How to provide private storage for internal company documents

The following are below are steps for the above process
In the Azure portal, search for and select Storage accounts.

then Select + Create

Select the Resource group created in the previous lab.

Set the Storage account name to private and add an identifier to the name to ensure the name is unique (privatestella).

Select Review, and then Create the storage account

After validation has pass click create

Wait for the storage account to deploy, and then select Go to resource.

In the storage account, in the Data management section, select the Redundancy blade.
Ensured Geo-redundant storage (GRS) is selected.

Refresh the page and review the primary and secondary location information.

In the storage account, in the Data storage section, select the Containers blade.

Select Container

Ensure the Name of the container is private and make Public access level is Private (no anonymous access)

In Advanced settings, take the defaults and click create

For testing, upload a file to the private container
Select the container

Select Upload

Browse to files and select a file and then Upload the file

upload file

Select the uploaded file.

On the overview tab of the uploaded

Copy the URL.

Paste the url: https://privatestella.blob.core.windows.net/private/advanced.png on a browser to verify the file doesn’t display and you receive an error.

An external partner requires read and write access to the file for at least the next 24 hours. shared access signature (SAS) should be configured and tested
Select your uploaded blob file and move to the Generate SAS tab

In the Permissions drop-down, ensure the partner has only Read permissions.
Verify the Start and expiry date/time is for the next 24 hours

On the bottom center, Select Generate SAS token and URL

Copy the Blob SAS URL (https://privatestella.blob.core.windows.net/private/advanced.png?sp=r&st=2024-05-29T13:08:46Z&se=2024-05-30T13:08:46Z&spr=https&sv=2022-11-02&sr=b&sig=UJrEZnYxYdINV97Kfeb6nlVDQXaDkw9ZuKpkyD742Jo%3D)

Then copy the Blob url to a new browser tab
.
Configure storage access tiers and content replication.
Return to the storage account.
in the Overview section, the Default access tier is set to Hot.

Data management section, select the Lifecycle management blade.

Select Add rule.

Set the Rule name to movetocool

Set the Rule scope to Apply rule to all blobs in the storage account and select Next.

Ensuring the Last modified is selected and set More than (days ago) to 30. In the Then drop-down select Move to cool storage. then click add

The public website files need to be backed up to another storage account
In a the storage account, create a container

Call the container backup and create

Navigate to the public website storage account (nicolestorage1).In the Data management section, select the Object replication blade

Select Create replication rules

Set the destination storage account to the private storage account(privatestella)
Go to the publicwebsitekam storage account created in the previous exercise in the Data management section, select the Object replication blade

Set the Destination storage account to the private storage account

Set the Source container to public and the Destination container to backup

Create the replication rule.