Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 23 Next »

Controlling Access to Azure Storage

Anonymous as access control

Access Keys as access control

Shared Access Signature as access control

RBAC as access control

Identity Based-Access - Delegation SAS as access control

If we revoke that identity, then we revoke this SAS as well.

Identity Based Access - Azure Files with Azure AD DS as access control

Protecting Data in Azure Storage

Storage Encryption

Customer-Managed Encryption Keys

SSE with Microsoft Managed Keys (Account Encryption Key) could be extended with a Customer-Managed Key stored in a Key Vault.

Azure Disk Encryption

Free protection for Microsoft Virtual Machines.

  • Supports both Virtual Machines and instances of a Virtual Machine Scale Set.

  • A VM Extension configures OS encryption (e.g Linux or Windows).

  • Only the VM can access the encryption key/secret in Key Vault

Immutable Storage

Immutable can be configured with 2 types of policies :

  1. Time-Based policy

  2. Legal Hold policiy

We need to make sure that the data can be retained for a lon long time and users can’t necessarily modify it or delete it.

Controlling Access to Azure SQL Services

Protecting Data in Azure SQL Services

  • No labels