Azure Storage

This is an old revision of the document!

storage accounts provide the logical container/namespace for storage services like, blob containers, file shares, queues and tables.

General-purpose v2 accounts - Basic storage account type for blobs, files, queues, and tables. Recommended for most scenarios using Azure Storage.
General-purpose v1 accounts - Legacy account type for blobs, files, queues, and tables. Use general-purpose v2 accounts instead when possible.
Block Blob Storage (premium) accounts - Premium storage account type for block blobs and append blobs. Recommended for scenarios with high transaction rates or that use smaller objects or require consistently low storage latency.
File Storage accounts
Blob Storage accounts - Legacy Blob-only storage accounts. Use general-purpose v2 accounts instead when possible.

Azure Active Directory (Azure AD) integration/RBAC
- This is the generally recommend method to use
- You can grant permissions that are scoped to the level of an individual container or queue.
Shared Key for blobs, files, queues, and tables. A client using Shared Key passes a header with every request that is signed using the storage account access key.
- It is recommended to disable and not use this option.
- MS recommends using Azure AD/RBAC instead of this option
- If shared keys are used it is recommended to use Azure Key vault and to rotate keys periodically.
Shared Access Signature (SAS)

A massively scalable object store for text and binary data. Also includes support for big data analytics through Data Lake Storage Gen2.

block blobs
- used for text and binary files
- optimized for uploading large amounts of data efficiently
- block blobs can store up to about 190.7 TiB
append blobs
- optimized for append operations. log files is a common use case
page blobs
- support random read/write operations for things like VHD disk images for VMs
- store random access files up to 8 TiB in size