Deploying a Storage Account in Azure using Asure Portal

Introduction

Azure Storage is a service from Microsoft that lets you store your data, like files, photos, and backups, on the internet (in the cloud). It keeps your data safe and easy to use. You can choose how often you want to access the data using different storage levels like Hot, Cool, or Archive. Azure also gives you different ways to store your data, like for big files, shared folders, or virtual machines. It’s simple to set up and useful for both personal and business needs.

What is Azure?

Microsoft Azure is a service from Microsoft that lets people and businesses use computers, storage, and programs over the internet instead of buying their own hardware. It gives many tools to help build and manage apps and data safely from anywhere. Azure helps save time and money by letting you use what you need when you need it.

What is Azure Storage?

Azure Storage is a service from Microsoft that helps you save your files, photos, and other data on the internet. It keeps your data safe and lets you use it anytime from any device with internet.

How to Create a Storage Account in Azure

1. Go to portal.azure.com and sign in.
2. Click Portal Menu
3. Select the "Storage Account
   
   4.  Click " + Create "
   

Basic

Project details

5. Select your subscription

6. Select your "Resorce Group" or click Create a resource to create a Resorce Group (RG)

6.1 Click "Create New" to create an RG "i.e. AzDemoRG"

6.2 Enter the name of your RG  

6.3 Then Click "OK"

Instance details

7. Storage Account Name: Type a unique name using only small letters and numbers. It must be 3 to 24 characters long.

8. Region: Choose the region that’s nearest to where your users or apps are

9. Primary service: A storage account can provide several types of storage services:

• Blob Storage: Stores unstructured data such as images, videos, and backups.
• Azure Files Storage: Offers fully managed file shares that can be accessed using SMB or NFS.
• Queue Storage: Provides a messaging service for workflow and task processing.
• Table Storage: A NoSQL key-value store for structured data.

10. Performance: Determines the speed and responsiveness of your storage, as well as the underlying hardware utilized

• Standard: Regular HDD, cheaper, good for backups or normal apps.
• Premium: Fast SSD, more expensive, good for high-speed apps or databases.

11. Performance: making extra copies of your data so it’s safe if something goes wrong. Azure keeps these copies in different places, depending on the option you choose.

• LRS: 3 copies in one building. Cheap, protects from small failures.
• ZRS: 3 copies in different buildings in the same area. Protects if one building fails.
• GRS: Copies in your main area plus copies far away. Protects if the whole area fails.
• RA-GRS: Same as GRS, and you can read from the backup copies.
• GZRS: ZRS in main area plus copies far away. Very safe.
• RA-GZRS: Same as GZRS, and you can read from the backup copies.

12. Then Click "Next"

13. security: These settings help protect your data and follow security rules. You can adjust them based on what your organization needs.

• Require secure transfer for REST API operations: Turned on. All data is sent over HTTPS to keep it safe.
• Allow anonymous access on individual containers: Turned off. This helps stop people from accessing your data without permission.
• Enable storage account key access: Turned on. You can access the account using keys, but keep them safe.
• Default to Microsoft Entra authorization in the Azure portal: Turned off. Turning it on can make security stronger by requiring permission for actions.
• Minimum TLS version: Set to TLS1_2. Only secure protocols are allowed for data transfer.
• Permitted scope for copy operations (preview): You can set limits on data copy operations to make them more secure.

14. Hierarchical Namespace: Turning on these features can make your storage account more powerful and secure, especially for big data or secure file transfers.

• Enable Hierarchical Namespace: Lets you organize files and folders, speeds up big data analysis, and allows setting access control lists (ACLs).
• Enable SFTP: Lets you transfer files securely. This works only if Hierarchical Namespace is turned on.
• Enable Network File System v3 (NFS v3): Supports NFS v3 for file access. This also needs Hierarchical Namespace to be on.

16. Blob storage: These settings help you manage your storage based on how often you use your data and how secure you want it to be.

• Allow Cross-Tenant Replication: Turn this on to copy your data to other Azure tenants. This helps keep your data available and safe.
• Access Tier: The current tier is Hot, which is good for data you use often. You can choose Cool for data used less often or for backups, and Cold for data rarely used or for long-term backups.

17. Then Click "Next"

17. Public access: These settings help you balance easy access with security for your storage account.

• Public Network Access: Turned on. This lets anyone access your storage account from the internet. It’s easy to use but can be risky, so make sure you have good security in place.
• Public Network Access Scope: Set to Allow, which means both incoming and outgoing access is permitted. You can choose to limit certain incoming access using resource access settings.

18. Private Endpoint: You can create a private endpoint to connect to this storage account securely. You can add more private endpoints in the storage account or in the Private Link Center.

19. Network Routing: This decides how your data travels from the source to Azure. (Microsoft network routing is recommended for most users.)

20. Click "Next"

21. Recovery: Recovery helps you protect your data from accidental deletion or changes.

• Point-in-Time Restore (Containers): Lets you restore one or more containers to an earlier state. To use this, you must also turn on versioning, change feed, and blob soft delete.
• Soft Delete for Blobs: Lets you recover deleted or overwritten blobs. You can choose how many days to keep deleted blobs (by defalut, 7 days).
• Soft Delete for Containers: Lets you recover deleted containers. You can choose how many days to keep them (by defalut, 7 days).
• Soft Delete for File Shares: Lets you recover deleted file shares. You can choose how many days to keep them.

22. Tracking:

These features let you keep different versions of your blob data and track changes easily. Remember that using them may increase storage costs, so manage them wisely.

23. Access control : 

These steps show how to set a time-based retention policy for your storage account. It will apply to all blob versions. Note that versioning must be turned on to use this feature.

24. Then Click "Next"

Encryption: These steps show how to turn on stronger encryption for your Azure Storage Account, protecting your data with customer-managed keys and extra infrastructure encryption.

25. Encryption type: select Customer-managed keys (CMK)

26. Enable support for customer-managed keys: Blobs and File Only

Note. This option cannot be changed after this storage account is created.

27. Enable infrastructure encryption: Enable infrastructure encryption.

25. Then Click "Review + Create"

29. Click "Create" after reviewing all the configurations and settings.

Once the deployment is complete, go to the resource.

The storage account has been created successfully.

Conclusion

Creating a storage account in Azure is easy and lets you safely store and manage your data. By following the steps above, you can set up your account, turn on data protection features, and start using it for your apps or backups. Always check your settings to make sure your data is safe and easy to access when needed.

Note. The next article will show you how to Secure Your Azure Storage Account After Deployment.