Service Endpoints and Securing Storage
Lab 6: Service Endpoints and Securing Storage
Student Name: Daniel Wanjama
Student ID: ADC-CSS02-25012
Introduction
This walkthrough guides you through Lab 06 of the Microsoft ADC Cybersecurity Skilling Program, focusing on securing Azure Storage using Service Endpoints and Network Security Groups (NSGs). You’ll restrict access to storage accounts via virtual network subnets, ensuring traffic stays within the Azure backbone.
Objectives
- Configure Azure Service Endpoints for a storage account
- Set up Network Security Groups to control subnet access
- Deploy virtual machines in isolated subnets to test connectivity
- Validate secure access to Azure Storage
Prerequisites
- Active Azure subscription
- Familiarity with Azure Portal, virtual networks, and storage accounts
- Access to Azure Cloud Shell or PowerShell
Walkthrough
🗂️ Step 1: Create a Storage Account
- Log in to Azure Portal
- Navigate to Storage accounts → Create
- Fill in:
- Subscription: Your active subscription
- Resource group:
Lab06-RG - Storage account name:
lab06storage - Region: East US
- Performance: Standard
- Redundancy: LRS
- Click Create
Screenshot:
Caption: Creating storage account basics
🌐 Step 2: Create a Virtual Network
… (and so on for each step, matching the formatting of your IAM lab)
Conclusion
This lab demonstrated how to secure Azure Storage using Service Endpoints and NSGs. By isolating access through subnets and enforcing firewall rules, you ensured that only trusted resources could connect. These configurations are essential for building secure, compliant cloud architectures.