Azure Storage Accounts – Open to the Internet?

Let’s get straight to the point. From official documentation it states that “To secure your storage account, you should first configure a rule to deny access to traffic from all networks (including internet traffic) by default. Then, you should configure rules that grant access to traffic from specific vnets. This configuration enables you to build a secure network boundary for your applications”.

Navigate to your storage account, what is the default setting? It is shown below.

Continue reading

Azure – What is a Shared Access Signature?

Using a Shared Access Signature (SAS) is usually the best way to control access rights to Azure storage resources (like a container for backups) without exposing the primary / secondary storage keys. It is based on a URI and this is what I want to look at today.

I always use the Azure Storage Explorer to build a SAS token. Let’s dig into what the different parts mean.

Continue reading