azure:az-500:alt:azure_storage

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
azure:az-500:alt:azure_storage [2022/07/26 12:32] – [Encryption] mmuzeazure:az-500:alt:azure_storage [2023/02/07 14:42] (current) mmuze
Line 41: Line 41:
 ===== Stored Access Policy ===== ===== Stored Access Policy =====
 > A stored access policy provides an additional level of control over service-level shared access signatures (SAS) on the server side. > A stored access policy provides an additional level of control over service-level shared access signatures (SAS) on the server side.
-  * A [[https://docs.microsoft.com/en-us/rest/api/storageservices/define-stored-access-policy|stored access policy]] is an additional level of protection that can be used in conjunction with //service-level shared access signatures (SAS)// authentication. It provides and expiration date and permissions that can be used independent of the SAS token/URL. This provides more flexibility for revoking access.+ 
 +  * A [[https://docs.microsoft.com/en-us/rest/api/storageservices/define-stored-access-policy|stored access policy]] is an additional level of protection that can be used in conjunction with //service-level shared access signatures (SAS)// authentication. It provides an expiration date and permissions that can be used independent of the SAS token/URL. This provides more flexibility for revoking access.
   * [[https://docs.microsoft.com/en-us/rest/api/storageservices/define-stored-access-policy]]   * [[https://docs.microsoft.com/en-us/rest/api/storageservices/define-stored-access-policy]]
  
 +> To revoke a stored access policy, you can delete it, rename it by changing the signed identifier, or change the expiry time to a value in the past. Changing the signed identifier breaks the associations between any existing signatures and the stored access policy. Changing the expiry time to a value in the past causes any associated signatures to expire. Deleting or modifying the stored access policy immediately affects all of the shared access signatures associated with it.
 ====== Storage Service Encryption ====== ====== Storage Service Encryption ======
   * All data (including metadata) written to Azure Storage is automatically encrypted using Storage Service Encryption (SSE).   * All data (including metadata) written to Azure Storage is automatically encrypted using Storage Service Encryption (SSE).
Line 71: Line 73:
   * An encryption scope can be applied to a container or blob itself   * An encryption scope can be applied to a container or blob itself
   * If an encryption scope is set at the container level then one cannot be set at the blob level.   * If an encryption scope is set at the container level then one cannot be set at the blob level.
 +  * **MMK:** Microsoft Managed Keys
 +  * **CMK:** Customer Managed Keys
  
 ====== Azure Files ====== ====== Azure Files ======
Line 83: Line 87:
 ====== Azure Disks ====== ====== Azure Disks ======
 > Block-level storage volumes for Azure VMs. > Block-level storage volumes for Azure VMs.
 +===== Azure Disk Encryption =====
 +  * [[https://learn.microsoft.com/en-us/azure/virtual-machines/disk-encryption-overview]]
  
 +===== Windows =====
 +  * DE is support for standard tier VMs
  
- +===== Linux ===== 
- +  * For Linux scale sets only encryptions is supported on the data volume, but **not** the OS volume 
 +  * Encryption is **not** supported for customer Linux images—only the Gallery images are supported.
  • azure/az-500/alt/azure_storage.1658838753.txt.gz
  • Last modified: 2022/07/26 12:32
  • by mmuze