Implement security for Azure Storage for the cloud and AI security engineer
At a glance
-
Level
-
Skill
-
Role
-
Subject
Implement a defense-in-depth security strategy for Azure Storage. In this learning path, you harden storage accounts against common attack vectors, and govern access with Microsoft Entra ID managed identities and stored access policies. Next you configure network perimeter controls using firewall rules and private endpoints, and enable Microsoft Defender for Storage to detect threats including malicious file uploads and compromised AI agent credentials.
Prerequisites
- Familiarity with Azure Storage accounts including Blob Storage and Azure Files
- Understanding of Azure role-based access control (RBAC) and managed identities
- Familiarity with Microsoft Defender for Cloud at a foundational level
Get started with Azure
Choose the Azure account that's right for you. Pay as you go or try Azure free for up to 30 days. Sign up.
Achievement Code
Would you like to request an achievement code?
Modules in this learning path
This module introduces you to storage in Azure, including things such as different types of storage and how a distributed infrastructure can make your data more resilient.
Implement account-level security controls and access governance for Azure Storage. Configure secure transfer settings, choose appropriate authorization models, apply stored access policies for SAS lifecycle management, and enforce Shared Key disable using Azure Policy to protect storage accounts used by AI agents and enterprise workloads.
Configure network-layer access controls for Azure Storage accounts. Apply firewall rules, define virtual network and IP-based access, configure resource instance rules for Azure AI services, manage trusted service exceptions, and implement private endpoints to eliminate public endpoint exposure.
Enable and configure Microsoft Defender for Storage to detect threats against Azure Blob Storage, Azure Files, and Azure Data Lake Storage. Configure activity monitoring, malware scanning with cost controls, sensitive data threat detection, and alert routing to ensure Defender outputs reach the appropriate security team.