Configure Network Access to the Storage Account

2 minutes to read

Is an option that has been long-awaited, to configure storage accounts to deny access to traffic from all networks (including internet traffic) by default.  Then grant access to traffic from specific VNets. This configuration enables you to build a secure network boundary for your applications.  You can also grant access to public internet IP address ranges, enabling connections from specific internet or on-premises clients. You can do a lot of thinks and more info can be found in this link , but let me show you an example of how this it should look, and how to add a specific VNets to and storage account.

Ok, lets start with creation of storage account in case if you don’t have an existent, go to , if you have one go directly to step 6,


2. Select your subscription and resource group

3. Name your storage account, location, performance, account kind, replication and access tier.

4. Go next to Advanced settings, and here you the option to add a subnet, but first choose the virtual network.

5. Go next through Tags tab, check-in Review + create tab the configuration and click create.

6.  After creation, go to the storage account you want to secure. click on Firewalls and virtual networks.

  • To deny access by default, choose to allow access from Selected networks.
  • To allow traffic from all networks, choose to allow access from All networks.

This is the way you can configure storage accounts to deny access to traffic from all networks (including internet traffic). If you have any questions don’t hesitate to contact me via Ask a question



Announcing Virtual Network integration for Azure Storage and Azure SQL

Configure Azure Storage firewalls and virtual networks

Leave a Reply

Your email address will not be published.Required fields are marked *