🌐 Exercise 4: Setting Up Secure File Shares for a Distributed Organization

🌐 Azure File Shares for Multi-location Collaboration

Introduction

In this exercise, I focused on creating a centralized and secure file-sharing solution for a company with offices in multiple locations. The goal was to enable seamless collaboration between departments — such as Finance, which requires frequent access to cost and audit files — while ensuring sensitive data remains protected.

To achieve this, I set up Azure File Shares, providing a reliable and easily accessible platform for departments to store, share, and manage files in the cloud. Since not all content should be publicly available, I also configured network restrictions to ensure that specific corporate virtual networks and subnets have exclusive access.

---

🧱 Architecture Overview

The setup includes:

• One Azure Storage Account configured specifically for file sharing
• A File Share and Directory created for departmental collaboration
• Snapshots enabled to back up and restore previous file versions
• Network restrictions applied to control access from authorized corporate networks only

---

🧩 Skilling Tasks

• Create a storage account for file shares
• Configure a file share and directory structure
• Enable snapshots and test file restoration
• Restrict access to specific virtual networks and subnets for enhanced security

---

⚙️ Create and Configure a Storage Account for Azure Files

Create a Storage Account for the Finance Department’s Shared Files

1. In the portal, search for and select Storage accounts.
2. Select + Create.
3. For Resource group, select Create new. Give your resource group a name and select OK to save your changes.

1. Provide a Storage account name (ensure it meets naming requirements).
2. Set Performance to Premium.
3. Set the Premium account type to File shares.
4. Set Redundancy to Zone-redundant storage (ZRS).
5. Select Review and then Create the storage account.

Wait for the resource to deploy and then select Go to resource.

---

📁 Create and Configure a File Share with Directory

Create a File Share for the Corporate Office

1. In the storage account, under Data storage, select the File shares blade.
2. Select + File share and provide a name.

1. Review other options, accept the defaults, and select Create.

Add a Directory for the Finance Department

1. Select your file share and choose + Add directory.
2. Name the new directory finance.

1. Select Browse and open the finance directory.
2. Add subdirectories as needed and upload a file for testing.

---

🔁 Configure and Test Snapshots

To protect against accidental file deletion, snapshots are enabled.

1. Select your file share.
2. Under Operations, choose the Snapshots blade.
3. Select + Add snapshot (comments optional) and click OK.

Verify your file directory and uploaded file are included:

---

Practice Restoring Files from Snapshots

1. Go to your file share and open your file directory.
2. Locate your uploaded file, open Properties, and select Delete.

1. Confirm deletion.

1. Open the Snapshots blade and select your snapshot.
2. Navigate to the deleted file, select it, and click Restore.

1. Provide a Restored file name.

1. Verify your restored file appears in the directory.

---

🔒 Configure Restricted Access to Selected Virtual Networks

Note: This section assumes a virtual network and subnet already exist. In production, these resources are typically pre-configured.

1. Search for and select Virtual networks.

1. Select Create, choose your resource group, and name the virtual network.
2. Keep default parameters, select Review + create, and then Create.

1. After deployment, open the resource and select Subnets under Settings.

1. Select the default subnet and, under Service endpoints, choose Microsoft.Storage.

1. Click Save to apply changes.

Restrict Storage Account Access

1. Return to your storage account and select Networking under Security + networking.

1. Set Public network access to Enabled from selected virtual networks and IP addresses.

1. In the Virtual networks section, select Add existing virtual network, choose your network and subnet, then click Add.

1. Save your changes and navigate to the Storage browser.
2. Attempt to access the file share — you should see an error message confirming restricted access:

“You are not authorized to perform this operation.”

---

🧾 Conclusion

This exercise provided hands-on experience with Azure Files, an essential cloud service for secure, scalable file storage and sharing. By combining snapshots for recovery and network restrictions for security, I created a resilient solution that supports both collaboration and compliance across geographically dispersed teams.