On Prem vm to azure storage files manual feed

Niren Adhikary 96 Reputation points
2023-07-11T20:22:50.06+00:00

Hello--I am looking for a secure solution pattern for manual upload of files in azure blob or datalake storage account. The individual users will need to upload these files into the storage account from on-prem machines at the same time we need a secure solution so that we have control over these data and files being uploaded to storage account. The data will be confidential data and we don't want users to create a mess by uploading unwanted files or deleted them. One solution that I can think of is we can have express route connection to on-prem but do we really need express route connectivity? Then mount the fileshare in the local VM. Or may be ADF to copy the files from on-Prem to azure storage. What is the best possible solution design approach we can follow in this use case scenario and a high level step to implement it. Thanks

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,374 questions
Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
11,254 questions
Microsoft Purview
Microsoft Purview
A Microsoft data governance service that helps manage and govern on-premises, multicloud, and software-as-a-service data. Previously known as Azure Purview.
1,394 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Vahid Ghafarpour 22,445 Reputation points
    2023-07-11T20:36:37.8266667+00:00

    You can create separate Azure storage accounts, and each user uploads files using web access or file-sharing solutions.


  2. deherman-MSFT 37,856 Reputation points Microsoft Employee
    2023-07-12T17:57:50.6566667+00:00

    @Niren Adhikary

    Thanks for clarifying. Since you are doing manual uploads I would recommend using Azure Storage Explorer. This will provide an easy way for users to login and have access to the appropriate blob container.

    A secure solution for manual file uploads to Azure Blob Storage or Data Lake Storage can be achieved by following these high-level steps:

    1. Enable Azure AD authentication: Use Azure Active Directory (Azure AD) to authorize requests to Azure Storage.
    2. Implement least privilege access: Assign only necessary permissions to users, groups, or applications via Azure RBAC.
    3. Enable secure transfer: Require secure connections for all requests made against the storage account.
    4. Configure firewall rules: Limit access to your storage account to requests from specified IP addresses or ranges, or from a list of subnets in an Azure Virtual Network (VNet).
    5. Register Azure Blob Storage in Microsoft Purview: Register your Azure Blob Storage data source in Microsoft Purview to enable data discovery and governance.
    6. Scan and catalog data: Configure and run scans in Purview to discover and catalog data in your Azure Blob Storage.
    7. Sign in to Storage Explorer: Users can access their storage accounts/containers they have permissions and upload their files.

    You don't necessarily need ExpressRoute connectivity for this scenario. Azure Data Factory (ADF) can be used to copy files from on-premises to Azure Storage, but it might not be the best fit for manual file uploads. I would recommend AzCopy or Azure Storage Explorer.

    Remember to follow security best practices and recommendations for Azure Blob Storage

    Hope this helps! Let me know if you have anymore questions and I will do my best to answer them.


    If you still have questions, please let us know in the "comments" and we would be happy to help you. Comment is the fastest way of notifying the experts.

    If the answer has been helpful, we appreciate hearing from you and would love to help others who may have the same question. Accepting answers helps increase visibility of this question for other members of the Microsoft Q&A community.

    Thank you for helping to improve Microsoft Q&A! User's image


  3. deherman-MSFT 37,856 Reputation points Microsoft Employee
    2023-07-19T18:37:04.3266667+00:00

    @Niren Adhikary

    Sorry for confusion. You said you wanted users to upload the files to Azure, I was thinking you wanted to do this directly. I am looking into this further and will provide and update soon.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.