In today’s distributed work environment, businesses need secure, scalable, and easily accessible file storage for their offices. Azure Files provides a cloud-based solution, enabling seamless file sharing across teams while ensuring data protection and controlled access.
Project Objective
This guide walks through setting up a secure shared file storage system in Azure, covering:
- Creating a storage account – The foundation for hosting file shares.
- Configuring a file share and directory – Structuring shared folders for departments.
- Setting up snapshots & restoring files – Implementing backups for disaster recovery.
- Restricting access to a virtual network – Enhancing security by limiting connectivity to trusted networks.
By the end, you’ll have a fully functional, secure, and resilient file storage system for your company. Let’s get started!
Step 1 Create and configure a storage account for Azure Files.
Create a storage account for the finance department’s shared files. Learn more about storage accounts for Azure Files deployments.
- In the portal, search for and select Storage accounts.
- Select + Create.
- For Resource group select Create new. Give your resource group a name and select OK to save your changes.
- Provide a Storage account name. Ensure the name meets the naming requirements.
- Set the Performance to Premium.
- Set the Premium account type to File shares.
- Set the Redundancy to Zone-redundant storage.
- Select Review and then Create the storage account.
- Wait for the resource to deploy.
- Select Go to resource.
- Storage account is created succesfully.
Create and configure a file share with directory.
Create a file share for the corporate office. Learn more about Azure File tiers.
- In the storage account, in the Data storage section, select the File shares blade.
- Select + File share and provide a Name.
- Review the other options, but take the defaults.
- Select Create
- File share created successfully
Add a directory to the file share for the finance department. For testing, upload a file.
- Select your file share and select + Add directory.
- Name the new directory finance.
- Select Browse and then select the finance directory.
- Notice you can Add directory to further organize your file share.
- select the finance directory and Upload a file of your choosing.
- files was uploaded successfully
Step 3 Configure and test snapshots.
Similar to blob storage, you need to protect against accidental deletion of files. You decide to use snapshots.
- Select your file share.
- In the Operations section, select the Snapshots blade.
- Select + Add snapshot. The comment is optional. Select OK.
- Select your snapshot and verify your file directory and uploaded file are included.
Practice using snapshots to restore a file.
- Return to your file share.
- Browse to your file directory.
- Locate your uploaded file and in the Properties pane select Delete.
- Select Yes to confirm the deletion.
- Select the Snapshots blade and then select your snapshot.
- Navigate to the file you want to restore,
- Select the file and the select Restore.
- Provide a Restored file name.
- Verify your file directory has the restored file.
Step 4 Configure restricting storage access to selected virtual networks.
This tasks in this section require a virtual network with subnet. In a production environment these resources would already be created.
- Search for and select Virtual networks.
- Select Create. Select your resource group. and give the virtual network a name.
- Take the defaults for other parameters, select Review + create, and then Create.
- Wait for the resource to deploy.
- Select Go to resource.
- In the Settings section, select the Subnets blade.
- Select the default subnet.
- In the Service endpoints section choose Microsoft.Storage in the Services drop-down.
- Do not make any other changes.
- Be sure to Save your changes.
*The storage account should only be accessed from the virtual network you just created.
*
- Return to your files storage account.
- In the Security + networking section, select the Networking blade.
- Change the Public network access to Enabled from selected virtual networks and IP addresses.
- In the Virtual networks section, select Add existing virtual network.
- Select your virtual network and subnet, select Add.
- Be sure to Save your changes.
- Select the Storage browser and navigate to your file share.
- Verify the message not authorized to perform this operation. You are not connecting from the virtual network.
Conclusion
By following this guide, you’ve successfully implemented a secure, scalable, and resilient shared file storage solution in Azure for your company offices. You’ve:
✅ Created a storage account – The backbone of your Azure file share.
✅ Configured file shares and directories – Organized storage for seamless collaboration.
✅ Enabled snapshots and practiced file restoration – Ensured data protection with automated backups.
✅ Restricted access to a virtual network – Enhanced security by limiting exposure to trusted networks.
With Azure Files, your organization now has a centralized, high-performance storage system that supports remote and hybrid work while maintaining security, compliance, and disaster recovery capabilities.
Top comments (0)