Task 1: Provision the lab environment
Task 2: Create and configure Azure Storage accounts
Task 3: Manage blob storage
Task 4: Manage authentication and authorization for Azure Storage
Task 5: Create and configure an Azure Files shares
Task 6: Manage network access for Azure Storage
Connect-AzAccount -TenantId a-numberwith-letters
$l = "West Europe"
$rg = "az104-07-rg0"
New-AzResourceGroup -Name $rg -Location $l
#PS C:\Users\name\Desktop\AZ-104 all labs\07>
New-AzResourceGroupDeployment -ResourceGroupName $rg -TemplateFile .\az104-07-vm-template.json -TemplateParameterFile .\az104-07-vm-parameters.json -AsJob
Task 1: Provision the lab environment
Task 2: Create and configure Azure Storage accounts
In the Redundancy drop-down list select Locally redundant storage (LRS) and save the change. Note, at this point, the Storage account has only the primary location.
Task 3: Manage blob storage
Upload the license file
View the options after upload
What is lease, its a lock
Add lease
Remove lease
Task 4: Manage authentication and authorization for Azure Storage
On the licenses/LICENSE blade, on the Overview tab, click Copy to clipboard button next to the URL entry.
Open another browser window by using InPrivate mode and navigate to the URL you copied in the previous step.
You should be presented with an XML-formatted message stating ResourceNotFound or PublicAccessNotPermitted.
On the Generate SAS tab of the licenses/LICENSE blade, specify the following settings (leave others with their default values):
Setting | Value |
---|---|
Signing key | Key 1 |
Permissions | Read |
Start date | yesterday’s date |
Start time | current time |
Expiry date | tomorrow’s date |
Expiry time | current time |
Allowed IP addresses | leave blank |
Note: If you are using Microsoft Edge, you should be presented with the The MIT License (MIT) page. If you are using Chrome, Microsoft Edge (Chromium) or Firefox, you should be able to view the content of the file by downloading it and opening it with Notepad.
Note: This is expected, since now your access is authorized based on the newly generated the SAS token.
Note: Save the blob SAS URL. You will need it later in this lab.
Click the Switch to the Azure AD User Account link next to the Authentication method label.
Note: You can see an error when you change the authentication method (the error is “You do not have permissions to list the data using your user account with Azure AD”). It is expected.
Note: At this point, you do not have permissions to change the Authentication method.
On the az104-07-container blade, click Access Control (IAM).
Click Review + Assign and then Review + assign, and return to the Overview blade of the az104-07-container container and verify that you can change the Authentication method to (Switch to Azure AD User Account).
Note: It might take about 5 minutes for the change to take effect.
Swap
Task 5: Create and configure an Azure Files shares
Note: Before you start this task, verify that the virtual machine you provisioned in the first task of this lab is running.
Create a share and edit quota
Setting | Value |
---|---|
Name | az104-07-share |
Click the newly created file share and click Connect.
Select windows and copy the script
On the az104-07-vm0 – Run command blade, click RunPowerShellScript.
On the Run Command Script blade, paste the script you copied earlier in this task into the PowerShell Script pane and click Run.
Verify that the script completed successfully.
# Replace the content of the PowerShell Script pane with the following script and click Run:
New-Item -Type Directory -Path 'Z:\az104-07-folder'
New-Item -Type File -Path 'Z:\az104-07-folder\az-104-07-file.txt'
Verify that the script completed successfully.
Navigate back to the az104-07-share file share blade, click Refresh, and verify that az104-07-folder appears in the list of folders.
Bad tutorial, hm, lets fix this
Troubleshoot
1 success
Test-NetConnection -ComputerName az10407staccountwe.file.core.windows.net -Port 445
TcpTestSucceeded : True
2 Restart the VM, no success
3 Run the same script locally as admin, success, we can reach the storage account
4 Navigate to to fileshare, success.
\\az10407staccountwe.file.core.windows.net\az104-07-share\az104-07-folder
This is the folder and file we create from Run Command blade
5 Map the drive, success
Add path to the storage account, no credentials
Result is path with Z:
Windows explorer
Good
Upload new files from the storage account
view them on the VM
Task Extra: Restart VM
Drive and access is still success
Task 6: Manage network access for Azure Storage
In the Azure portal, navigate back to the blade of the storage account you created in the first task of this lab and, in the Security + Networking section, click Networking and then click Firewalls and virtual networks.
Click the Enabled from selected virtual networks and IP addresses option and review the configuration settings that become available once this option is enabled.
Note: You can use these settings to configure direct connectivity between Azure virtual machines on designated subnets of virtual networks and the storage account by using service endpoints.
Extra, while we are here, lets only allow our IP and not the VM’s vnet.
Click the checkbox Add your client IP address and save the change.
Open another browser window by using InPrivate mode and navigate to the blob SAS URL you generated in the previous task.
Note: If you did not record the SAS URL from task 4, you should generate a new one with the same configuration. Use Task 4 steps 4-6 as a guide for generating a new blob SAS URL.
We can download the file
In the Azure portal, open the Azure Cloud Shell by clicking on the icon in the top right of the Azure Portal.
If prompted to select either Bash or PowerShell, select PowerShell.
From the Cloud Shell pane, run the following to attempt downloading of the LICENSE blob from the az104-07-container container of the storage account (replace the [blob SAS URL] placeholder with the blob SAS URL you generated in the previous task):
Invoke-WebRequest -URI '[blob SAS URL]'
Verify that the download attempt failed.
Now the VM should not have access, since we removed the Enable all to Enable selected
Add the VM Vnet, and test again, it could take 15 min
Save the changes, 13:08
13:23, Try to access storage storage account from VM, is success
Task Extra: Move all resources to a different resource group
NOTE: ALL resources are in the same resource group here
Create a new resource group in Sweden
Select all and try to move
Next
Checking whether these resources can be moved. This might take a few minutes
Source subscription Pay-As-You-Go
Source resource group az104-07-rg0
Target subscription Pay-As-You-Go
Target resource group az104-07-rg1
Number of resources to move
7