Learning Objectives

• Configure security policies to classify, protect, and manage data
• Configure data retention for storage and databases
• Set up Azure SQL security features and auditing
• Learn how to configure storage account security and access
• Learn how to secure HDInsight clusters
• Configure Cosmos DB security
• Configure Data Lake security
• Learn good design features of an Azure application
• See how Azure App Services can secure your app
• See how a governance policy can help formalize security requirements

Intended Audience

• People preparing for Microsoft’s AZ-500 exam
• System administrators
• App developers

Prerequisites

• Experience with Microsoft Azure
• Experience with Office 365
• Basic knowledge of computer security principles
• Basic networking knowledge

When you create a storage account, a key is automatically generated by Azure. The account name and key act as a username and password for accessing the storage account. These keys (there are two of them), are available to view through the Access keys under your storage account settings.

You can easily regenerate the keys by clicking on the blue circular arrows next to key1 and key2. You can also use your own keys to manage storage encryption. This is called customer-managed keys, where you generate or import your own keys and then use the Azure Key Vault to store and manage them.

To use customer-managed keys for storage and encryption, go to your storage account and select Encryption under settings. Click the "Use your own key" checkbox. Click Select from Key Vault radio button, and then click Select under Key Vault to select the key vault you want to use.

If a key doesn't yet exist, you can create one here by clicking Generate/Import. Give your key a name and set any parameters you need to, like type, size, activation, and expiration dates. Click the Create button. Now select your key from the vault and click Save.