Microsoft enables network-based access control for storage
- By Gov Cloud Insider Staff
Microsoft on Feb. 7 announced network-based access control for Azure Storage in all Azure public cloud regions and Azure Government. Virtual Networks and Firewalls for Azure Storage both use VNet Service Endpoints to allow administrators to create rules that define access-based security. They can ensure that only requests coming from approved virtual networks, subnets or specified public IP ranges will be allowed to a specific storage account.
The endpoints provide the virtual network private address space and VNet identity to the Azure services over a direct connection, securing Azure service resources to virtual networks. Traffic between the VNet and the Azure service always remains on the Microsoft Azure backbone network.
These tools create a secure network boundary for data by extending the VNet private IP space and identity directly to Azure Storage without leaving the Azure Government data center infrastructure, Microsoft said in a blog post.