You should always seriously consider enabling this feature. This is part of the ADS suite – Advanced Data Security and I will show you how good this pro-active service is.
Let’s get straight to the point. From official documentation it states that “To secure your storage account, you should first configure a rule to deny access to traffic from all networks (including internet traffic) by default. Then, you should configure rules that grant access to traffic from specific vnets. This configuration enables you to build a secure network boundary for your applications”.
Navigate to your storage account, what is the default setting? It is shown below.
Using a Shared Access Signature (SAS) is usually the best way to control access rights to Azure storage resources (like a container for backups) without exposing the primary / secondary storage keys. It is based on a URI and this is what I want to look at today.
I always use the Azure Storage Explorer to build a SAS token. Let’s dig into what the different parts mean.
I was using a query on one of my local SQL Servers where I wanted to know what logins were connected to my databases. I actually ended up running the query against my Azure SQL Database and had some very interesting results.