Let's provision a premium Azure storage account and create your FsLogix file share. In the Azure portal, I've already created a resource group called RG-AVD-Storage, to hold our storage account. Click the Create button at the top, and in the search box type, "storage account," then click on the first item to create it. Like all resources in Azure, each storage account needs to reside in a subscription and a resource group, and those have already been selected here for us. I'll call my storage account AVDstorage01, but be aware that this name won't work for you, because all storage accounts must have globally unique names. As for the region, to keep latency as low as possible, the storage account should be located in the same region as your session host virtual machines.

Now, we haven't created any VMs as part of this course, so I'll locate the storage account in the East US, because that's the one that nearest where I am. In the Performance section, we want to select Premium, and for our premium account type, select File Shares. The next section is on redundancy. Here we have two options today, LRS, which is locally redundant storage, and ZRS, which is zone redundant storage. To know which one is right for you, you need to understand how storage is protected in Azure. Every byte of data in the cloud is written three times on the backend of Azure, no matter if it's a disk or a storage account, every scrap of data is written to three separate drives. This allows Microsoft to protect your data in the case of any one of those discs failing.

This is LRS. In the ZRS, we do the same concept as LRS, but those disks are in multiple Azure availability zones within the region. This is not really a disaster recovery solution per se, but a high availability solution. So the question for you to answer, is how much high availability do you need. In LRS, if something happened to the zone where your storage accounts have landed, the data may be unrecoverable, and you'd have to go to your disaster recovery solution. ZRS gives you a little more protection by spreading the load across the different availability zones within the region that you selected. In the case of premium files for FsLogix file share, I'm going to choose LRS, because we have some different options to protect the share, that we'll get into in another course. Click, Next.

On the advanced screen, we can accept all of the default options and click Next. On the Networking screen, we have some choices. All Azure storage accounts, just like any other Azure PaaS solution, have multiple end points for you to communicate with. There are public end points, which are accessible from the internet, assuming you had a security token. Public end points for selected networks, is where we isolate access to the storage account to a virtual network in Azure. And finally, private end points. This is where a unique IP address within your virtual network is created, and assigned to the file share, so we can create network security rules to allow or deny traffic to it.

For today, we'll use the selected network, public endpoint and isolate our storage account to our virtual network in Azure. But if your requirements call for least privilege access, then I would recommend the private end point option, which will use the Azure private link service. Now that we've selected that option, we have to pick the virtual network and sub-net that we want to grant access to. Let's click Next, and look at our data protection.

Notice here that soft delete for seven days is recommended by default for your file shares. Soft delete allows any files that are deleted, to be retained in the storage account for direct recovery, without having to go to your backups. That's definitely a convenient option, so we'll leave that enabled, and click Next. Here's where you can add your tags. Tags in Azure are metadata that you can assign to your resources that help you not only with organization, but you can also automate against them.

Your tagging strategy should be well thought out in advance, in a way that is most meaningful to your organization, so you don't end up with random tags that nobody knows what to do with. These are the standard tags that I like to use: application, cost center, environment, owner, and support contact. These tags let me know, what application the storage account is related to, who's going to be billed for it, whether this is for production or a lab environment, who is the owner of this resource, and how I can get in touch with them in case of a support issue. Click the Review and Create button to build your storage account.