You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/configure-storage-accounts/includes/2-implement-azure-storage.md
+7Lines changed: 7 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -29,6 +29,13 @@ As you think about your configuration plan for Azure Storage, consider these pro
29
29
30
30
-**Consider data accessibility**. Data in Azure Storage is accessible from anywhere in the world over HTTP or HTTPS. Microsoft provides SDKs for Azure Storage in various languages. You can use .NET, Java, Node.js, Python, PHP, Ruby, Go, and the REST API. Azure Storage supports scripting in Azure PowerShell or the Azure CLI. The Azure portal and Azure Storage Explorer offer easy visual solutions for working with your data.
31
31
32
+
-**Consider SFTP support**. Blob Storage can use SFTP (SSH File Transfer Protocol), so you can keep using existing SFTP tools to move files directly to and from blobs. To use SFTP, enable hierarchical namespace (HNS). You can turn it on when you create the storage account (Advanced tab) or later under Settings → Configuration.
33
+
34
+
-**Consider NFSv3 protocol support**. Blob Storage can also be accessed using NFSv3, which lets Linux clients mount a container like an NFS share. NFSv3 can simplify migrations from Linux file workloads to Azure.
35
+
36
+
-**Consider default authorization preferences**. In the Azure portal, you can enable **Default to Microsoft Entra authorization**. This authentication makes role-based access control (RBAC) the default instead of shared access keys, which can improve security.
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/configure-storage-accounts/includes/4-determine-storage-account-kinds.md
+9-6Lines changed: 9 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,12 +12,15 @@ General purpose Azure storage accounts have two basic [types](/azure/storage/com
12
12
> You can't convert a Standard storage account to a Premium storage account or vice versa. You must create a new storage account with the desired type and copy data, if applicable, to a new storage account. All storage account types are encrypted by using Storage Service Encryption (SSE) for data at rest.
|[**Standard**__general-purpose v2__](/azure/storage/common/storage-account-upgrade)| Blob Storage (including Data Lake Storage), Queue Storage, Table Storage, and Azure Files | Standard storage account for most scenarios, including blobs, file shares, queues, tables, and disks (page blobs). |
18
-
|[**Premium**__block blobs__](/azure/storage/blobs/storage-blob-block-blob-premium)| Blob Storage (including Data Lake Storage) | Premium storage account for block blobs and append blobs. Recommended for applications with high transaction rates. Use Premium block blobs if you work with smaller objects or require consistently low storage latency. This storage is designed to scale with your applications. |
19
-
|[**Premium**__file shares__](/azure/storage/files/storage-how-to-create-file-share)| Azure Files | Premium storage account for file shares only. Recommended for enterprise or high-performance scale applications. Use Premium file shares if you require support for both Server Message Block (SMB) and NFS file shares. |
20
-
|[**Premium**__page blobs__](/azure/storage/blobs/storage-blob-pageblob-overview)| Page blobs only | Premium high-performance storage account for page blobs only. Page blobs are ideal for storing index-based and sparse data structures, such as operating systems, data disks for virtual machines, and databases. |
|[**Standard**__general-purpose v2__](/azure/storage/common/storage-account-upgrade)| Blob Storage (including Data Lake Storage), Queue Storage, Table Storage, and Azure Files | LRS, GRS, RA-GRS, ZRS, GZRS, RA-GZRS | Standard storage account for most scenarios, including blobs, file shares, queues, tables, and disks (page blobs). |
18
+
|[**Premium**__block blobs__](/azure/storage/blobs/storage-blob-block-blob-premium)| Blob Storage (including Data Lake Storage) | LRS, ZRS | Premium storage account for block blobs and append blobs. Recommended for applications with high transaction rates. Use Premium block blobs if you work with smaller objects or require consistently low storage latency. This storage is designed to scale with your applications. |
19
+
|[**Premium**__file shares__](/azure/storage/files/storage-how-to-create-file-share)| Azure Files | LRS, ZRS | Premium storage account for file shares only. Recommended for enterprise or high-performance scale applications. Use Premium file shares if you require support for both Server Message Block (SMB) and NFS file shares. |
20
+
|[**Premium**__page blobs__](/azure/storage/blobs/storage-blob-pageblob-overview)| Page blobs only | LRS only | Premium high-performance storage account for page blobs only. Page blobs are ideal for storing index-based and sparse data structures, such as operating systems, data disks for virtual machines, and databases. |
21
+
22
+
> [!NOTE]
23
+
> Administrators managing existing Azure subscriptions may encounter legacy storage account types such as General-purpose v1 (GPv1) and legacy BlobStorage accounts. Microsoft recommends upgrading legacy accounts to General-purpose v2 for access to all current capabilities. Upgrades are supported in-place via the Azure portal, Azure CLI, or PowerShell.
21
24
22
25
> [!TIP]
23
26
> Before continuing, consider working through the [*Create a storage account*](/training/modules/create-azure-storage-account/) training module.
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/configure-storage-accounts/includes/7-secure-storage-endpoints.md
+14Lines changed: 14 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -22,5 +22,19 @@ Here are some points to consider about configuring service access settings:
22
22
> [!Important]
23
23
> Be sure to test the service endpoint and verify the endpoint limits access as expected.
24
24
25
+
### Things to know about configuring private endpoints
26
+
27
+
In addition to service endpoints, Azure Storage supports private endpoints for enhanced security and network isolation. Private endpoints are the recommended approach for production workloads requiring secure access.
28
+
29
+
A private endpoint uses a private IP address from your virtual network to bring the Azure Storage service into your VNet. All traffic between your VNet and the storage service goes over the Microsoft backbone network, eliminating exposure to the public internet.
30
+
31
+
**Key differences from service endpoints**
32
+
33
+
- Private endpoints assign a private IP from your VNet to the storage account, keeping all traffic within the Microsoft backbone. Use private endpoints for production workloads requiring complete network isolation and compliance requirements
34
+
35
+
- Service endpoints keep the storage account on its public endpoint but restrict access to specific VNets and subnets. Use service endpoints for development scenarios or when you need simpler configuration with some public internet access
36
+
37
+
38
+
25
39
> [!TIP]
26
40
> Learn more with the [*Secure and isolate access to Azure resources by using network security groups and service endpoints*](/training/modules/secure-and-isolate-with-nsg-and-service-endpoints/) training module. This module has a sandbox where you can restrict access to Azure Storage by using service endpoints.
0 commit comments