Securing Azure Storage Account using Private Endpoints

Azure Private Endpoint allows secure and private connection to Azure services by assigning a network interface. This enables the traffic to flow locally on the Azure backbone within a VNet by associating a private IP for PaaS services. The service offers a complete lockdown of public traffic to the Azure services. The traffic redirection and security are facilitated by Azure Private DNS that enables the private IP to resolve to resources within the subscription.

In this lab, you will work with Azure Private Link, configure a secure endpoint for Azure Storage Account File Share and make firewall updates to the Storage Account network.

Learning Objectives

Upon completion of this advanced-level lab, you will be able to:

• Interact with Azure Storage Account File Share
• Work with Azure Private Link
• Interact with Azure Private DNS
• Secure Storage Account using a Private Endpoint

Intended Audience

• Candidates for Azure Network Engineer (AZ-700) Exam
• Cloud Architects
• Security Engineers
• Data Engineers
• DevOps Engineers
• Software Engineers

Prerequisites

Familiarity with the following will be beneficial but is not required:

• Azure Storage Account
• Azure Virtual Network

The following labs can be used to fulfill the prerequisite:

• Managing Azure Storage Accounts
• Understanding Core Azure Networking Products
• Understanding Core Azure Storage Products

Updates

January 29th, 2024 - Updated lab instruction to address storage account credential issue

September 14th, 2021 - Updated lab instruction to fix storage account file share mounting issue

September 7th, 2021 - Updated VCF to reflect the infrastructure changes in the lab