question

sureshbettadapur-7315 avatar image
0 Votes"
sureshbettadapur-7315 asked SumanthMarigowda-MSFT edited

When a Storage account is assigned Private endpoint, do we still need to enable firewalls?

When a Storage account is assigned Private endpoint, and public access to blob container is disabled, is there a need to make it do more secure by enabling firewalls to restrict access only to specific networks/subnets?

azure-blob-storageazure-private-link
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

SumanthMarigowda-MSFT avatar image
0 Votes"
SumanthMarigowda-MSFT answered SumanthMarigowda-MSFT edited

@sureshbettadapur-7315 Welcome Q&A Forum! Thank you for posting your query here.

When a Storage account is assigned Private endpoint, and public access to blob container is disabled, is there a need to make it do more secure by enabling firewalls to restrict access only to specific networks/subnets? Not required

Using private endpoints for your storage account enables you to:

  • Secure your storage account by configuring the storage firewall to block all connections on the public endpoint for the storage service.

  • Increase security for the virtual network (VNet), by enabling you to block exfiltration of data from the VNet.

  • Securely connect to storage accounts from on-premises networks that connect to the VNet using VPN or ExpressRoutes with private-peering.

  • You can secure your storage account to only accept connections from your VNet, by configuring the storage firewall to deny access through its public endpoint by default. You don't need a firewall rule to allow traffic from a VNet that has a private endpoint, since the storage firewall only controls access through the public endpoint. Private endpoints instead rely on the consent flow for granting subnets access to the storage service.

Hope this helps!

Kindly let us know if the above helps or you need further assistance on this issue.


Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.