hands-on lab

Securing Azure Storage Account using Private Endpoints

Difficulty: Advanced
Duration: Up to 1 hour and 30 minutes
Students: 1,582
Rating: 4.4/5
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.

Description

Azure Private Endpoint allows secure and private connection to Azure services by assigning a network interface. This enables the traffic to flow locally on the Azure backbone within a VNet by associating a private IP for PaaS services. The service offers a complete lockdown of public traffic to the Azure services. The traffic redirection and security are facilitated by Azure Private DNS that enables the private IP to resolve to resources within the subscription.

In this lab, you will work with Azure Private Link, configure a secure endpoint for Azure Storage Account File Share and make firewall updates to the Storage Account network.

Learning Objectives

Upon completion of this advanced-level lab, you will be able to:

  • Interact with Azure Storage Account File Share
  • Work with Azure Private Link
  • Interact with Azure Private DNS
  • Secure Storage Account using a Private Endpoint

Intended Audience

  • Candidates for Azure Network Engineer (AZ-700) Exam
  • Cloud Architects
  • Security Engineers
  • Data Engineers
  • DevOps Engineers
  • Software Engineers

Prerequisites

Familiarity with the following will be beneficial but is not required:

  • Azure Storage Account
  • Azure Virtual Network

The following labs can be used to fulfill the prerequisite:

Updates

January 29th, 2024 - Updated lab instruction to address storage account credential issue

 

September 14th, 2021 - Updated lab instruction to fix storage account file share mounting issue

September 7th, 2021 - Updated VCF to reflect the infrastructure changes in the lab

Environment before

Environment after

Covered topics

Lab steps

Logging in to the Microsoft Azure Portal
Accessing Azure Storage Account File Share using Windows VM
Creating Private Endpoint for Azure Storage Account File
Connecting to Azure Storage File Share using Private IP
Restricting Azure Storage Account Access to Specific Networks
Reviewing the Access Changes to the Storage Account File Share