AZ-104 Microsoft Azure Administrator Exam

Implement and Manage Storage

Configure Access to Storage

When configuring access to storage in Azure, there are several important steps to follow to ensure that your data remains secure and accessible only to authorized users. Storage access can be controlled through authentication methods and access control mechanisms.

Azure supports different authentication methods such as Shared Key, SAS (Shared Access Signature), and Azure AD (Active Directory). Shared Key authentication involves using an account or service key to gain access to your storage account. SAS tokens provide a more secure way of granting limited access without exposing your primary keys, ideal for delegating temporary permissions. Azure AD is the most secure method, integrating with Azure's identity management to provide role-based access control (RBAC).

Access can also be managed through access control settings. Role-Based Access Control (RBAC) allows you to assign permissions to users, groups, or applications at different scopes like subscription, resource group, or individual resources. This ensures that users only have access to the data and processes they need for their job roles.

Configure and Manage Storage Accounts

Creating and managing storage accounts in Azure is key to organizing your data resources effectively. Storage accounts come in different types, including General Purpose v2, General Purpose v1, and Blob Storage accounts, each tailored to different scenarios and performance requirements.

General Purpose v2 accounts offer the latest features and all the capabilities of General Purpose v1 accounts along with new enhancements for higher performance and scalability. They support services like Blobs, Files, Queues, and Tables. Blob Storage accounts are optimized specifically for storing unstructured data like text or binary data.

Storage account management involves monitoring usage and performance metrics, configuring replication options (such as LRS, GRS, RA-GRS), and setting up network rules to restrict access based on IP addresses or virtual networks. Additionally, you can configure endpoint settings for custom domains or secure transfer requirements.

Security features such as encryption for data at rest, encryption scopes, and advanced threat protection (ATP) keep your data secure against unauthorized access and potential threats.

Configure Azure Files and Azure Blob Storage

Azure Files provide fully managed file shares in the cloud accessible via the standard SMB protocol. This is useful for migrating existing applications that rely on file shares without changing code. You can mount these shares concurrently from cloud-based VMs and on-premises machines, making Azure Files versatile for hybrid scenarios.

Setting up Azure Files involves creating a storage account, setting up file shares within that account, and managing access control through SMB permissions or RBAC. The integration with Azure File Sync allows on-premises Windows Servers to cache a subset of the Azure Files data locally, ensuring fast access speeds and reduced latency.

Azure Blob Storage, on the other hand, is designed for optimal storage of large amounts of unstructured data such as text or binary data. Blobs are organized in containers within a storage account. There are multiple blob types: Block Blobs, Append Blobs, and Page Blobs, each catering to different usage scenarios.

Managing blob storage involves handling distinct access tiers like Hot, Cool, and Archive which cater respectively to frequently accessed data, infrequently accessed data, and long-term storage at lower costs. Configuring these access tiers properly can significantly optimize storage costs based on your data usage patterns.

Conclusion

In summary, the "Implement and manage storage" section of the AZ-104 Microsoft Azure Administrator Exam focuses on essential aspects of managing storage in Azure, including configuring access to storage, managing storage accounts, and configuring Azure Files and Azure Blob Storage. Understanding these components allows administrators to effectively organize, secure, and manage data within Azure’s robust cloud storage capabilities, ensuring both efficiency and security in cloud operations.