Network Security Configuration
Learn how to set up network security measures for Azure services.
We'll cover the following...
Network security configurations play a critical role in safeguarding cloud-based resources, applications, and data from various security threats.
Secure access to storage account via web app
Let’s assume we have a storage account, “educativestorage,” and a web app through which we will access the storage account. We want the access to the storage account to be secure and private, i.e., no public access to the storage account. For this purpose, we’ll have to perform the following steps:
Create a private endpoint for the storage account in the subnet of a virtual network.
Create a virtual network integration for the web app in a different subnet of the same virtual network.
Disable all types of public access to the storage account.
In the diagram below, the private endpoint for the storage account provides secure connectivity to services within the virtual network, and the virtual network integration provides the web app service presence in the virtual network and allows it to connect to resources in the virtual network. For checking the connectivity of the web app with the storage account, we’ll not deploy any application. Instead, we’ll use the managed identity of the web app.
Create a private endpoint for a storage account
Let’s assume that we have the “educativeblobstorage” storage account. Follow the steps given below to create a private endpoint for it:
Navigate to the “Networking” tab in the “educativeblobstorage” storage account.
Click the “Private endpoint connections” section and then click the “Private endpoint” option.
Select a subscription and a resource group, give the private endpoint a unique name, and click the “Next : Resources >” button.
Select “blob” from the “Target sub-resource” drop-down list and click the “Next : Virtual Network >” button. ...