Notice a pattern in the last few episodes? Just because you have Cloud IT doesn't mean you should leave your ass(ets) open to the Internet without applying security controls. 🤣

Excellent short and precise video Dana

This man is a legend. Thanks

Great video.

Nice one.

This is an extremely good tutorial on storage accounts. Short, complete, and accurate.

Who gives this video thumbs down???? As far as I can tell this man is doing more for people than the guy who gave it thumbs down. Who probably isn't doing anything !!!

Really helpful , short , simple and concise.

Loving these videos so far! Can you cover AKS and some tips to keep that secure?

Big fan of this channel.

Great video. Clear fast and full of handy tips. Thanks!

Your really rocking. I like the way you explain and its crystal clear.

Thanks for another great tutorial. Very useful.

Awesome video, keep posting Azure cloud security videos.

Thank you so much for the great content. It was very helpful for me.

Great vid

Helpful video. You deserve a lot more subscribers. Thanks

Thanks for this and all your other videos. Do you by any chance have a video on generating a sas key in key vault as you mentioned in this video? Thanks

thanks for your advice!

Very nice tip to use Azure Automation to create SAS tokens and update secret in KeyVault. I normally use Azure RBAC for accessing storage and disable access keys completely but good to know about this fully automated approach too.

Good content on Azure Storage security essentials!

I love your channel, it's really great.

Only 2500 views :( ... the channel is great, I love it.

Good content. Thanks for sharing

This is amazing thanks!

Great tutorial! Can you please help on how to achieve folder security within a container.

hello, may be you could possibly add something related to the difference btw ACL and RBAC ways of providing access to Gen2. Something which interests to a administrator as well.. thanks

Awesome work Dana … Can you do a video for this scenario -- Have a windows VM and have few files in storage account--- When I run a PS script in VM, it should access the storage account using Manage Identity .. right now we are using Keyvault for this procedure.

To your point on MSFT managed keys. How does microsoft encrypt/decrypt storage if we use user-managed keys? Thanks in advance.

Thanks for this video. My issue with the Azure Storage tutorials I have followed so far, is that my server side code (the API) is running with full admin priviledges to the storage account and uses code to hand out SAS keys to clients. This must be bad practise! I want the code to run with minimal priviledges. You address this at 5:40 - 6:10 in the video. Could you please point me towards info on how to actually implement this?

Hi Dana, great channel I watched all of your videos. Would you mind to comment on the following extract from Microsoft: "Authorizing requests against Azure Storage with Azure AD provides superior security and ease of use over Shared Key authorization. Microsoft recommends using Azure AD authorization with your blob and queue applications when possible to minimize potential security vulnerabilities inherent in Shared Key." Source: docs.microsoft.com/en-gb/azure/storage/common/storage-auth-aad. From my understanding when talking about "Shared Key", MS is referring to SAS, am I getting this right? It seems that by using AAD authentication developers would not need an Access Key or SAS to access the storage as the application or VM can get direct access with RBAC permission using a Managed Identity.

Can you make more Azure videos please?

why did you stop uploading

Do not use disk based encryption or at least be really, really careful with It. If you have a file server it rules out file restores and you can only restore the vm and there is no turning back when done. I find it completely unacceptable Microsoft have It in the advisory with out any mention of the risks but that’s typical Microsoft. Microsoft are absolutely dreadful at communicating issues and gotchas like this. You need to,do your own research. Don’t just listen to what people say.Do your research and don’t rely on one person or one article, especially just relying on Microsoft docs. A lot of them are poorly written, out of date or lacking in informing people of potential risks. Can you imagine having a Few TBs file server and using disk based encryption and then not being able to revert back?