Let’s be honest: the first time you log into the Azure Portal, it looks like a giant wall of buttons and confusing menus. If you are a Cloud Engineer just starting out, the pressure to "get it right" is real, especially when it comes to keeping data safe.
Think of your Azure project like building a new house. Before you bring in the furniture, you need two things:
A Resource Group: This is like the land your house sits on. It keeps all your materials in one place so they don't get lost.
A Storage Account: This is your digital vault. It’s where you keep your most important files.
Though we aren't just going to click "Next" and hope for the best. We are going to "harden" our vault using the specific settings required for a secure setup:
Secure Transfer: We will make sure every request to our data is encrypted and safe.
TLS 1.2: This is the modern "secret code" that protects your data while it travels.
Disabling Key Access: We'll turn off the "master keys" when they aren't needed to keep the vault extra tight.
No confusing jargon, just a clear, step-by-step path to building your first secure foundation in the cloud. Let’s dive in!
Phase 1: Setting up the "Land" (Creating Your Resource Group)
Every project in Azure needs a home. As a Cloud Engineer, your first task is to create a Resource Group. Think of this as a logical container, if you delete the group, everything inside it is cleaned up, which makes managing your project a breeze.
The Action Plan:
1 . In the Azure portal, search for and select Resource groups.
"Accessing the Resource Groups Blade to initialize the provisioning process"
2 . Select + Create.
"Opening the configuration blade and begins provisioning the resource group"
3 . Give your resource group a name example, storagerg and select a region which will be used region throughout the project.
"Defining the Resource Group name and selecting a Region to establish the geographical and logical foundation for our deployment"
4 . Select Review and create to validate the resource group.
" Running the final validation to ensure our configuration is sound before clicking Create to execute the deployment"
5 . Select Create to deploy the resource group.
"Initiating deployment process to finalize the creation of our logical container within the Azure environment"
Phase 2: Provisioning the Secure Storage Account
With our Resource Group successfully deployed, we have established the "logical house" for our project. Now, we will deploy the Storage Account—the vault where our data will live, ensuring we apply engineering best practices for performance and security from the very first click.
Action Plan :
1 . In the Azure portal, search for and select Storage accounts.
"Navigating to the storage accounts hub to begin the deployment of our core data infrastructure."
2 . Select + Create.
_"Selecting + Create to initialize the deployment workflow and open the storage configuration blade" _
3 . Provide a 'Storage account name'. The storage account name must be unique in Azure. Also set performance to 'standard'. Proceed to 'Review and Create'
"Defining the core parameters for our storage infrastructure, linking it to our existing resource group and selecting the standard performance tier before proceeding for final review and create"
4 . Select Create.
"Executing final deployment to provision of our storage infrastructure within the defined resource group"
5 . Wait for the storage account to deploy and then Go to resource.
"Deployment successful. Selecting Go to Resource for the new storage account"
Phase 3: Configure simple settings in the storage account.
Now that our storage account is live, we need to move beyond default settings. In a real-world scenario, "defaults" are rarely enough. In this phase, we will navigate the Management Blade to adjust redundancy and enforce security protocols, ensuring our data is stored efficiently and securely.
Action Plan :
1 . The data in this storage account doesn’t require high availability or durability. A lowest cost storage solution is desired.
- In your storage account, in the Data management section, select the Redundancy blade.
- Select Locally-redundant storage (LRS) in the Redundancy drop-down.
- Be sure to Save your changes.
- Refresh the page and notice the content only exists in the primary location.
"Optimizing redundancy level to LRS and committing the changes; the refresh feature ensures the management plane reflects the updated configuration immediately"
2 . The storage account should only accept requests from secure connections. Developers would like the storage account to use at least TLS version 1.2.
- In the Settings section, select the Configuration blade.
- Ensure Secure transfer required is Enabled.
- Ensure the Minimal TLS version is set to Version 1.2.
"Enforcing data in transit security by requiring encrypted connections and setting TLS 1.2 protocol as the minimum standard for all incoming request"
3 . Until the storage is needed again, disable requests to the storage account.
- In the Settings section, select the Configuration blade.
- Ensure Allow storage account key access is Disabled.
- Be sure to Save your changes.
"Disabling shared key access to shift toward a more secured, identity driven authentication model (RBAC), effectively mitigating the risk of leaked account keys"
4 . Ensure the storage account allows public access from all networks.
- In the Security + networking section, select the Networking blade.
- Ensure Public network access is set to Enabled from all networks.
- Be sure to Save your changes.
"Configuring the Networking firewall to allow public access, ensuring the storage account is reachable from all external networks as required for this deployment's connectivity requirements."
Mission Accomplished
Deploying a storage account in Azure is a fundamental skill, but hardening it is what separates a beginner from a professional. Through this lab, we successfully established a secure foundation by first creating a dedicated Resource Group, then provisioning a Standard Storage Account with optimized LRS redundancy. By moving beyond default settings to enforce TLS 1.2, disabling Shared Key access, and configuring the Networking firewall, we have transformed a basic resource into a hardened, production-ready environment built with a security-first mindset.
Top comments (10)
Very detailed explanation on the basics of Azure. I feel like a developer already just reading this post. Well done, Precious.
Thank you, Otuto.
Awesome!
It is always a delight hearing from you.
I’ve been able to identify mistakes in my work. Nice job on making this look easy
Great to hear.
Thank you
Beautiful review.
Thank you so much, ma
This is lovely, have learnt and still learning alot from you, weldone boss
Boss, appreciate you!
Thank you
Your expertise is on another level. Where did you learn this from?! Great article.
Haha!
Putting in the work with SKILL.SCH.
I appreciate the feedback.
Thank you so much, Favour!