![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 16%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVV%3C/text%3E%3C/svg%3E)
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 77%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPK%3C/text%3E%3C/svg%3E)
Hello Varsha Vishwakarma,
Error is saying the subscription is under a Safe Secrets Standard policy that enforces strict storage account compliance.
The policy SFI_XXXXXXX_StXXXXXXXXSS likely enforces:
- Disabling shared keys or requiring Microsoft Entra ID authentication.
- Private endpoints only (no public network access).
- Possibly customer-managed keys for encryption.
When these conditions aren’t met, the portal blocks both creation and selection.
To bypass this error use ARM/Bicep or CLI instead of Portal
The portal cannot override policy restrictions. You can:
- Deploy via ARM template or Bicep and explicitly reference an existing compliant storage account.
- Add required app settings: WEBSITE_CONTENTAZUREFILECONNECTIONSTRING = <connection string> WEBSITE_CONTENTSHARE = <file share name> WEBSITE_CONTENTOVERVNET = 1 Ensure the storage account has Azure Files enabled and allows the Function App to create a file share.
Please accept as answer and do a Thumbs-up to upvote this response if you are satisfied with the community help. Your upvote will be beneficial for the community users facing similar issues.