Configure Blob Storage with Private Access

In this IT Pro Challenge virtual lab, learners configure an Azure storage account with a private blob container, use it to upload a file and make this container available through a shared access signature. Those pursuing Data Analyst, Network Engineering, and System Administrator careers benefit from allocating and using cloud storage.

45 minutes
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »


This virtual lab will prepare you to create and customize Azure storage in a private blob (a setup to hold vast amounts of data) container and make it selectively available through a shared access signature. You will also upload a file to the container, use Bash through Cloud Shell to run commands, and check your work after completing each exercise. Upon completion of this lab, you will know how to allocate storage capacity and manage container access effectively.

Beginning learners who have used a Windows system and a command-line interface will have adequate preparation to succeed in this guided virtual lab. It is recommended that lab participants set aside a full thirty-minute time block to do lab exercises in one sitting. Learners will not be able to come back to lab activities in progress. However, participants may take the virtual lab more than once. Learners who have a file ready for upload before starting the lab will find it helpful in completing the lab more effectively. The lab sets up an Azure portal with a resource group and web app already provisioned.

If you pursue a career as a System Administrator, Network Engineer, Cyber Operator, Data Analyst, or Microsoft Azure Cloud Engineers, you will want to take this virtual lab. You will learn how to customize and allocate storage accounts effectively, manage private containers to allow only authorized users, and upload data from a system to the cloud storage. Furthermore, you will enter and manipulate Bash commands in Azure Cloud Shell to set up a shared access signature helpful in safeguarding a private storage container, while allowing authorized users access. Much work to manage systems, networks, storage, and security happens inside Azure cloud shell, and this lab expands Bash knowledge.

Understanding the Scenario:

You are a system administrator for a company that is migrating its application services from its data center to Azure. You need to create and deploy an Azure virtual machine that hosts Windows Server 2016 Datacenter. You also need to add a data disk to the virtual machine and implement Azure Disk Encryption as a proof of concept.

Create a Storage Account That Has a Blob Container:

In this virtual lab portion, you will create and configure a storage account. Then, you will add a blob container and set the public access to private. By making the storage private, you cannot read the container contents unless you have a key or the credentials. Azure automatically assigns a primary key when you create the storage account.

Upload Files to the Storage Account:

The lab exercise asks you to upload a file, you have on hand, to the private storage account created previously. You can add metadata, information about the file’s contents when you upload or afterward. Metadata consists of key-value pairs and helps you to organize and retrieve data. For example, if you ever upload four hundred videos, you can track different content through the metadata. Also, you can manage and manipulate metadata through applications, like Azure Cloud Shell and command-line tools.

Generate a Shared Access Signature for the Private Container:

The instructions have you enter and run commands in Bash, to generate a read-only shared access signature (SAS) for a limited period. To use Bash, you open Cloud Shell and set the storage account, through the advanced settings. In this lab exercise, you use the storage account you created in the first lab section. As a result of executing a SAS, you get a SAS token. Make sure the SAS can work for at least twenty-four hours. You use the SAS in the next lab section.

Test the Web Application:

You open the Web Application and enter the credentials (storage account name and key and SAS token) to access it. The Web App returns two URLs, one with and another without the SAS token. You check that the URL without the SAS token generates an error, and the one with the SAS token returns the file.


You will know how to create and use a private container to upload files and to manage access. Upon completion, you will:

  • Provision Azure storage.
  • Create a blob storage container that has private blob access.
  • Upload a file to the blob container.
  • Set the metadata of a blob.
  • Generate a SAS token for the storage container.
  • Verify that a web app has access to a file in the blob container.

You will also have hands-on experience with Bash in the Azure Cloud Shell, which will be handy in managing files uploaded and efficiently managing private containers.