Introduction

Cloud storage is a cornerstone of modern infrastructure, and Azure Files provides a fully managed, secure, and scalable way to share files across applications and users. Whether you're building internal business systems, migrating workloads, or learning how to manage enterprise data securely, understanding how to configure Azure File Shares is a practical and essential skill.

In this project, you’ll provision Azure resources step-by-step to deploy a secure file-sharing environment for a finance department. You’ll create a premium storage account, configure file shares and directories, implement snapshots for file recovery, and restrict access using virtual network (VNet) and subnet rules. This lab is designed to simulate a real-world use case while sharpening your Azure skills across storage, security, and networking.

Architecture Diagram

This section implements an architecture where an Azure Storage Account hosts an Azure File Share, organized with a subdirectory. Access is restricted using a Virtual Network and Subnet, and file integrity is preserved through snapshots.

The architecture includes:

• A Storage Account (premium file shares)
• A File Share containing a directory
• Snapshot protection for file recovery
• Virtual Network/Subnet restrictions to limit access

Skilling Objectives

• Deploy a storage account specifically configured for Azure Files
• Configure a file share and create subdirectories
• Enable and test file recovery using snapshots
• Secure file access by restricting it to a specific virtual network and subnet

Lab Instructions

🧠 You will need an active Azure subscription to complete this section.

Step 1: Create and Configure a Storage Account for Azure Files

This storage account will serve the finance department’s file share.

1. Go to the Azure Portal and search for Storage accounts.
   

2. Click + Create.
   

3. Select Create new under Resource Group, enter a name, and save.
   

4. Enter a unique lowercase name for the Storage Account (e.g., ibrahimstrg).

5. Set Performance to Premium.

6. Set Premium account type to File shares.

7. Set Redundancy to Zone-redundant storage (ZRS).

8. Click Review + Create, then click Create.
   
   

9. After deployment, click Go to resource.
   

Step 2: Create a File Share and Directory

1. In your storage account, go to File shares under Data storage.

2. Select + File share, enter a name (e.g., ibrahimfs), and click Create.
   
   
   

3. Click into the newly created file share.

4. Select + Add directory, name it finance, and create it.
   

5. Browse into the finance directory.

6. Upload a file of your choice (e.g., a .txt or .csv file) for testing.
   

Step 3: Configure and Test Snapshots

To guard against accidental deletion, you’ll use snapshots to create restore points.

1. Within the file share, go to the Snapshots blade under Operations.

2. Select + Add snapshot (comments optional) and click OK.
   

3. Verify the snapshot contains your directory and uploaded file.

4. Go back to the live file share, enter the finance directory, and delete the uploaded file.
   
   

5. Return to Snapshots, open the snapshot, and navigate to the deleted file.

6. Select the file and click Restore, providing a new name (e.g., ibrahimrestore.txt).
   
   

7. Confirm the restored file appears in your file share.
   

Step 4: Restrict Access Using Virtual Network and Subnet

To simulate secure enterprise scenarios, you’ll restrict storage access to a specific virtual network.

1. From Azure Portal, search for Virtual networks and click + Create.
   
   

2. Use the same resource group and name the VNet (e.g., ibrahimRG).

3. Accept default settings, review, and deploy.
   
   
   

4. After deployment, go to the VNet resource and open the Subnets blade.

5. Select the default subnet.

6. Under Service endpoints, choose Microsoft.Storage from the dropdown.

7. Click Save.
   

Step 5: Apply Network Restrictions to the Storage Account

1. Go back to your storage account.
2. In the Security + networking section, open the Networking blade.
3. Change Public network access to: Enabled from selected virtual networks and IP addresses
4. Under Virtual networks, click + Add existing virtual network.
5. Select your newly created VNet and subnet, then click Add.
6. Click Save.

Step 6: Test Network Restrictions

1. Go to the Storage browser inside the storage account.
2. Try navigating to the file share and opening the directory.
3. You should see an error message such as: “Not authorized to perform this operation”

This confirms that your access is blocked unless coming from within the approved virtual network just like a private enterprise setup.

Conclusion

In this guided hands-on section, you've walked through the core steps required to securely provision and manage Azure File Shares. From creating a premium storage account to configuring a dedicated file share for the finance department, every component was carefully deployed with redundancy, network-level security, and file integrity in mind.

By implementing virtual network restrictions, you ensured that only approved networks and subnets can access the storage resource — a common requirement in enterprise-grade cloud deployments. Additionally, by configuring snapshots and file restore operations, you've taken a proactive step toward resilient data protection and disaster recovery readiness.

These skills are fundamental for any cloud professional managing sensitive workloads in Microsoft Azure. Whether you're working on real-world enterprise projects or building your portfolio, this setup demonstrates both technical competence and security awareness — two of the most in-demand skills in the cloud ecosystem today.