Share via

Private Endpoints and Storage Container

Pendleton, David 20 Reputation points
2024-07-31T20:02:38.9533333+00:00

I am experimenting with Private Endpoints and Storage Accounts/Containers. I believe I have created all the supporting objects, including the Private Endpoint. Now I cannot access the Storage Containers within the Account from the Portal. How do I do this?

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
3,141 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. TP 118.1K Reputation points
    2024-07-31T20:36:52.5333333+00:00

    Hi David,

    Not being able to access data from the portal is normal when you have your storage account configured to only allow access via Private Endpoint.

    In order to access the data in your storage account you need to access it via the Virtual Network that has access to your Private Endpoint. For example, you could have a VM on the Virtual Network, connect to this VM using Azure Bastion (or other method), and then connect to the storage account to access blobs.

    Please click Accept Answer and upvote if the above was helpful. If something is unclear please add a comment below.

    Thanks.

    -TP

    0 comments
  2. Luis Arias 8,516 Reputation points
    2024-07-31T20:41:13.43+00:00

    Hi Pendleton, David,

    When you enable private endpoint and disable public network access you are restricting the communication to the virtual network only , If you want to continue having the access by azure portal I suggest to move the firewall of the storage account to "selected virtual networks and IP address" (https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security?tabs=azure-portal)

    User's image

    If the information helped address your question, please Accept the answer.

    Luis

    0 comments
  3. KarishmaTiwari-MSFT 20,677 Reputation points Microsoft Employee
    2024-08-12T19:18:47.9766667+00:00

    @Pendleton, David Checking in if the responses above helped. Let me know in the comments.

    In addition to above suggestions, here are a few steps to help you resolve this:

    1. Access via Virtual Network: Since your storage account is configured to only allow access via the Private Endpoint, you need to access it through the Virtual Network (VNet) that has access to the Private Endpoint. You can do this by:
      • Setting up a Virtual Machine (VM) within the same VNet.
      • Using Azure Bastion or another method to connect to this VM.
      • Accessing the storage account from this VM1.
    2. Adjust Firewall Settings: If you want to access the storage account directly from the Azure Portal, you can adjust the firewall settings of the storage account to allow access from selected virtual networks and IP addresses. This way, you can still maintain some level of security while enabling portal access1.
    3. DNS Configuration: Ensure that your DNS settings are correctly configured to resolve the private endpoint. This might involve setting up a custom DNS server or modifying the hosts file on your VM to point to the private endpoint’s IP address.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.