Share via

How to implement Private access for a storage account used for shared resource via a mapped Drive

Osaghae Wellington Edobor 25 Reputation points
2025-12-17T02:51:19.08+00:00

Hi,

I have a storage account with a file share dedicated for shared drive for a specific team. It's currently set to public access. I am working on improving the security of some of the critical storage accounts. The drive has been mapped to a server and users local PC. What do I need to configure to ensure that the drive will still be accessible to the users via their local PC and on the server when I implement the access to private or only from a specific Network?

Thank you.

Azure Storage
Azure Storage
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
0 comments
Answer accepted by question author
  1. Q&A Assist
    2025-12-17T02:51:32.11+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To implement private access for your Azure storage account used for a shared resource via a mapped drive, you can follow these steps:

    1. Create a Private Endpoint: Set up a private endpoint for your storage account. This will assign a private IP address from your virtual network to the storage account, allowing access only from within that network. This ensures that the traffic does not traverse the public internet.
      • Navigate to the storage account, go to Networking, and select Private endpoint connections to create a new private endpoint.
    2. Modify DNS Settings: To ensure that the storage account name resolves to the private endpoint's private IP address, you may need to adjust your on-premises DNS settings. You can either:
      • Create an A record for storageaccount.file.core.windows.net in your on-premises DNS servers, or
      • Forward the core.windows.net zone from your on-premises DNS servers to your Azure private DNS zone.
    3. Restrict Public Endpoint Access: Once the private endpoint is set up, you can disable access to the public endpoint. This will ensure that only traffic originating from within your specified virtual networks can access the Azure file shares.
      • In the storage account's Networking settings, select the option to restrict access to the public endpoint.
    4. Allow Trusted Azure Services: If you are using Azure services that need to access the storage account, make sure to select the option to allow Azure services on the trusted services list to access the storage account.
    5. Test Access: After making these changes, test the access from both the server and local PCs to ensure that users can still access the mapped drive without issues.

    By following these steps, you can enhance the security of your storage account while maintaining access for your team.

    References:

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.