Copying data by using AzCopy – Securing Storage
In this demonstration, we will copy data using the AzCopy utility and SAS tokens. This exercise can also be conducted using Azure AD credentials. Follow these steps to complete the…
Configuring file-level permissions – Securing Storage
In this section, we will look at the steps involved to assign share-level permissions: You have now learned how to configure file-level ACLs for Azure Storage shares. This concludes the…
Configuring access to Azure files – Securing Storage
In the following section, we will explore assigning share and file permissions on the AD-joined storage from the previous exercise, as well as mounting the share and exploring how to…
Configuring access and authentication – Securing Storage
Storage accounts can provide identity-based authentication through either Active Directory (on-premises) or Azure Active Directory Domain Services (AADDS). Both offer the ability to utilize Kerberos authentication offered by Active Directory.…
Storage access policies – Securing Storage
A storage access policy provides an additional layer of control over SAS by introducing policies for managing the SAS token. SAS tokens can now be configured for a start and…
Types of SAS – Securing Storage
There are three types of SAS supported by Azure Storage: • User-delegated SAS: This is aSAS token that is secured by AD credentials. • Account SAS: An account SAS is…
Managing access keys – Securing Storage
In this demonstration, we will explore how to view access keys as well as how to renew them: Figure 7.12 – Show keys Figure 7.13 – Copying an access key…
Network routing from storage accounts – Securing Storage
The default network routing preference option chosen for storage accounts and most Azure services will be for the Microsoft network. This is ahigh-performance, low-latency global connection to all services within…
Private endpoints – Securing Storage
Private endpoints provide a mechanism for Azure Storage accounts to have a private interface for a storage account and can be used to eliminate public access. They provide enhanced security…
Public endpoint and Azure Virtual Network (VNet) integration – Securing Storage
By default, storage accounts are provisioned with a public endpoint, and thanks to the enhanced control Azure offers, network traffic can be limited to those trusted IP addresses and networks…