DEV Community

Cover image for How to Implement a Secure Shared File Storage in Azure for Company Offices
SUBAIR NURUDEEN ADEWALE
SUBAIR NURUDEEN ADEWALE

Posted on

How to Implement a Secure Shared File Storage in Azure for Company Offices

#ai #cloudflarechallenge #microsoft #devops

In today’s distributed work environment, businesses need secure, scalable, and easily accessible file storage for their offices. Azure Files provides a cloud-based solution, enabling seamless file sharing across teams while ensuring data protection and controlled access.

Project Objective
This guide walks through setting up a secure shared file storage system in Azure, covering:

  • Creating a storage account – The foundation for hosting file shares.
  • Configuring a file share and directory – Structuring shared folders for departments.
  • Setting up snapshots & restoring files – Implementing backups for disaster recovery.
  • Restricting access to a virtual network – Enhancing security by limiting connectivity to trusted networks.

By the end, you’ll have a fully functional, secure, and resilient file storage system for your company. Let’s get started!

Step 1 Create and configure a storage account for Azure Files.

Create a storage account for the finance department’s shared files. Learn more about storage accounts for Azure Files deployments.

  • In the portal, search for and select Storage accounts.

  • Select + Create.

  • For Resource group select Create new. Give your resource group a name and select OK to save your changes.
  • Provide a Storage account name. Ensure the name meets the naming requirements.
  • Set the Performance to Premium.
  • Set the Premium account type to File shares.
  • Set the Redundancy to Zone-redundant storage.
  • Select Review and then Create the storage account.

  • Wait for the resource to deploy.
  • Select Go to resource.

  • Storage account is created succesfully.

Create and configure a file share with directory.

Create a file share for the corporate office. Learn more about Azure File tiers.

  • In the storage account, in the Data storage section, select the File shares blade.

  • Select + File share and provide a Name.
  • Review the other options, but take the defaults.
  • Select Create

  • File share created successfully

Add a directory to the file share for the finance department. For testing, upload a file.

  • Select your file share and select + Add directory.
  • Name the new directory finance.

  • Select Browse and then select the finance directory.
  • Notice you can Add directory to further organize your file share.

  • select the finance directory and Upload a file of your choosing.

  • files was uploaded successfully

Step 3 Configure and test snapshots.

Similar to blob storage, you need to protect against accidental deletion of files. You decide to use snapshots.

  • Select your file share.
  • In the Operations section, select the Snapshots blade.
  • Select + Add snapshot. The comment is optional. Select OK.

  • Select your snapshot and verify your file directory and uploaded file are included.

Practice using snapshots to restore a file.

  • Return to your file share.
  • Browse to your file directory.
  • Locate your uploaded file and in the Properties pane select Delete.

  • Select Yes to confirm the deletion.

  • Select the Snapshots blade and then select your snapshot.
  • Navigate to the file you want to restore,
  • Select the file and the select Restore.
  • Provide a Restored file name.

  • Verify your file directory has the restored file.

Step 4 Configure restricting storage access to selected virtual networks.

This tasks in this section require a virtual network with subnet. In a production environment these resources would already be created.

  • Search for and select Virtual networks.

  • Select Create. Select your resource group. and give the virtual network a name.

  • Take the defaults for other parameters, select Review + create, and then Create.
  • Wait for the resource to deploy.

  • Select Go to resource.

  • In the Settings section, select the Subnets blade.
  • Select the default subnet.
  • In the Service endpoints section choose Microsoft.Storage in the Services drop-down.
  • Do not make any other changes.
  • Be sure to Save your changes.

*The storage account should only be accessed from the virtual network you just created.
*

  • Return to your files storage account.
  • In the Security + networking section, select the Networking blade.
  • Change the Public network access to Enabled from selected virtual networks and IP addresses.
  • In the Virtual networks section, select Add existing virtual network.
  • Select your virtual network and subnet, select Add.

  • Be sure to Save your changes.

  • Select the Storage browser and navigate to your file share.
  • Verify the message not authorized to perform this operation. You are not connecting from the virtual network.

Conclusion
By following this guide, you’ve successfully implemented a secure, scalable, and resilient shared file storage solution in Azure for your company offices. You’ve:

✅ Created a storage account – The backbone of your Azure file share.
✅ Configured file shares and directories – Organized storage for seamless collaboration.
✅ Enabled snapshots and practiced file restoration – Ensured data protection with automated backups.
✅ Restricted access to a virtual network – Enhanced security by limiting exposure to trusted networks.

With Azure Files, your organization now has a centralized, high-performance storage system that supports remote and hybrid work while maintaining security, compliance, and disaster recovery capabilities.

Top comments (0)