths, identity permissions, and gaps in firewall logic. We’ll walk through common scenarios and misconfigurations, then show how to properly secure your services with layered defense - network, identity, and configuration hardening.