Secure Data Transfer from On-Premises Windows 11 Devices to Azure Storage

Question

Dear Experts,

Could you please assist with the scenario below?

I need to back up local files from Windows 11 on-premises devices to an Azure storage using AzCopy. Could you please provide recommendations for secure transfer? I am considering using Azure VPN Gateway for connectivity between the on-premises lab PCs and Azure. The traffic would go through an external firewall set up in Azure, and I plan to use private endpoints for connectivity between the firewall system and Azure Storage. Does this approach align with Microsoft's recommendations?

Answer 1

Hello Muneer,

Your approach to secure Data Transfer from Windows 11 to Azure Storage with AzCopy is folloring best practices (Secure data in transit and secure data in rest). And here some additional notes:

• AzCopy Authentication: Use Azure AD credentials or Shared Access Signatures (SAS) for secure access to the Azure Storage account.
• Private Endpoint Usage: Configure a private endpoint for the Azure Storage account to ensure traffic stays on the Microsoft network. Update on-premises DNS to route traffic to the private endpoint.
• Encryption: Ensure all data transfer is encrypted using HTTPS, which is the default protocol for AzCopy.
• AzCopy Command for Secure Transfer
  Example ercommand:

    azcopy copy "C:\local\path\to\files" "https://<storage_account>.blob.core.windows.net/<container_name>?<SAS_token>" --recursive
  

  Replace <storage_account>, <container_name>, and <SAS_token> with your details.
• Firewall Rules: Restrict outbound traffic from Windows 11 devices to only the Azure Storage private endpoint's IP.

Here a reference for the confuration on this task:

References

• Use AzCopy to Copy or Move Data to Azure Storage
• Configure Private Endpoint for Azure Storage Account
• Shared Access Signature (SAS) Token Best Practices

If the information helped address your question, please Accept the answer.

Luis