Is an option that has been long-awaited, to configure storage accounts to deny access to traffic from all networks (including internet traffic) by default. Then grant access to traffic from specific VNets. This configuration enables you to build a secure network boundary for your applications. You can also grant access to public internet IP address ranges, enabling connections from specific internet or on-premises clients. You can do a lot of thinks and more info can be found in this link , but let me show you an example of how this it should look, and how to add a specific VNets to and storage account.
Ok, lets start with creation of storage account in case if you don’t have an existent, go to https://portal.azure.com , if you have one go directly to step 6,
2. Select your subscription and resource group
3. Name your storage account, location, performance, account kind, replication and access tier.
5. Go next through Tags tab, check-in
6. After creation, go to the storage account you want to secure. click on Firewalls and virtual networks.
- To deny access by default, choose to allow access from Selected networks.
- To allow traffic from all networks, choose to allow access from All networks.
This is the way you can configure storage accounts to deny access to traffic from all networks (including internet traffic). If you have any questions don’t hesitate to contact me via Ask a question