Complete Walkthrough to Setup Shared File Storage and Securing it Through a Virtual Network on Azure for Offices.

Introduction

Modern offices rely heavily on shared file storage to enable collaboration, streamline workflows, and ensure that critical documents are accessible to the right people at the right time. However, with increasing cyber threats and stricter compliance requirements, simply storing files in the cloud is not enough—organizations must also secure their storage environments against unauthorized access. Microsoft Azure provides a powerful platform for creating shared file storage that is both scalable and secure. By integrating Azure Files with a virtual network, businesses can enforce private connectivity, apply granular access controls, and protect sensitive data from external exposure.

This article offers a complete walkthrough of how to set up:

1. A storage account.
2. Configure a file share and directory.
3. Configure snapshots and practice restoring files.
4. Restrict access to a specific virtual network and subnet. on Azure, giving offices a reliable foundation for collaboration while maintaining the highest standards of data protection.

1. Create and configure a storage account for Azure Files.
Create a storage account for the finance department’s shared files.

In the portal, search for and select Storage accounts.

Select + Create.

For Resource group select Create new. Give your resource group a name and select OK to save your changes. Provide a Storage account name. Ensure the name meets the naming requirements. Set the Performance to Premium. Set the Premium account type to File shares. Set the Redundancy to Zone-redundant storage. Select Review and then Create the storage account. Wait for the resource to deploy.

Select Go to resource.

2. Create and configure a file share with directory.
Create a file share for the corporate office.

In the storage account, in the Data storage section, select the File shares blade. Select + File share and provide a Name.

Review the other options, but take the defaults. Select Create.

Add a directory to the file share for the finance department. For future testing, upload a file.

In the storage account, in the Data storage section, select the File shares blade. Name the new directory finance.Notice you can Add directory to further organize your file share. Upload a file of your choosing.

3. Configure and test snapshots.
Similar to blob storage, you need to protect against accidental deletion of files.

Select your file share. In the Operations section, select the Snapshots blade. Select + Add snapshot.

The comment is optional. Select OK. Select your snapshot and verify your file directory and uploaded file are included.

Practice using snapshots to restore a file.


Return to your file share. Browse to your file directory. Locate your uploaded file and in the Properties pane select Delete. Select Yes to confirm the deletion.


Select the Snapshots blade and then select your snapshot. Navigate to the file you want to restore, Select the file and the select Restore. Provide a Restored file name. Verify your file directory has the restored file.

4. Configure restricting storage access to selected virtual networks.
This tasks in this section require a virtual network with subnet. In a production environment these resources would already be created.

Search for and select Virtual networks.


Select Create. Select your resource group. and give the virtual network a name. Take the defaults for other parameters, select Review + create.

Then Create. Wait for the resource to deploy.

Select Go to resource.

In the Settings section, select the Subnets blade. Select the default subnet. In the Service endpoints section choose Microsoft.Storage in the Services drop-down. Do not make any other changes. Be sure to Save your changes.

The storage account should only be accessed from the virtual network you just created. Learn more about using private storage endpoints..

Return to your files storage account.
In the Security + networking section, select the Networking blade.

Change the Public network access to Enabled from selected virtual networks and IP addresses. In the Virtual networks section, select Add existing virtual network. Select your virtual network and subnet, select Add. Be sure to Save your changes.

Select the Storage browser and navigate to your file share.
Verify the message not authorized to perform this operation. You are not connecting from the virtual network.

This walkthrough has shown how to provision shared file storage on Azure and lock it down using a virtual network, role-based access, and encryption—turning a basic file share into a secure, manageable service for office environments. By combining correct resource configuration, network isolation, and least-privilege access controls, you reduce exposure to external threats while preserving the performance and collaboration benefits of centralized storage.
To keep the solution resilient, adopt automation for deployment, enable logging and monitoring, and schedule regular reviews of network rules and access policies. These operational practices, together with periodic backups and patching, ensure the environment remains secure and compliant as your organization grows. Implementing the steps in this guide will give your offices a reliable, secure shared storage foundation that scales with your needs.