Provide private storage for internal company documents

Source: Dev.to

What is a Private Storage?

Private storage is a storage system designed to keep data restricted to authorized users only. It is not publicly accessible over the internet, requires authentication and access controls, and is used to securely store internal or sensitive information, such as company documents, records, or proprietary data.

Create a Private Storage Account

1. In the portal, search for and select Storage accounts.
2. Click + Create.
3. Choose the resource group created in the previous lab.
4. Set the Storage account name to private (add an identifier to ensure uniqueness).
5. Click Review + create, then Create.
6. Wait for deployment, then select Go to resource.

Configure Redundancy

1. In the storage account, under Data management, select the Redundancy blade.
2. Ensure Geo-redundant storage (GRS) is selected.
3. Refresh the page.
4. Review the primary and secondary location information.
5. Save your changes.

Create a Private Container

1. In the storage account, under Data storage, select the Containers blade.
2. Click + Container.
3. Set Name to private.
4. Set Public access level to Private (no anonymous access).
5. (Optional) Review the Advanced settings, but keep the defaults.
6. Click Create.

Upload a File

1. Select the newly created container.
2. Click Upload.
3. Browse to the file you want to upload and select it.
4. Click Upload.

Verify Access Restrictions

1. Select the uploaded file.
2. On the Overview tab, copy the URL.
3. Paste the URL into a new browser tab.
4. Verify the file does not display and you receive an error (access is blocked).

Generate a SAS Token

1. Select the uploaded blob file and go to the Generate SAS tab.
2. In the Permissions drop‑down, ensure only Read permission is granted.
3. Set the Start and Expiry date/time to cover the next 24 hours.
4. Click Generate SAS token and URL.
5. Copy the Blob SAS URL to a new browser tab.
6. Verify you can now access the file (images will display; other file types will be downloaded).

Review Storage Account Settings

• In the Overview section, note that the Default access tier is set to Hot.

Configure Lifecycle Management

1. In the Data management section, select the Lifecycle management blade.
2. Click Add rule.
3. Set Rule name to movetocool.
4. Set Rule scope to Apply rule to all blobs in the storage account.
5. Click Next.
6. Ensure Last modified is selected.
7. Set More than (days ago) to 30.
8. In the Then drop‑down, select Move to cool storage.
9. (Optional) Review other lifecycle options.
10. Click Add to create the rule.

Create a Backup Container

1. In your storage account, create a new container named backup using the default values.
2. Refer back to Lab 02a for detailed instructions if needed.

Set Up Object Replication

1. Navigate to your publicwebsite storage account (created in the previous exercise).
2. In the Data management section, select the Object replication blade.
3. Click Create replication rules.
4. Set Destination storage account to the private storage account you created earlier.
5. Set Source container to public and Destination container to backup.
6. Click Create to establish the replication rule.