In today’s digital landscape, protecting internal company documents is not just advisable, it’s essential. These documents frequently contain sensitive information such as financial data, strategic plans, employee records, and legal contracts. If compromised, whether through accidental exposure or inadequate infrastructure, the consequences can include data breaches, regulatory fines, and a loss of stakeholder trust.
A private storage account in Microsoft Azure is a type of storage account that blocks all public access, making sure only authorized users or applications within your network can access the data.
This article explains how companies can safely store their internal documents using modern cloud or in-office storage solutions.
Architecture diagram
Here are the steps to follow:
Create a storage account and configure high availability.
- Create a storage account for the internal private company documents. Steps:
A. Log into the Azure portal.
B. In the portal, search for and select Storage accounts.
C. Select + Create.
D. Select a Resource.
E. Set the Storage account name to private.
F. Select review and then create.
G. Wait for the storage account to deploy.
- Configure high availability. Steps:
A. Go to resource.
B. In the storage account, in the Data management section, select the Redundancy blade.
C. Ensure Geo-redundant storage (GRS) is selected.
D. Review the primary and secondary location information.
E. Save your changes.
Create a storage container, upload a file, and restrict access to the file. Steps:
1.Create a private storage container for the corporate data.
A. In the storage account, in the Data storage section, select the Containers blade.
B. Select + add Container.
C. Ensure the Name of the container is private.
D. Ensure the Public access level is Private (no anonymous access).
E. Select create.
- For testing, upload a file to the private container, test to ensure the file isn’t publicly accessible. Steps:
A. Select the container.
B. Select Upload.
C. Browse to files and select a file.
D. Upload the file.
E. Select the uploaded file.
F. On the Overview tab, copy the URL.
G. Paste the URL into a new browser tab.
H. Verify the file doesn’t display and you receive an error.
- Configure and test a shared access signature (SAS) for an external partner who requires read and write access to the file for at least the next 24 hours. Steps:
A. Select your uploaded blob file and move to the Generate SAS tab.
B. In the Permissions drop-down, ensure the partner has only Read permissions.
C. Verify the Start and expiry date/time is for the next 24 hours.
D. Select Generate SAS token and URL.
E. Copy the Blob SAS URL to a new browser tab.
F. Verify you can access the file. If you have uploaded an image file it will display in the browser.
Configure storage access tiers and content replication.
- To save on costs, after 30 days, move blobs from the hot tier to the cool tier. Steps: Steps: A. Return to the storage account. In the Overview section, notice the Default access tier is set to Hot.
B. In the Data management section, select the Lifecycle management blade.
C. Select Add rule.
D. Set the Rule name to movetocool. Set the Rule scope to Apply rule to all blobs in the storage account. Select Next.
E. Ensure Last modified is selected. Set More than (days ago) to 30. In the Then drop-down select Move to cool storage. Add the rule.
2.The public website files need to be backed up to another storage account.Steps :
A. In your storage account, create a new container called backup. Use the default values.
B. Navigate to your publicwebsite storage account. In the Data management section, select the Object replication blade. Select Create replication rules.
C. Set the Destination storage account to the private storage account.
D. Set the Source container to public and the Destination container to backup. Create the replication rule.
Top comments (0)