This chapter focuses on one of the most common concepts when it comes to Azure and
that is securing storage on the Azure platform. The focus here will be on implementing
and managing storage from a security point of view, such as generating Shared Access
Signature (SAS) tokens, managing access keys, configuring Azure Active Directory
(AD) integration, and configuring access to Azure files. We will also explore the storage
replication options available to us in Azure and understand the management of a blob’s
life cycle.

In this chapter, we are going to cover the following main topics:
• Configuring network access to storage accounts
• Storage access keys
• Working with SAS tokens
• Configuring access and authentication
• Copying data by using AzCopy
• Configuring storage replication and life cycle

Technical requirements
To follow along with the hands-on material, you will need the following:

• Access to an Azure subscription with owner or contributor privileges. If you do not have access to one, students can enroll for a free account: https://azure. microsoft.com/en-us/free/.

• PowerShell 5.1 or later installed on a PC where labs can be practiced from. Note that many examples can only be followed on a PC.

• Installation of the Az module. This can be performed by running the following in an administrative PowerShell session:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
Also run the following:
Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force

• Storage Explorer.

Configuring network access to storage accounts
You can secure your storage account to a specific set of supported networks which are granted access by configuring network rules so that only applications that request data over the specific set of networks can access the storage account. When these network rules are effective, the application needs to use proper authorization on the request. This authorization can be provided by Azure AD credentials for blobs and queues, with a SAS token or a valid account access key.