Lab 6: Service Endpoints and Securing Storage

Student Name: Daniel Wanjama
Student ID: ADC-CSS02-25012

Introduction

This walkthrough guides you through Lab 06 of the Microsoft ADC Cybersecurity Skilling Program, focusing on securing Azure Storage using Service Endpoints and Network Security Groups (NSGs). You’ll restrict access to storage accounts via virtual network subnets, ensuring traffic stays within the Azure backbone.

Objectives

Configure Azure Service Endpoints for a storage account
Set up Network Security Groups to control subnet access
Deploy virtual machines in isolated subnets to test connectivity
Validate secure access to Azure Storage

Prerequisites

Active Azure subscription
Familiarity with Azure Portal, virtual networks, and storage accounts
Access to Azure Cloud Shell or PowerShell

Walkthrough

🗂️ Step 1: Create a Storage Account

Log in to Azure Portal
Navigate to Storage accounts → Create
Fill in:
- Subscription: Your active subscription
- Resource group: Lab06-RG
- Storage account name: lab06storage
- Region: East US
- Performance: Standard
- Redundancy: LRS
Click Create
Screenshot:
![lab6_page12.png](/assets/images/labs/lab6_page12.png)
Caption: Creating storage account basics

🌐 Step 2: Create a Virtual Network

… (and so on for each step, matching the formatting of your IAM lab)

Conclusion

This lab demonstrated how to secure Azure Storage using Service Endpoints and NSGs. By isolating access through subnets and enforcing firewall rules, you ensured that only trusted resources could connect. These configurations are essential for building secure, compliant cloud architectures.