Introduction

  • 3 minutes

This module is designed to provide administrators with the knowledge and skills required to plan and implement comprehensive security measures for Azure storage resources, safeguarding data integrity, confidentiality, and availability. You learn how to apply Zero Trust security principles to Azure Storage. Zero Trust security ensures every access request is verified and that data is protected through multiple layers of defense.

Scenario

Imagine you're an Azure storage administrator responsible for managing storage resources in your organization's Azure environment. Your organization handles sensitive customer data, financial records, and intellectual property across various Azure storage services. Recent security audits and compliance requirements demand that you implement robust security controls, including identity-based authentication, encryption key management, and data protection policies. You need to ensure that this data is protected against unauthorized access, accidental deletion, and emerging security threats while maintaining compliance with industry regulations.

Learning objectives

By the end of this module, you'll be able to:

  • Plan and implement security strategies for Azure storage resources based on Zero Trust principles to protect data at rest and in transit.
  • Configure identity-based access control using Microsoft Entra ID for storage accounts to manage permissions effectively.
  • Manage the lifecycle of storage account access keys and implement key rotation policies to maintain security.
  • Select and configure appropriate authentication methods for Azure Files, Blob Storage, Tables, and Queues based on specific use cases and security requirements.
  • Implement comprehensive data protection measures including soft delete, backups, versioning, immutable storage, and point-in-time restore to protect against data loss and security threats.
  • Configure customer-managed encryption keys using Bring Your Own Key (BYOK) with Azure Key Vault to enhance data encryption and key management control.
  • Enable infrastructure encryption (double encryption) at the Azure Storage infrastructure level to provide another layer of security for compliance requirements.

Goals

This module equips you with the knowledge and expertise necessary to design, implement, and manage a comprehensive security strategy for Azure storage resources aligned with modern security best practices. You learn to apply defense-in-depth principles by implementing multiple layers of security controls. Upon completion, you are able to secure data at rest and in transit using encryption. You can manage access control effectively through identity-based authentication and role-based access control (RBAC). Then you implement automated key rotation and lifecycle management, and configure advanced data protection measures to meet organizational security and compliance requirements. You explore how to make informed decisions about authorization methods, balancing security requirements with operational needs, while following Microsoft's recommended security baseline for Azure Storage.