Azure storage services, tiers, redundancy options, and migration options and tools.
Upon completion of this module, you will be able to:
- Compare Azure storage services
- Describe storage tiers
- Describe redundancy options
- Describe storage account options and storage types
- Identify options for moving files, including AzCopy, Azure Storage Explorer, and Azure File Sync
- Describe migration options, including Azure Migrate and Azure Data Box
Implement account-level security controls and access governance for Azure Storage. Configure secure transfer settings, choose appropriate authorization models, apply stored access policies for SAS lifecycle management, and enforce Shared Key disable using Azure Policy.
After completing this module, you'll be able to:
- Configure storage account security settings including secure transfer, minimum Transport Layer Security (TLS), and anonymous access controls
- Select an appropriate authorization model for different access scenarios including managed identity for AI agent workloads
- Create and manage stored access policies to control SAS token lifecycle
- Disable Shared Key authorization and enforce compliance using Azure Policy
Configure network-layer access controls for Azure Storage accounts. Apply firewall rules, define virtual network and IP-based access, configure resource instance rules for Azure AI services, manage trusted service exceptions, and implement private endpoints to eliminate public endpoint exposure.
After completing this module, you'll be able to:
- Describe how Azure Storage firewall rules restrict access through the public endpoint
- Create virtual network rules and IP network rules for approved sources
- Configure resource instance rules for Azure AI and PaaS services
- Add trusted service exceptions for Azure platform services
- Implement private endpoints for fully private storage connectivity
Enable and configure Microsoft Defender for Storage to detect threats against Azure Blob Storage, Azure Files, and Azure Data Lake Storage. Configure activity monitoring, malware scanning with cost controls, sensitive data threat detection, and alert routing to ensure Defender outputs reach the appropriate security team.
After completing this module, you'll be able to:
- Describe the three detection pillars of Microsoft Defender for Storage and how they differ from the classic plan
- Enable Defender for Storage at subscription and resource level using policy-driven deployment
- Configure malware scanning with monthly GB caps for cost control
- Configure sensitive data threat detection
- Configure alert notifications and verify that Defender outputs reach the appropriate security team

Syllabus

Describe Azure storage services
- Introduction
- Describe Azure storage accounts
- Describe Azure storage redundancy
- Describe Azure storage services
- Identify Azure data migration options
- Identify Azure file movement options
- Module assessment
- Summary
Implement security and manage access for Azure Storage
- Introduction
- Configure storage account security settings
- Select an authorization model for Azure Storage
- Manage access with stored access policies
- Disable Shared Key authorization and enforce with Azure Policy
- Knowledge check
- Summary
Configure network security for Azure Storage
- Introduction
- Describe Azure Storage network security controls
- Configure virtual network and IP rules
- Configure resource instance rules and trusted services
- Implement private endpoints for storage accounts
- Knowledge check
- Summary
Implement Microsoft Defender for Storage
- Introduction
- Explore Microsoft Defender for Storage capabilities
- Enable and deploy Defender for Storage
- Configure malware scanning and sensitive data detection
- Configure alert routing and validate Defender coverage
- Knowledge check
- Summary