Skip to main content

How to configure your environment for a private network or public network with restricted access

Updated yesterday

Prerequisites

Make sure you meet the following prerequisites for setting up your environment:

  • An Azure account with an active subscription. If you don't already have an Azure account, create an account for free.

  • Ensure you have the following resources already deployed:

  1. Azure Virtual Machine (VM): The VM from which backup and restore are executed.

  2. Virtual Network (VNet) & Subnet: The network attached to both the storage account and the VM.

  3. Azure Storage Account(s): The General-Purpose V2 storage account(s) hosting your Azure File shares(SMB).

How to configure your environment for a public network with restricted access

Follow these instructions to set up your environment for protecting Azure Files over a public network with restricted access.

  1. Log in to the Azure portal.

  2. In the Search resources, services, and docs box, search for your Virtual network

  3. Click on the virtual network that is assigned to the Azure VM.

  4. Click Settings > Service endpoint.

  5. Perform the following steps to add the Microsoft.Storage service endpoint to the Azure VM subnet, if it isn’t already configured:

    1. Click Add.

    2. Select Microsoft.Storage for Service.

    3. Select Subnet, which is assigned to Azure VM.

    4. Click Add.

Status should show as Succeeded.

  1. Go to the storage account you want to access.

  2. In the left-hand navigation pane, click Security + networking > Networking.

  3. Configure Network Access by performing the following steps:
    Under the Firewalls and virtual networks tab:

    1. Select Public network access > Enable.

    2. Select Public network access scope > Enabled from selected virtual networks.


      This restricts access to the storage account to only the networks you specify.

  4. Add the Virtual Network by performing the following steps:

    1. Click + Add existing virtual network.

    2. In the new pane, select the Subscription and Virtual network where your VM is located.

    3. Select the specific Subnet that contains your VM.
      A message will appear to confirm that a service endpoint will be created on the subnet.

  5. Click "Add" to apply the configuration.

How to configure your environment for a private network with restricted access

  1. Log in to the Azure portal.

  2. Navigate to your storage account.

  3. From the left pane, click Networking and go to the Private Endpoints tab.

  4. Click the private endpoint and copy the Virtual network/subnet value.

  5. Create an Azure virtual machine and use the VNet/Subnet copied above during creation.

Related Articles
Restore Azure virtual machines
File Level Restore for Azure Virtual Machines
Pre-requisites for protecting Azure SQL resources
How to set up Private Endpoints for Azure SQL
System Requirements and Prerequisites for Azure Files
Did this answer your question?