Share via

Alternative Solution for Azure static Website to connect the Azure storage account in Secure Mode (Public Access disabled)

Thyagarajulu BM (LTIMindtree Limited) 0 Reputation points Microsoft External Staff
2025-03-19T11:36:20.01+00:00

Currently, public access is enabled for the Azure Storage account, along with the Static Website feature, to host web content. However, due to security requirements, we need to disable public access to the storage account. Since the Static Website functionality relies on public accessibility, disabling it will break the existing configuration.

Additionally, while attempting to add the storage account to the Network Security Perimeter (NSP), we encountered an error. Please find the attached screenshot for reference.

User's image

Could you please suggest an alternative solution to meet this requirement? If a viable approach exists, kindly provide a detailed solution document outlining the necessary steps.

Looking forward to your guidance.

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,461 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vinod Kumar Reddy Chilupuri 3,745 Reputation points Microsoft External Staff
    2025-03-19T14:30:22.05+00:00

    Hi Thyagarajulu BM (LTIMindtree Limited),

    To securely connect your Azure Storage account while hosting a static website, you can use Azure Private Endpoints. This method allows you to disable public access to your storage account while still enabling access for your static website.

    1. Disable Public Access: Disable public network access for your storage account in the Azure portal under Networking settings.
    2. Create a Virtual Network (VNet): Set up a virtual network in Azure. This VNet will securely connect to your storage account.
    3. Create a Private Endpoint:
      • In the Azure portal, go to your storage account.
      • Under Networking, select "Private endpoint connections."
      • Click "Add" to create a new private endpoint.
      • Select the appropriate VNet and subnet for the private endpoint.
    4. DNS Configuration: After creating the private endpoint, you need to configure DNS settings to ensure that requests to your storage account resolve to the private endpoint. This may involve creating a DNS record in your VNet.
    5. Accessing the Static Website: With the private endpoint in place, you can access your static website through the private link. Ensure that any client services that need to access the static website are also within the same VNet or have a VPN/ExpressRoute connection to it.
    6. Testing: Test the configuration by accessing the static website endpoint from within the VNet to ensure that it is reachable.

    This approach maintains the static website functionality while meeting security requirements by eliminating public access.
    https://learn.microsoft.com/en-us/azure/cloud-shell/vnet/how-to-use-private-endpoint-storage#connect-to-a-storage-account-using-an-azure-private-endpoint
    https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security?tabs=azure-portal#about-virtual-network-endpoints

    Hope the above suggestion helps! Please let us know do you have any further queries.

    Please do consider to “Accepted the answer” wherever the information provided helps you, this can be beneficial to other community members. 

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.