Step-by-Step Guide: Setting Up Secure, High-Availability Private Storage for Internal Company Documents in Azure

Businesses need private, highly available, and cost-efficient storage for sensitive files. This project sets up Azure Blob Storage to securely store internal documents with controlled access, automated backups, and smart cost management.

Key Steps:

1. Create Storage Account – Set up Azure storage with high-availability redundancy.
2. Restrict Container Access – Ensure only authorized users can access internal files.
3. Generate SAS for Partners – Securely share files with external collaborators.
4. Back Up Public Website Data – Protect public content with private backups.
5. Optimize Costs with Lifecycle Rules – Automatically move old files to cheaper storage.

This solution delivers security, compliance, and resilience for critical company data. Let’s get started.

Step 1 Create a storage account and configure high availability.

Create a storage account for the internal private company documents.

• In the portal, search for and select Storage accounts.

• Select + Create.

• Select Create new give it a name to create a new Resource group.
• Set the Storage account name to private. Add an identifier to the name to ensure the name is unique.
• Select Review, and then Create the storage account.

• Wait for the storage account to deploy, and then select Go to resource.

• Storage account is successfully created.

*This storage requires high availability if there’s a regional outage. Read access in the secondary region is not required. Configure the appropriate level of redundancy.
*

• In the storage account, in the Data management section, select the Redundancy blade.
• Ensure Geo-redundant storage (GRS) is selected.
• Refresh the page.
• Review the primary and secondary location information.
• Save your changes.

Create a storage container, upload a file, and restrict access to the file.

Create a private storage container for the corporate data.

• In the storage account, in the Data storage section, select the Containers blade.
• Select + Container.
• Ensure the Name of the container is private.
• Ensure the Public access level is Private (no anonymous access).
• As you have time, review the Advanced settings, but take the defaults.
• Select Create.

• The container is created successfully.

• For testing, upload a file to the private container. The type of file doesn’t matter. A small image or text file is a good choice.

• The files are sucessfully uploaded

• Test to ensure the file isn’t publically accessible by clicking on one of the files.
  

• Copy the URL to any browser to view it content. you should get an error message that says "public access is not permitted"

An external partner requires read and write access to the file for at least the next 24 hours. Configure and test a shared access signature (SAS). Learn more about Shared Access Signatures.

• Select your uploaded blob file and move to the Generate SAS tab.

• In the Permissions drop-down, ensure the partner has only Read permissions.
• Verify the Start and expiry date/time is for the next 24 hours.
• Select Generate SAS token and URL.

• Copy the Blob SAS URL to a new browser tab.

• Verify you can access the file. If you have uploaded an image file it will display in the browser. Other file types will be downloaded.

Step 3 Configure storage access tiers and content replication.

*To save on costs, after 30 days, move blobs from the hot tier to the cool tier. Learn more how manage the Azure Blob storage lifecycle.
*

• Return to the storage account.
• In the Overview section, notice the Default access tier is set to Hot.

• In the Data management section, select the Lifecycle management blade.
• Select Add rule.

• Set the Rule name to movetocool.
• Set the Rule scope to Apply rule to all blobs in the storage account.
• Select Next.

• Ensure Last modified is selected.
• Set More than (days ago) to 30.
• In the Then drop-down select Move to cool storage.
• As you have time, review other lifecycle options in the drop-down.
• Add the rule.

The public website files need to be backed up to another storage account.

• Create a new storage account, In your storage account, create a new container called backup. Use the default values.

• Navigate to your publicwebsite storage account. This storage account was created in the previous exercise.
• In the Data management section, select the Object replication blade.
• Select Create replication rules.

• Set the Destination storage account to the private storage account.
• Set the Source container to public and the Destination container to backup.
• Create the replication rule.

• Optionally, as you have time, upload a file computer class.txt ** to the public container. Return to the private storage account and refresh the backup container. Within a few minutes your public website file **computer class.txt will appear in the backup folder.

✅ Conclusion

Setting up a secure, high-availability private storage solution in Azure for internal company documents is a critical step toward ensuring data integrity, confidentiality, and business continuity. By following this step-by-step guide, you've learned how to configure storage accounts, apply access restrictions, enable redundancy, and enforce compliance-grade security settings.

With your private storage environment now properly configured, your organization can confidently store sensitive files, collaborate securely, and scale as needed — all within the robust infrastructure of Microsoft Azure. Keep your storage environment monitored and regularly updated to adapt to evolving business and security needs.