Authentication Error on Private Endpoint for Blob Storage

Question

Authentication Error on Private Endpoint for Blob Storage

Nana Poku 225

Experiencing an authentication error when attempting to create directories in a storage account with a private endpoint enabled. When public access is enabled, the operations work as expected, but using public access is not ideal due to security concerns. How can this issue be resolved while maintaining the security of private endpoint connections?

2 answers

Your answer

Answer 1

Azar 28,000 MVP

Hi there Nana Poku

Thanks for using QandA platform

This happens because with a private endpoint, all traffic must stay inside your private network, public access won't work unless DNS points to the private IP. If your DNS still resolves to the public IP, authentication will fail. you should have a Private DNS Zone (like privatelink.blob.core.windows.net) linked to your VNet, and your client is picking up the private IP. Also, it's better to use Azure AD for authentication instead of keys, also xheck your fireewall rules

If this helps kindly accept the answer thanks much.

Sam Jeter 5 Reputation points

2025-04-28T21:00:36.17+00:00

One may have a private endpoint and but also set their network sharing settings to public as is customary with global network settings. In part this is achieved by showing a mirror image of the file and its properties, which have been scrubbed and you must remote tunnel through the VPN for private access. Setting up the viirtual machine with no cookies tied to that blob dirdctory,tben remote desktop into it.
Nana Poku 225 Reputation points

2025-04-28T22:18:00.7+00:00

Hi Azar, Maybe you didn't get my point clear, I was trying to say everything works fine when the storage account network access is allowing public access but gets authentication error when public access is disabled and point it to private endpoint. Thanks
Keshavulu Dasari 4,665 Reputation points Microsoft External Staff

2025-05-01T11:44:45.1633333+00:00

Hi Nana Poku ,

If you have any other questions or are still running into more issues, let me know in the "comments" and I would be glad to assist you.
Keshavulu Dasari 4,665 Reputation points Microsoft External Staff

2025-05-02T18:38:16.9+00:00

Hi Nana Poku ,

Just checking in to see if the response helped. If you have any questions, let me know in the "comments" and I would be glad to assist you.

Answer 2

Hi Nana Poku ,

The issue is specifically related to the authentication when switching from public access to private endpoint access. some additional steps to resolve,

Ensure that the DNS resolution for the Blob Storage account is correctly configured to resolve to the private endpoint's IP address. You can update the host file on your client machine or use a custom DNS server

Verify that the network security settings, including firewall rules and virtual network configurations, allow communication between your client and the Blob Storage via the private endpoint

check that the identity (managed identity or service principal) used for authentication has the necessary permissions, such as "Storage Blob Data Contributor" or "Storage Blob Data Owner"

If you are using Azure Storage Explorer, make sure it's configured to connect via the private endpoint. This may involve specific setup steps depending on the error message you're encountering.

Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

If you have any other questions or are still running into more issues, let me know in the "comments" and I would be glad to assist you.

Share via

Authentication Error on Private Endpoint for Blob Storage

2 answers

Your answer