1

我正在 Azure 中构建一个系统,这样用户应该无法将数据从 Azure 虚拟机传输到外部世界。但是管理员应该可以做到。

我知道这可以通过 Azure NSG 进行控制,但此解决方案将阻止所有用户(包括管理员帐户)。虚拟机不是域的一部分,因此 GPO 是不可能的。

有没有其他方法可以实现这一目标?

4

1 回答 1

0

I would suggest you to place the data in a Storage account and then make the container as Private and also configure RBAC in such a way that only Admins have access.So, no one from Internet will be able to download.

When you want to download, Admin can generate SAS URL and users can download it.

This is the cost effective and secured way of doing the task.

于 2019-06-10T13:41:54.490 回答