Configure object replication Azure Storage blob object replication provides asynchronous replication of block blobs from one storage account to another. The blobs are replicated based on the defined replication rules. Using object replication requires that the blob versioning options are enabled for both the source and destination storage accounts. Additionally, the source storage account must…
Author: zeusexam
Resource scope for blobs and queues
Resource scope for blobs and queues It is also important to determine the scope of the access for the security principal before you assign an RBAC role. You can narrow the scope to the container, queue, or table level. Here are the valid scopes: Entra ID authentication and authorization in the Azure portal In…
Managing access keys in Azure Key Vault
Managing access keys in Azure Key Vault It is important to protect the storage account access keys because they provide full access to the storage account. Azure Key Vault helps safeguard cryptographic keys and secrets used by cloud applications and services, such as authentication keys, storage account keys, data encryption keys, and certificate private keys….
Use user delegation SAS – MS AZ-104 Study Guide
Use user delegation SAS You can also create user delegation SAS using Microsoft Entra ID credentials. The user delega- tion SAS is only supported by Blob Storage, and it can grant access to containers and blobs. Currently, SAS is not supported for user delegation SAS. Configure stored access policies A SAS token incorporates the access…
Create and use shared access signature (SAS) tokens
Create and use shared access signature (SAS) tokens There are a few different ways you can create a SAS token. A SAS token is a way to granularly control how a client can access data in an Azure storage account. You can also use an account- level SAS to access the account itself. You can…
Virtual network service endpoints – MS AZ-104 Study Guide
Virtual network service endpoints In some scenarios, a storage account is only accessed from within an Azure virtual network. In this case, it is desirable from a security standpoint to block all internet access. Configuring virtual network service endpoints for your Azure storage account, you can remove access from the public internet and only allow…
Configure Azure Storage firewalls and virtual networks
Configure Azure Storage firewalls and virtual networks Storage accounts are managed through Azure Resource Manager. Management operations are authenticated and authorized using Microsoft Entra ID RBAC. Each storage service exposes its own endpoint used to manage the data in that storage service (blobs in Blob Storage, entities in tables, and so on). These service-specific endpoints…
Access tiers – Azure AZ-104 Exam
Access tiers Azure Blob Storage supports four access tiers: Hot, Cool, Cold, and Archive. Each represents a trade-off of availability and cost. There is no trade-off on the durability (probability of data loss), which is defined by the SKU and replication, not the access tier. The tiers are as follows: New blobs will default to…
Account types – Azure AZ-104 Exam
Account types There are three possible storage account types for the Standard tier: StorageV2 (General- Purpose V2), Storage (General-Purpose V1), and BlobStorage. There are four possible storage account types for the Premium tier: StorageV2 (General-Purpose V2), Storage (General- Purpose V1), BlockBlobStorage, and FileStorage. Table 2-1 shows the features for each kind of account. Key points…
Configure access to storage
Skill 2.1: Configure access to storage An Azure storage account is a resource that you create that is used to store data objects such as blobs, files, queues, tables, and disks. Data in an Azure storage account is durable and highly available, secure, massively scalable, and accessible from anywhere in the world over HTTP or…