Configuration and Security of Azure Storage Accounts

1.5 hours
  • 5 Learning Objectives

About this Hands-on Lab

This hands-on lab provides some experience with configuring and securing an Azure storage account. We log into the Azure portal and create a storage account, then get familiar with the configuration options for it, including replication options, access tiers, and secure transfers. We RDP into a Windows VM and install Microsoft Azure Storage Explorer. Then we connect to Blob storage, and attempt to upload and retrieve data from the blob. Using the Azure Portal, we use access policies and shared access signatures to both permit access to the storage account and deny access to blob data. Subsequent attempts to upload and retrieve data from blob storage should fail. Completing the lab provides the experience required to configure and secure an Azure Storage account.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create and Configure a Storage Account

In the Azure Portal, click Storage accounts in the left navigation pane, then click on + Add in the storage accounts blade. Create a storage account in the current resource group.

Log In to the VM with RDP, and Then Download and Install Microsoft Azure Storage Explorer

RDP login:

User Name : "azureuser"
Password : "LA!2018!Lab"

Note: Please note there may be an issue with the Connect option in the Azure Portal. If this occurs for you, you can still RDP using your favourite RDP client and the public IP address of the VM.

Storage Explorer URL:

Download Sample Images to be Uploaded into Blob Storage

PowerShell code to run:

Add-Type -AssemblyName System.IO.Compression.FileSystem

$url = ""
$zipfile = ""
$folder = "C:UsersazureuserDesktopimages"

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Invoke-WebRequest -UseBasicParsing -OutFile $zipfile $url 

[System.IO.Compression.ZipFile]::ExtractToDirectory($zipfile, $folder)

Remove-Item -Path $zipfile 
Open Azure Storage Explorer, Connect to the Azure Account, and Upload Image Files

In the VM, open Azure Storage Explorer and connect to the Azure account using the provided credentials. Create a new blob storage container and upload sample images.

Enable Security on the Storage Account Using the Various Methods Available

Use the following methods to harden security on the storage account: access keys, shared access signatures, and stored access policies.

Additional Resources

Please log into the Azure portal prior to Solution Part I.

Note: If you experience any issues connecting to the VM using the Connect option in the portal, you will still be able to RDP from a client by using the public IP address.

Mac users see the following for RDP specific information:

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?