Securing Tiered Azure File Sync Storage - Firewall prevents backup? RRS feed

  • Question

  • With the Tiered storage of Azure, the data is stored in a Storage account Fileshare that will be open to the internet by default (which seems a crazy default setting).

    To prevent the share from being open to the internet, the Azure Firewall rules can be enabled to allow the clients subnet and Microsoft Trusted Services. 

    However, this prevents the Recovery Services Vault seeing the File share to back it up.

    The tiered data needs to be removed from a local machine backup so that the backup process doesn't download all of the files from the cloud on each backup...

    So how do you ensure that data is stored on the file shares, not open to the public to browse to and have it backed up?


    Tuesday, July 2, 2019 3:53 PM


All replies

  • Thanks for posting helsby, currently:
    • You can't protect Azure file shares in storage accounts that have Virtual Networks or Firewall enabled.
    "source: https://docs.microsoft.com/en-in/azure/backup/troubleshoot-azure-files#limitations-for-azure-file-share-backup-during-preview 

    Since this option is still in preview, you wouldn't be able to back it up when protecting it with a firewall. The only alternative I'd recommend is to use AAD authentication with the fileshare, then back it up, at least it would be only users part of the AAD being able to authenticate. More on the latter can be found here
    • Proposed as answer by Adam Smith (Azure) Tuesday, July 2, 2019 6:57 PM
    • Marked as answer by helsby Thursday, July 11, 2019 11:21 AM
    Tuesday, July 2, 2019 6:57 PM
  • Both azure (file share) backup and Azure File sync currently do not support storage account firewall rules.

    Both products are currently working on adding said support. Azure File sync should have it pretty soon (within a month). I do not have a date for azure backup unfortunately. 

    Wednesday, July 3, 2019 3:17 PM
  • Hi Helsby, was the answer provided helpful for you ?



    Friday, July 5, 2019 4:20 PM
  • Just checking in to see if the above answer helped. If this answers your query, do click “Mark as Answer” and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
    Wednesday, July 10, 2019 6:49 AM
  • Thanks Adam - it's not *really* the answer I want to hear but it confirmed my suspicions. I'm glad to hear that support will be coming soon for Azure File Sync but it does seem crazy that a cloud file share can't be backed up.

    I'm going to take a look at the AAD authentication options as per your recommendation.


    Thursday, July 11, 2019 11:24 AM