Notice a pattern in the last few episodes? Just because you have Cloud IT doesn't mean you should leave your ass(ets) open to the Internet without applying security controls. 🤣
Who gives this video thumbs down???? As far as I can tell this man is doing more for people than the guy who gave it thumbs down. Who probably isn't doing anything !!!
Very nice tip to use Azure Automation to create SAS tokens and update secret in KeyVault. I normally use Azure RBAC for accessing storage and disable access keys completely but good to know about this fully automated approach too.
Thanks for this and all your other videos. Do you by any chance have a video on generating a sas key in key vault as you mentioned in this video? Thanks
hello, may be you could possibly add something related to the difference btw ACL and RBAC ways of providing access to Gen2. Something which interests to a administrator as well.. thanks
Awesome work Dana … Can you do a video for this scenario -- Have a windows VM and have few files in storage account--- When I run a PS script in VM, it should access the storage account using Manage Identity .. right now we are using Keyvault for this procedure.
Thanks for this video. My issue with the Azure Storage tutorials I have followed so far, is that my server side code (the API) is running with full admin priviledges to the storage account and uses code to hand out SAS keys to clients. This must be bad practise! I want the code to run with minimal priviledges. You address this at 5:40 - 6:10 in the video. Could you please point me towards info on how to actually implement this?
Hi Dana, great channel I watched all of your videos. Would you mind to comment on the following extract from Microsoft: "Authorizing requests against Azure Storage with Azure AD provides superior security and ease of use over Shared Key authorization. Microsoft recommends using Azure AD authorization with your blob and queue applications when possible to minimize potential security vulnerabilities inherent in Shared Key." Source: docs.microsoft.com/en-gb/azure/storage/common/storage-auth-aad. From my understanding when talking about "Shared Key", MS is referring to SAS, am I getting this right? It seems that by using AAD authentication developers would not need an Access Key or SAS to access the storage as the application or VM can get direct access with RBAC permission using a Managed Identity.
Do not use disk based encryption or at least be really, really careful with It. If you have a file server it rules out file restores and you can only restore the vm and there is no turning back when done. I find it completely unacceptable Microsoft have It in the advisory with out any mention of the risks but that’s typical Microsoft. Microsoft are absolutely dreadful at communicating issues and gotchas like this. You need to,do your own research. Don’t just listen to what people say.Do your research and don’t rely on one person or one article, especially just relying on Microsoft docs. A lot of them are poorly written, out of date or lacking in informing people of potential risks. Can you imagine having a Few TBs file server and using disk based encryption and then not being able to revert back?
