Azure Storage Basics: How to configure security

Notice a pattern in the last few episodes? Just because you have Cloud IT doesn't mean you should leave your ass(ets) open to the Internet without applying security controls. 🤣

This man is a legend. Thanks

Nice one.

Great video.

Good content. Thanks for sharing

Who gives this video thumbs down???? As far as I can tell this man is doing more for people than the guy who gave it thumbs down. Who probably isn't doing anything !!!

This is an extremely good tutorial on storage accounts. Short, complete, and accurate.

Big fan of this channel.

Awesome video, keep posting Azure cloud security videos.

Really helpful , short , simple and concise.

Thanks for another great tutorial. Very useful.

Your really rocking. I like the way you explain and its crystal clear.

I love your channel, it's really great.

Thank you so much for the great content. It was very helpful for me.

Great vid

thanks for your advice!

Loving these videos so far! Can you cover AKS and some tips to keep that secure?

Good content on Azure Storage security essentials!

Helpful video. You deserve a lot more subscribers. Thanks

Great video. Clear fast and full of handy tips.
Thanks!

This is amazing thanks!

Very nice tip to use Azure Automation to create SAS tokens and update secret in KeyVault. I normally use Azure RBAC for accessing storage and disable access keys completely but good to know about this fully automated approach too.

Only 2500 views :( ... the channel is great, I love it.

Thanks for this and all your other videos. Do you by any chance have a video on generating a sas key in key vault as you mentioned in this video?
Thanks

Great tutorial! Can you please help on how to achieve folder security within a container.

Awesome work Dana … Can you do a video for this scenario -- Have a windows VM and have few files in storage account--- When I run a PS script in VM, it should access the storage account using Manage Identity .. right now we are using Keyvault for this procedure.

hello, may be you could possibly add something related to the difference btw ACL and RBAC ways of providing access to Gen2. Something which interests to a administrator as well.. thanks

To your point on MSFT managed keys. How does microsoft encrypt/decrypt storage if we use user-managed keys? Thanks in advance.

Can you make more Azure videos please?

Thanks for this video. My issue with the Azure Storage tutorials I have followed so far, is that my server side code (the API) is running with full admin priviledges to the storage account and uses code to hand out SAS keys to clients. This must be bad practise! I want the code to run with minimal priviledges.
You address this at 5:40 - 6:10 in the video. Could you please point me towards info on how to actually implement this?

why did you stop uploading

Hi Dana, great channel I watched all of your videos. Would you mind to comment on the following extract from Microsoft: "Authorizing requests against Azure Storage with Azure AD provides superior security and ease of use over Shared Key authorization. Microsoft recommends using Azure AD authorization with your blob and queue applications when possible to minimize potential security vulnerabilities inherent in Shared Key." Source: docs.microsoft.com/en-gb/azure/storage/common/storage-auth-aad. From my understanding when talking about "Shared Key", MS is referring to SAS, am I getting this right? It seems that by using AAD authentication developers would not need an Access Key or SAS to access the storage as the application or VM can get direct access with RBAC permission using a Managed Identity.

Do not use disk based encryption or at least be really, really careful with It. If you have a file server it rules out file restores and you can only restore the vm and there is no turning back when done. I find it completely unacceptable Microsoft have It in the advisory with out any mention of the risks but that’s typical Microsoft. Microsoft are absolutely dreadful at communicating issues and gotchas like this. You need to,do your own research. Don’t just listen to what people say.Do your research and don’t rely on one person or one article, especially just relying on Microsoft docs. A lot of them are poorly written, out of date or lacking in informing people of potential risks. Can you imagine having a Few TBs file server and using disk based encryption and then not being able to revert back?