Notice a pattern in the last few episodes? Just because you have Cloud IT doesn't mean you should leave your ass(ets) open to the Internet without applying security controls. 🤣
Who gives this video thumbs down???? As far as I can tell this man is doing more for people than the guy who gave it thumbs down. Who probably isn't doing anything !!!
Very nice tip to use Azure Automation to create SAS tokens and update secret in KeyVault. I normally use Azure RBAC for accessing storage and disable access keys completely but good to know about this fully automated approach too.
Thanks for this and all your other videos. Do you by any chance have a video on generating a sas key in key vault as you mentioned in this video? Thanks
Thanks for this video. My issue with the Azure Storage tutorials I have followed so far, is that my server side code (the API) is running with full admin priviledges to the storage account and uses code to hand out SAS keys to clients. This must be bad practise! I want the code to run with minimal priviledges. You address this at 5:40 - 6:10 in the video. Could you please point me towards info on how to actually implement this?
hello, may be you could possibly add something related to the difference btw ACL and RBAC ways of providing access to Gen2. Something which interests to a administrator as well.. thanks
Awesome work Dana … Can you do a video for this scenario -- Have a windows VM and have few files in storage account--- When I run a PS script in VM, it should access the storage account using Manage Identity .. right now we are using Keyvault for this procedure.
Hi Dana, great channel I watched all of your videos. Would you mind to comment on the following extract from Microsoft: "Authorizing requests against Azure Storage with Azure AD provides superior security and ease of use over Shared Key authorization. Microsoft recommends using Azure AD authorization with your blob and queue applications when possible to minimize potential security vulnerabilities inherent in Shared Key." Source: docs.microsoft.com/en-gb/azure/storage/common/storage-auth-aad. From my understanding when talking about "Shared Key", MS is referring to SAS, am I getting this right? It seems that by using AAD authentication developers would not need an Access Key or SAS to access the storage as the application or VM can get direct access with RBAC permission using a Managed Identity.
Do not use disk based encryption or at least be really, really careful with It. If you have a file server it rules out file restores and you can only restore the vm and there is no turning back when done. I find it completely unacceptable Microsoft have It in the advisory with out any mention of the risks but that’s typical Microsoft. Microsoft are absolutely dreadful at communicating issues and gotchas like this. You need to,do your own research. Don’t just listen to what people say.Do your research and don’t rely on one person or one article, especially just relying on Microsoft docs. A lot of them are poorly written, out of date or lacking in informing people of potential risks. Can you imagine having a Few TBs file server and using disk based encryption and then not being able to revert back?
![Blox Fruits Dragon Rework Update [Full Stream]](http://i.ytimg.com/vi/EqDAp8udhm0/mqdefault.jpg)
![Seungmin "그렇게, 천천히, 우리(As we are)" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/kAzmhLHePqU/mqdefault.jpg)
Notice a pattern in the last few episodes? Just because you have Cloud IT doesn't mean you should leave your ass(ets) open to the Internet without applying security controls. 🤣
Who gives this video thumbs down???? As far as I can tell this man is doing more for people than the guy who gave it thumbs down. Who probably isn't doing anything !!!
Excellent short and precise video Dana
This is an extremely good tutorial on storage accounts. Short, complete, and accurate.
Awesome video, keep posting Azure cloud security videos.
Really helpful , short , simple and concise.
Helpful video. You deserve a lot more subscribers. Thanks
Good content. Thanks for sharing
Good content on Azure Storage security essentials!
Nice one.
Big fan of this channel.
Great video.
Thank you so much for the great content. It was very helpful for me.
Great video. Clear fast and full of handy tips.
Thanks!
Glad it was helpful!
Loving these videos so far! Can you cover AKS and some tips to keep that secure?
This man is a legend. Thanks
Your really rocking. I like the way you explain and its crystal clear.
Only 2500 views :( ... the channel is great, I love it.
No its 17K
Very nice tip to use Azure Automation to create SAS tokens and update secret in KeyVault. I normally use Azure RBAC for accessing storage and disable access keys completely but good to know about this fully automated approach too.
Thanks for this and all your other videos. Do you by any chance have a video on generating a sas key in key vault as you mentioned in this video?
Thanks
Thanks for another great tutorial. Very useful.
Thanks for this video. My issue with the Azure Storage tutorials I have followed so far, is that my server side code (the API) is running with full admin priviledges to the storage account and uses code to hand out SAS keys to clients. This must be bad practise! I want the code to run with minimal priviledges.
You address this at 5:40 - 6:10 in the video. Could you please point me towards info on how to actually implement this?
thanks for your advice!
To your point on MSFT managed keys. How does microsoft encrypt/decrypt storage if we use user-managed keys? Thanks in advance.
I love your channel, it's really great.
This is amazing thanks!
Great vid
hello, may be you could possibly add something related to the difference btw ACL and RBAC ways of providing access to Gen2. Something which interests to a administrator as well.. thanks
Great tutorial! Can you please help on how to achieve folder security within a container.
Awesome work Dana … Can you do a video for this scenario -- Have a windows VM and have few files in storage account--- When I run a PS script in VM, it should access the storage account using Manage Identity .. right now we are using Keyvault for this procedure.
why did you stop uploading
Can you make more Azure videos please?
Hi Dana, great channel I watched all of your videos. Would you mind to comment on the following extract from Microsoft: "Authorizing requests against Azure Storage with Azure AD provides superior security and ease of use over Shared Key authorization. Microsoft recommends using Azure AD authorization with your blob and queue applications when possible to minimize potential security vulnerabilities inherent in Shared Key." Source: docs.microsoft.com/en-gb/azure/storage/common/storage-auth-aad. From my understanding when talking about "Shared Key", MS is referring to SAS, am I getting this right? It seems that by using AAD authentication developers would not need an Access Key or SAS to access the storage as the application or VM can get direct access with RBAC permission using a Managed Identity.
The problem with any cloud service is that to have a proper solution, you have to use more cloud services. Money thrown on top of money
Do not use disk based encryption or at least be really, really careful with It. If you have a file server it rules out file restores and you can only restore the vm and there is no turning back when done. I find it completely unacceptable Microsoft have It in the advisory with out any mention of the risks but that’s typical Microsoft. Microsoft are absolutely dreadful at communicating issues and gotchas like this. You need to,do your own research. Don’t just listen to what people say.Do your research and don’t rely on one person or one article, especially just relying on Microsoft docs. A lot of them are poorly written, out of date or lacking in informing people of potential risks. Can you imagine having a Few TBs file server and using disk based encryption and then not being able to revert back?