23 hours 16 minutes

Video Transcription

Hello and welcome back to Cyber Aires. Microsoft Azure Administrator. A Z 103 Course. This is Episode 23 Storage Explorer and a bonus. I'm your instructor, Will Carlson.
In today's episode, we're going to discuss Storage Explorer and what exactly it is
we're going to discuss storage access policies and how they help us alleviate some of the concerns with the two previous access control methods. And we're also going to talk about a bonus how Microsoft is helping us avoid some client side install software. If we choose to
to get started. Let's jump into the Internet here and look at Storage Explorer
now. Yes, you've probably figured it out already. Storage Explorer is a client side installed piece of software I know in today's Beyond Web 2.0, World, how much administrators typically don't like installing client side software, but that's what Storage Explorer is, and it is a testable item on the A Z one of three exam. So
I'm gonna go ahead and download the tool
and install it as soon as that's downloaded and installed will catch back up for the initial configuration
now that we have Storage Explorer installed and we started the application. We're gonna be greeted by this screen here and obviously, as a client site install, we have to connect Storage Explorer to our azure storage account. There are a number of options here that we can use to do that, but we're going to simply use an azure account.
I'm gonna sit next here,
and that's gonna prompt us to sign in with our azure credentials.
Now that I've authenticated to my azure account, you can see all of the storage here within our azure account.
Here's the storage account that we've been dealing with in the past few episodes.
We're gonna see our blob containers and our file shares as well.
Now we can essentially do all of the operations relating to storage here in the Storage Explorer that we could do on the portal.
Now, one of the things that Storage Explorer enables us to do is to set a stored access policy, and this is particularly important. Please recall the limitations with a shared access signature is that there's no efficient way to revoke a shared access signature
because when we set up that shared access signature,
we are marrying the start and expiration time to the shared access signature or the SAS token itself.
Stored access policies allow us to decouple those two things so that we can have a shared access signature associated with an access policy that is separate. And to illustrate that, I'm gonna go ahead and click here on blob storage,
but I'm gonna go down to manage access policies.
Now, remember, Blob storage is just our blob storage container. We could have come up with a more descriptive name here that might have made this make a little more sense. But again, this is just the container that is in our blood storage toe. Hold some of our blobs. Basically a folder.
I'm gonna go ahead and select, adhere for access policy. And this should look very familiar to what we set up on the shared access signature.
I'm gonna go ahead and hit save here,
and that's how you generate a stored access policy. Now, how do you use that stored access policy?
I'm gonna go ahead and click back on the blob storage container and select Get shared access signature
and up here, you see the drop down for access policy. I'm gonna select the access policy that we just created.
I'm gonna leave things as default and hit create.
And now we're given the three familiar strings from Portal. When we created a shared access signature in the previous episode again, we would need to copy this information off so that we could use it to access our blob storage because once I hit close, it's going to go away.
But now, if you'll remember our example of a contractor who terminated before the end of their contract, and we had given a shared access signature for the term of their contract with the company
before, there wasn't a simple way to revoke the shared access signature.
But now, through the magic of stored access policies, I can simply come in here, right, click on the blob storage container
and select manage access policies.
And in the case of our contractor who left before the end of his contract, all I have to do is select, remove
and hit save,
and that's revoked that contractor's access without having to perform key rolling or deleting the storage altogether.
I think it's easy to see that that's a whole lot more manageable and maintainable than the other two options.
And yet we get to do that here through azure Storage Explorer.
Well, that's not the end of the story. Thankfully, I'm gonna go ahead and close out of Azure storage. Explorer pulls out of this website, and we're gonna die right back down into that storage account here in Portal.
Gonna come down here to blobs,
and I'm gonna select the container that we were just talking about.
Now you'll notice over here on the left, under settings, we now have an option called access policy. And if I click on this
currently, we don't see any access policies, but I can add an access policy here.
And I can name this
contractor policy.
We're gonna go ahead and allow Reed, and we're well out. Everything.
We could set a date in the time and we can select. Okay,
We're gonna go ahead and click Save,
and there you have it. We've now created a stored access policy here within Azure. This was a very welcome piece of functionality for Microsoft to add in directly in portal because we no longer have to use
the storage Explorer to get that job done.
How do I use that stored access policy that we just were finally able to create here in portal. So I just go into the storage. So I go into the blob container. Well, no, you don't do any of those right now what we can do. Thanks to storage Explorer preview
is see a limited version of the Storage Explorer here in Portal. I'm gonna go to Blob Containers. Gonna right click on my container.
Gonna say, get shared access, signature. And this should look very familiar to the storage Explorer example that we had on our client side Install.
And that's how you can set a shared access signature with a stored access policy right here in portal.
So in today's episode, we talked about managing a storage account with the client side Storage Explorer tool and how that allows us to set a storage excess policy which alleviate some of the pains that we had with access keys and sass tokens.
We also talked about how we can go in and see a limited version of Storage Explorer in Azure that's currently in preview but likely will continue to be developed out
now. We also talked about how we thankfully, can manage stored access policies within the portal now as well.
Coming up next, we're gonna talk about how to get large amounts of information into the azure ecosystem. If we have either too much information or on Internet connection, that's a little bit slower than we might like. Thanks much for joining me today, and I'm looking forward to seeing you in the next video.

Up Next

AZ-103 Microsoft Azure Administrator

This Microsoft Azure AZ-103 Certification training course teaches students to perform tasks like managing Azure subscriptions and resources, implementing and managing storage, deploying and managing virtual machines (VM) and networks, and managing identities!

Instructed By

Instructor Profile Image
Will Carlson
Director of IT and Cybersecurity
Senior Instructor