AZ-104 Microsoft Azure Administrator Exam

Configure and manage storage accounts

Create and configure storage accounts

Creating a storage account in Azure starts with choosing the right account kind and performance tier. You can select between general-purpose v2 accounts for a variety of workloads or BlobStorage accounts for large object data. It is important to consider cost and access patterns when making your choice.

Once the account type is selected, you configure network settings to control access. You can set up firewall rules or integrate with Azure Virtual Networks for private connections. This helps ensure only authorized clients can reach your data.

Finally, you assign tags and review replication options. Tags help with billing and management, while replication affects durability and availability. Proper setup at this stage lays the groundwork for reliable storage services.

Configure Azure Storage redundancy

Azure offers multiple redundancy choices to protect your data. The primary options are:

• Locally redundant storage (LRS)
• Zone-redundant storage (ZRS)
• Geo-redundant storage (GRS)
• Read-access geo-redundant storage (RA-GRS)

Each option balances cost, latency, and fault tolerance. For example, LRS keeps copies in one region, while GRS replicates to a secondary region for extra resilience. Understanding these trade-offs ensures optimal data protection for your workload.

When you choose a redundancy level, Azure automatically handles data replication. You should monitor health metrics and set up alerts to catch replication issues quickly. This proactive approach helps maintain business continuity in case of regional failures.

Configure object replication

Object replication in Azure Storage allows you to synchronize blobs across accounts in different regions. You define a replication rule that specifies source and destination containers. This process supports both block blobs and append blobs.

After the rule is active, Azure handles data movement automatically, ensuring near real-time copies. You can monitor replication status and handle conflicts if a blob is modified simultaneously in two places. This feature is crucial for disaster recovery and global data access.

You can also set filters to replicate only specific blobs based on prefix or tags. This gives you control over which data moves, helping optimize bandwidth and storage costs. Effective rule configuration guarantees that critical data is always available where and when it’s needed.

Configure storage account encryption

All Azure Storage accounts come with encryption at rest enabled by default. This uses Microsoft-managed keys stored in Azure’s secure key vault. Encryption ensures that even if physical media is compromised, your data remains unreadable without the proper keys.

If you need more control, you can bring your own keys (BYOK) or use customer-managed keys (CMK) in Azure Key Vault. With CMK, you decide when to rotate or revoke keys. This approach supports higher compliance requirements and gives you direct oversight of cryptographic operations.

You should also configure encryption scopes to apply different keys to different containers within a single account. This granular control lets you tailor security policies to specific data types. Proper encryption setup is essential for meeting regulatory and organizational standards.

Manage data by using Azure Storage Explorer and AzCopy

Azure Storage Explorer is a graphical tool that makes it easy to browse and manage your storage accounts. You can upload, download, and organize blobs, files, queues, and tables. The interface simplifies tasks like setting access policies and viewing metadata.

For automated or scripted operations, AzCopy is the command-line utility of choice. You can perform high-speed data transfers between your local system and Azure, or even between two storage accounts. AzCopy supports features like resume on failure and bandwidth throttling to handle large datasets.

Both tools support SAS tokens and Azure Active Directory authentication. This flexibility ensures secure access while giving you the power to automate complex workflows. Using these tools effectively helps you maintain efficient and secure data management.

Conclusion

In this section, you learned to create and configure storage accounts by selecting the right account type, performance tier, and networking settings. You explored redundancy options such as LRS, ZRS, GRS, and RA-GRS to protect your data against failures.

You also studied object replication rules for synchronizing data across regions, ensuring global availability. Then, you examined encryption settings, from Microsoft-managed keys to customer-managed keys, to secure data at rest. Lastly, you discovered tools like Azure Storage Explorer and AzCopy for efficient data management and automated transfers. These concepts together equip you to manage Azure storage with confidence and meet advanced organizational requirements.