Azure Storage Account
Overview of the Azure Storage Account service
Overview
Azure Storage is a Microsoft-managed service providing cloud storage that is highly available, secure, durable, scalable, and redundant
The service acts as a container for multiple data storage types e.g., Azure Blob Storage, Azure Files, and more
Azure Subscription
βββ Storage Account(s)
βββ Azure Blob Storage Container(s)
βββ Blob(s) aka files
βββ Azure Files
βββ SMB File Share(s)
βββ NFS File Share(s)
βββ Azure Elastic SAN
βββ Volume Group(s)
βββ Storage Volume(s)
βββ Azure Queues
βββ Queue(s)
βββ Messages(s)
βββ Azure Tables
βββ Table(s)
βββ Entities
βββ Properties
βββ Azure Managed Disks
βββ Storage Volume(s)
βββ Azure Container Storage
βββ Storage Volume(s)Authentication Methods
There are three methods for obtaining access to Azure Storage
Microsoft Entra Credentials
This is the most secure and recommended approach
Storage permissions can be assigned to an Entra security principal (user/group/app/managed identity)
Account Access Key
These are highly sensitive and if exposed allow full access to all data in the storage account
When an Azure Storage account gets created, two keys are generated which provides full access to all data in the storage account
Therefore these should be monitored and protected well
SAS (Shared Access Signature) Token
A shareable link that enables granting limited access to containers in blobs within a storage account
This is similar to AWS S3 PreSigned URLs
Either an Azure Storage Account Access Key or Entra credentials can be used as the signing key to generate this token
CLI Cheat Sheet
Last updated
Was this helpful?