Securing Azure Storage Account using Private Endpoints
Description
Azure Private Endpoint allows secure and private connection to Azure services by assigning a network interface. This enables the traffic to flow locally on the Azure backbone within a VNet by associating a private IP for PaaS services. The service offers a complete lockdown of public traffic to the Azure services. The traffic redirection and security are facilitated by Azure Private DNS that enables the private IP to resolve to resources within the subscription.
In this lab, you will work with Azure Private Link, configure a secure endpoint for Azure Storage Account File Share and make firewall updates to the Storage Account network.
Learning Objectives
Upon completion of this advanced-level lab, you will be able to:
- Interact with Azure Storage Account File Share
- Work with Azure Private Link
- Interact with Azure Private DNS
- Secure Storage Account using a Private Endpoint
Intended Audience
- Candidates for Azure Network Engineer (AZ-700) Exam
- Cloud Architects
- Security Engineers
- Data Engineers
- DevOps Engineers
- Software Engineers
Prerequisites
Familiarity with the following will be beneficial but is not required:
- Azure Storage Account
- Azure Virtual Network
The following labs can be used to fulfill the prerequisite:
- Managing Azure Storage Accounts
- Understanding Core Azure Networking Products
- Understanding Core Azure Storage Products
Updates
January 29th, 2024 - Updated lab instruction to address storage account credential issue
September 14th, 2021 - Updated lab instruction to fix storage account file share mounting issue
September 7th, 2021 - Updated VCF to reflect the infrastructure changes in the lab