What ports must be open when using Azure.Storage.Blobs

Joel Palmer (JLPM) 141 Reputation points
2023-01-30T22:29:18.9966667+00:00

I am using the Azure.Storage.Blobs library inside a .NET 6 app hosted in a Windows Service. How must I open up the network firewall in order to have this upload my files?

Is it as simple as opening up port 80 and 443? Or is there more to it?

Also, is there anything I need to consider with my Antivirus software settings?

Azure Storage Explorer
Azure Storage Explorer
An Azure tool that is used to manage cloud storage resources on Windows, macOS, and Linux.
218 questions
0 comments No comments
{count} votes

Accepted answer
  1. Sumarigo-MSFT 42,586 Reputation points Microsoft Employee
    2023-01-31T08:34:25.93+00:00

    @Joel Palmer (JLPM) Welcome to Microsoft Q&A Forum, Thank you for posting your query here.

    Adding more information to the above response:

    Port 443 allows data transmission over an encrypted network, while Port 80 enables data transmission in plain text

    You can choose port 443 in this scenario.

    This article contains security recommendations for Blob storage. Implementing these recommendations will help you fulfill your security obligations as described in our shared responsibility model. For more information on how Microsoft fulfills service provider responsibilities Security recommendations for Blob storage

    Azure security baseline for Storage: https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/storage-security-baseline

    Additional information: Now, with SFTP support for Azure Blob Storage, you can enable an SFTP endpoint for Blob Storage accounts with a single click. Then you can set up local user identities for authentication to connect to your storage account with SFTP via port 22.

    This article describes SFTP support for Azure Blob Storage. To learn how to enable SFTP for your storage account, see Connect to Azure Blob Storage by using the SSH File Transfer Protocol (SFTP).

    To create or update a security rule in the specified network security group. which can be used to enable ports 80 and 443 along with inbound rules:
    https://learn.microsoft.com/en-us/rest/api/virtualnetwork/securityrules/createorupdate

    Please let us know if you have any further queries. I’m happy to assist you further.   


    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.


1 additional answer

Sort by: Most helpful
  1. Luke Murray 10,276 Reputation points MVP
    2023-01-31T00:10:43.2666667+00:00

    443 should be all you need.

    Depending on how you do authentication, make sure you include the AAD URLs as well.

    Also, take a look at Defender for Storage.

    0 comments No comments