Storage account (SFTP enabled) expose to public

Pradeep Narangoda 20 Reputation points
2024-06-06T13:36:00.97+00:00

I have a storage account with SFTP enabled. Currently, this can access anyone who in the internet. I don't want to expose my storage to the public. I want to allow only port 22 for this. also, We don't want to add single public IPs or networks. The goal is for anyone in the public to gain access via port 22.

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,694 questions
{count} votes

Accepted answer
  1. Anand Prakash Yadav 7,780 Reputation points Microsoft Vendor
    2024-06-07T09:20:59.86+00:00

    Hello Pradeep Narangoda,

    Thank you for posting your query here!

    To ensure your Azure Storage account with SFTP enabled is secure and not exposed to the public, you can consider the following options:

    Option 1: Enable for All Networks

    It is possible to enable your storage account for access from all networks, relying solely on the strength of username/password and encryption keys.

    Option 2: Enable from Selected Virtual Networks and Whitelist Public IP Addresses

    This option provides a higher level of security by restricting access to specific IP addresses.

    Option 3: Securing Azure Storage Account with Private Endpoint

    To ensure that your Azure Storage account with SFTP enabled is not exposed to the public internet, you may consider using Azure Private Endpoint. This approach provides the highest level of security by allowing access to your storage account only through a private IP address within your Azure Virtual Network (VNet).

    Do let us know if you have any further queries. I’m happy to assist you further.

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.


0 additional answers

Sort by: Most helpful