<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Emmanuel</title>
    <description>The latest articles on DEV Community by Emmanuel (@degreatkhali).</description>
    <link>https://dev.to/degreatkhali</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3885718%2F9d4e31e7-b9bd-4392-a0d8-d96bed4acd0a.jpg</url>
      <title>DEV Community: Emmanuel</title>
      <link>https://dev.to/degreatkhali</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/degreatkhali"/>
    <language>en</language>
    <item>
      <title>Azure Management Task: Clean Up Everything (Part 5)</title>
      <dc:creator>Emmanuel</dc:creator>
      <pubDate>Sat, 27 Jun 2026 13:28:59 +0000</pubDate>
      <link>https://dev.to/degreatkhali/azure-management-task-clean-up-everything-part-5-3dk9</link>
      <guid>https://dev.to/degreatkhali/azure-management-task-clean-up-everything-part-5-3dk9</guid>
      <description>&lt;p&gt;We have built, configured, secured, and tagged a complete Azure environment over the past four posts. Now it's time to tear it all down, and doing this properly is just as much an admin skill as building it up.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 1: Remove the Delete Lock&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Remember the Delete lock we added to guided-project-vm in Part 4? It will block deletion if we do not remove it first. Locks have to go before resources do.&lt;/p&gt;

&lt;p&gt;Step 1: Log in to &lt;a href="https://portal.azure.com/" rel="noopener noreferrer"&gt;Microsoft Azure &lt;/a&gt;&lt;br&gt;
In the Azure portal, search for Virtual machines and &lt;br&gt;
Step 2: Select guided-project-vm. Under Settings, &lt;br&gt;
Step 3: Select Locks. On the VM-delete-lock row, &lt;br&gt;
Step 4: click Delete, &lt;br&gt;
Step 5: Then confirm.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fuurspwmxs8e239uvv6ck.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fuurspwmxs8e239uvv6ck.png" alt=" " width="800" height="275"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 2: Delete the Project Resource Group&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Here is where resource groups really earn their keep. Instead of deleting each resource individually, deleting the resource group wipes everything inside it at once: the VM, VNet, NSG, storage account, all of it.&lt;/p&gt;

&lt;p&gt;Search for Resource groups. &lt;br&gt;
Step 1: Select guided-project-rg.&lt;br&gt;
Step 2: Click Delete resource group.&lt;br&gt;
Step 3: Check Apply force delete - to handle any running resources like the VM. Step 4: Type guided-project-rg in the confirmation box, and next Step click Delete. Step 5: Then confirm.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F3s0u9arm66k6zyckler4.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F3s0u9arm66k6zyckler4.png" alt=" " width="799" height="353"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fhmq4u281mliw9y1h69q9.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fhmq4u281mliw9y1h69q9.png" alt=" " width="718" height="570"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Deletion takes around 5 minutes. Refresh the resource groups list periodically until guided-project-rg disappears.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Step 3: Delete NetworkWatcherRG (If Applicable)&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Azure may have automatically created a NetworkWatcherRG resource group when you provisioned the VNet. Whether you need to delete it depends on whether it existed before you started this series.&lt;/p&gt;

&lt;p&gt;If NetworkWatcherRG existed before you started, you can leave it alone. It belongs to something else.&lt;br&gt;
If it was created during this project, delete it now using the same process as above: open the resource group, click Delete resource group, type NetworkWatcherRG to confirm, and delete.&lt;/p&gt;

&lt;p&gt;A clean subscription, no lingering costs, and a complete end-to-end Azure project under your belt.&lt;/p&gt;

&lt;p&gt;Over this series, you provisioned a full Azure environment from scratch, secured a virtual network with subnets and NSGs, managed a virtual machine and storage account, applied tags for visibility, protected critical resources with locks, and cleaned everything up properly. That is the full lifecycle of Azure resource management.&lt;/p&gt;

&lt;p&gt;Kindly share and leave your comments.&lt;/p&gt;

</description>
      <category>azure</category>
      <category>managementtask</category>
      <category>cleanupresource</category>
      <category>deletelocks</category>
    </item>
    <item>
      <title>Mastering Azure Management, Part 4: Organizing with Tags and Protecting with Locks</title>
      <dc:creator>Emmanuel</dc:creator>
      <pubDate>Fri, 26 Jun 2026 18:59:30 +0000</pubDate>
      <link>https://dev.to/degreatkhali/mastering-azure-management-part-4-organizing-with-tags-and-protecting-with-locks-2icf</link>
      <guid>https://dev.to/degreatkhali/mastering-azure-management-part-4-organizing-with-tags-and-protecting-with-locks-2icf</guid>
      <description>&lt;p&gt;Over the past three posts, we created the foundational infrastructure, segmented the virtual network with a dedicated FTP subnet, secured it with a Network Security Group, and worked with our virtual machine and storage account.&lt;/p&gt;

&lt;p&gt;We are going to add tags to our resources so the team can track what is what, and we will apply a resource lock to our VM to avoid accidental deletion.&lt;/p&gt;

&lt;p&gt;This post wraps up the series. Ensure you have the guided-project-vm virtual machine and guided-project-vnet virtual network from the previous exercises already in place.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;What Are Tags?&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;Tags are simple key-value pairs you attach to Azure resources. A tag might look like Department: Customer Service or Purpose: FTP Server. They do not affect how a resource behaves; they just add metadata that makes filtering, reporting, and cost tracking easier.&lt;/p&gt;

&lt;p&gt;Imagine this: Your finance team asks for a cost breakdown by department, and you have no way to filter spending. Or worse, someone accidentally deletes the production VM during a routine cleanup. Both scenarios are nightmares. Tags and resource locks exist to prevent exactly these disasters, and they take about 5 minutes to set up.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;What Are Resource Locks?&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;A resource lock is exactly what it sounds like: a safeguard that prevents a resource from being modified or deleted, even by users who have permission to do so. Azure offers two lock types:&lt;/p&gt;

&lt;p&gt;Delete — prevents deletion, but allows modifications.&lt;br&gt;
ReadOnly — prevents both deletion and modifications.&lt;/p&gt;

&lt;p&gt;Locks are especially useful for critical infrastructure. If a VM is running a production workload, a Delete lock means no one — including an admin having a bad day can remove it without first explicitly removing the lock. It is a simple but powerful safety net.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Task 1: Add Tags and a Lock to the Virtual Machine&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;We will start with the VM, since it needs both tags and a lock. It is efficient to handle both. Add Tags to the VM&lt;/p&gt;

&lt;p&gt;Step 1: Log in to the &lt;a href="https://portal.azure.com/" rel="noopener noreferrer"&gt;Azure portal&lt;/a&gt;.&lt;br&gt;
Step 2: In the search bar, type Virtual machines and select it under Services.&lt;br&gt;
Step 3: Select guided-project-vm from the list.&lt;br&gt;
Step 4: In the left-hand menu, select Tags.&lt;/p&gt;

&lt;p&gt;On the first row, enter Department for Name and Customer Service for Value. On the second row, enter Purpose for Name and FTP Server for Value. Click Apply.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fy5gpeqyi9net5fgndu87.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fy5gpeqyi9net5fgndu87.png" alt=" " width="800" height="366"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The VM is now tagged. Anyone browsing resources across the subscription can immediately see what this machine does and who it serves.&lt;/p&gt;

&lt;p&gt;Add a Delete Lock to the VM&lt;/p&gt;

&lt;p&gt;While we are still in the VM blade, let us add the lock. No need to navigate away. In the left-hand menu, expand Settings if it is not already open. &lt;/p&gt;

&lt;p&gt;Step 1: Select Locks.&lt;br&gt;
Step 2: Click + Add.&lt;br&gt;
Step 3: For Name, enter VM-delete-lock.&lt;br&gt;
Step 4: For Lock type, select Delete.&lt;br&gt;
Optionally, add a note explaining the lock. This note is visible to anyone who encounters the lock later, which helps avoid confusion.&lt;br&gt;
Step 5: Click OK.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F9lzju8d94ktzvii0aphe.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F9lzju8d94ktzvii0aphe.png" alt=" " width="800" height="378"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The VM is now protected. Attempts to delete guided-project-vm will be blocked until this lock is removed, and removing a lock is a deliberate action that requires navigating to the Locks blade.&lt;br&gt;
Click Home to return to the portal home page.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Task 2: Add Tags to the Virtual Network&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;The VNet doesn't need a lock, but it should be tagged for the same visibility reasons. Notice that when you go to add tags here, Azure will offer Department as an existing tag name. It learned this from the tag we already applied to the VM. You can reuse it and just set a different value.&lt;/p&gt;

&lt;p&gt;From the portal home page, search for Virtual networks and select it.&lt;br&gt;
Step 1: Select guided-project-vnet.&lt;br&gt;
Step 2: In the left-hand menu, select Tags.&lt;br&gt;
Step 3: For Name, select Department from the dropdown (it should appear as an existing tag). For Value, enter IT.&lt;br&gt;
Step 4: Click Apply.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fctg71yytgqph1l07pf8t.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fctg71yytgqph1l07pf8t.png" alt=" " width="800" height="388"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The VNet is now tagged and attributed to the IT department.&lt;/p&gt;

&lt;p&gt;Here is a snapshot of everything in place:&lt;/p&gt;

&lt;p&gt;This is a real-world Azure environment pattern: segmented networking, tightened security rules, tagged resources for cost tracking and visibility, and locked critical infrastructure. These are not just lab exercises; they are the building blocks of how production environments are actually run.&lt;/p&gt;

&lt;p&gt;This series covered the fundamentals of &lt;a href="https://microsoftlearning.github.io/AZ-100-Get-started-with-Microsoft-Azure-Management-tasks/" rel="noopener noreferrer"&gt;Azure resource management&lt;/a&gt;. There is a lot more for us to explore together.&lt;br&gt;
In this series, we built a secure, organized, and protected Azure environment. You now know how to:&lt;/p&gt;

&lt;p&gt;Segment networks with subnets and NSGs&lt;/p&gt;

&lt;p&gt;Tag resources for instant visibility and cost tracking&lt;/p&gt;

&lt;p&gt;Lock critical assets to prevent disaster. &lt;/p&gt;

&lt;p&gt;Thanks for following along. I will be glad to hear from you. What Azure topic keeps you up? Networking? Cost management? Security? Drop a comment below, and will cover it in the next series.&lt;/p&gt;

</description>
      <category>locks</category>
      <category>tags</category>
      <category>azuremanagement</category>
      <category>resourcelocks</category>
    </item>
    <item>
      <title>Azure Management Task: Locking Down Your Storage #Part 3</title>
      <dc:creator>Emmanuel</dc:creator>
      <pubDate>Thu, 25 Jun 2026 21:27:51 +0000</pubDate>
      <link>https://dev.to/degreatkhali/azure-management-task-locking-down-your-storage-part-3-4662</link>
      <guid>https://dev.to/degreatkhali/azure-management-task-locking-down-your-storage-part-3-4662</guid>
      <description>&lt;p&gt;In this third installment, we are going to get hands-on with Azure Storage. Explore the practical steps of managing containers, file shares, and most importantly, securing access to the files within them.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Task 1: Creating a Storage Container&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;We need a place to store our files. In Azure Storage, a container is like a folder that holds your blobs.&lt;/p&gt;

&lt;p&gt;Navigate to your Storage Account: From the Azure portal home page, type "storage accounts" in the search box and select it from the results. Click on the storage account you created in the earlier preparation exercise. It should be linked to your resource group, like guided-project-rg.&lt;/p&gt;

&lt;p&gt;Add a Container: On your storage account's blade, locate the Data storage section in the left-hand menu, then select Containers.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F5aa9j7uj42ya0gnthi23.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F5aa9j7uj42ya0gnthi23.png" alt=" " width="800" height="349"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Create It: Click on the + Add button. A new pane will appear. Give your container a name, for example, storage-container.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fc1qk78g7n5qtyx8foqug.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fc1qk78g7n5qtyx8foqug.png" alt=" " width="713" height="479"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Uploading a File&lt;br&gt;
Now that we have a container, find any image file on your computer (or download one from the internet). Click on your newly created container, storage-container.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fraznazdg8t7ylbfxo3ig.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fraznazdg8t7ylbfxo3ig.png" alt=" " width="800" height="217"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Select Upload and browse to your chosen image file. Once uploaded, you will see it in the list.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F3z8zq40dylzho2wv90y1.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F3z8zq40dylzho2wv90y1.png" alt=" " width="799" height="240"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Task 2: Changing the Access Tier for a Blob&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Azure offers different access tiers to help you optimize costs based on how frequently you access your data.&lt;/p&gt;

&lt;p&gt;Hot: Optimized for data that is accessed frequently.&lt;/p&gt;

&lt;p&gt;Cool: For data that is infrequently accessed and stored for at least 30 days. Cold: For data that is rarely accessed and stored for at least 90 days. Archive: For data that is very rarely accessed and stored for at least 180 days.&lt;/p&gt;

&lt;p&gt;For our test file, it doesn't need to be in the Hot tier. Let us move it to Cold. Inside your storage container, click on the uploaded file's name (which is a hyperlink). On the file's overview page, select the Change tier button.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fgjzb5vzznq59iyws3evb.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fgjzb5vzznq59iyws3evb.png" alt=" " width="799" height="291"&gt;&lt;/a&gt;&lt;br&gt;
A pane will slide out. Select Cold and click Save.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fjjpqkbnjjlm3flso3amw.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fjjpqkbnjjlm3flso3amw.png" alt=" " width="368" height="575"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;You have just successfully changed the access tier for an individual blob. Remember, you can also set a default tier at the storage account level to apply to all new blobs.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Task 3: Creating and Managing a File Share&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Azure Files provides fully managed file shares in the cloud, accessible via the Server Message Block (SMB) protocol. It's perfect for lifting and shifting legacy applications or creating shared drives for your team.&lt;/p&gt;

&lt;p&gt;Let us create one: Go back to your storage account's main blade.&lt;/p&gt;

&lt;p&gt;Under the Data storage menu, select File shares.&lt;/p&gt;

&lt;p&gt;Click on + File share.&lt;/p&gt;

&lt;p&gt;On the "Basics" tab, name your file share file-share.&lt;/p&gt;

&lt;p&gt;Move to the Backup tab and uncheck the "Enable backup" box (since this is just a test). Click Review + create, then Create.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fgv1dng99le78txc0xir1.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fgv1dng99le78txc0xir1.png" alt=" " width="800" height="325"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fp7pjvel1ri5fleftyir1.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fp7pjvel1ri5fleftyir1.png" alt=" " width="606" height="549"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Once created, navigate into your new file share and click the Upload button to upload the same image (or a different one) you used earlier for the blob.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fpgcne27c890i9pjdit2u.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fpgcne27c890i9pjdit2u.png" alt=" " width="608" height="294"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Task 4: The Power of Shared Access Signatures (SAS)&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Azure offers Shared Access Signatures (SAS). A SAS grants restricted access rights to your storage resources. You can control the permissions, the protocol, and the time window for which the access is valid. This is the core of our management task today.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Generating a SAS URL&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;From your storage account, select Storage browser from the left-hand menu. Expand Blob containers and select your storage container.&lt;/p&gt;

&lt;p&gt;Locate the image you uploaded, and click the ellipsis (...) at the end of its row. From the dropdown menu, select Generate SAS.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Foritlpbnnqnl2not9xuq.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Foritlpbnnqnl2not9xuq.png" alt=" " width="800" height="398"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;em&gt;Customizing Your SAS Token&lt;/em&gt;&lt;/p&gt;

&lt;p&gt;A powerful pane will appear, allowing you to fine-tune exactly what access you're granting.&lt;/p&gt;

&lt;p&gt;Signing method &amp;amp; key: Choose Account key. You can use either Key 1 or Key 2. Having two keys allows you to rotate them without downtime, as we'll see in a moment.&lt;/p&gt;

&lt;p&gt;Stored access policy: Keep this as None for this exercise.&lt;/p&gt;

&lt;p&gt;Permissions: For this example, we will grant only read permission. This means anyone with this link can see and download the file, but they can't modify it.&lt;/p&gt;

&lt;p&gt;Start and expiry time: You can set a custom window. For learning, leave the defaults, but in a production scenario, always set the shortest time frame necessary.&lt;/p&gt;

&lt;p&gt;Allowed protocols: Select HTTPS only for security.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fnxbowtc0vnx3qxc8j22q.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fnxbowtc0vnx3qxc8j22q.png" alt=" " width="707" height="550"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Finally, click the Generate SAS token and URI button. You will see a Blob SAS URL appear. Copy this entire URL.&lt;/p&gt;

&lt;p&gt;Testing the Link&lt;br&gt;
Open a new private/incognito browser window or tab and paste the URL you just copied. You should see the image you uploaded displayed directly in the browser, as you see here.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fabbjtv0shr5bigway4t0.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fabbjtv0shr5bigway4t0.png" alt=" " width="800" height="401"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;This is the beauty of SAS tokens. You can share this link with anyone, and they will have secure, time-limited access to your file.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Task 5: The Art of Revocation - Rotating Access Keys&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;A SAS token is secure, but what happens if it gets into the wrong hands, or if someone leaves the company? While you could wait for the expiry time, what if you need to revoke access immediately?&lt;/p&gt;

&lt;p&gt;A SAS token signed with an account key is tied to that key. If you regenerate or rotate the storage account key, the SAS token becomes invalid instantly.&lt;/p&gt;

&lt;p&gt;Let's see this in action: Go back to your storage account's main blade.&lt;/p&gt;

&lt;p&gt;Expand the Security + networking section in the left-hand menu and select Access keys.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fks6z8l0qm1nmag1lg2fw.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fks6z8l0qm1nmag1lg2fw.png" alt=" " width="799" height="367"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;For Key 1, click the Rotate key button.&lt;/p&gt;

&lt;p&gt;Read the warning carefully. Regenerating a key will invalidate all tokens and apps using that key. Click Yes to confirm.&lt;/p&gt;

&lt;p&gt;Once you see the success message, go back to the browser tab where you pasted the SAS URL and refresh the page.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fms061eg29q2s4gsn7wnu.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fms061eg29q2s4gsn7wnu.png" alt=" " width="800" height="165"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;You should be greeted with an error, something like "AuthenticationFailed." The link is now dead. You have successfully revoked access!&lt;/p&gt;

&lt;p&gt;Takeaway: This ability to instantly revoke access is why Azure provides two keys. You can rotate Key 1, while all your critical applications use Key 2. Then, you can update those applications to use the new Key 1 and later rotate Key 2 without any downtime. This is a best practice for managing secure access in production.&lt;/p&gt;

&lt;p&gt;In just 12 minutes, you have accomplished a lot: You created a blob container and uploaded a file. You learned how to manage costs by changing the access tier of a blob.&lt;/p&gt;

&lt;p&gt;You set up a file share, demonstrating the versatility of Azure Storage.&lt;/p&gt;

&lt;p&gt;Most importantly, you created and used a Shared Access Signature (SAS) to share a file securely.&lt;/p&gt;

&lt;p&gt;Finally, you learned the critical skill of rotating access keys to instantly revoke permissions.&lt;/p&gt;

&lt;p&gt;Controlling access is a fundamental skill for any Azure administrator. It is not just about granting permissions, but about understanding the tools to manage and revoke them securely.&lt;/p&gt;

&lt;p&gt;See you in part 4 of this series. If you have questions, let me know. I would be happy to support.&lt;/p&gt;

</description>
      <category>azure</category>
      <category>managementtask</category>
      <category>azurestorage</category>
      <category>lockdown</category>
    </item>
    <item>
      <title>Mastering Azure Management Task: A Hands-On Project (Part 2)</title>
      <dc:creator>Emmanuel</dc:creator>
      <pubDate>Wed, 24 Jun 2026 22:34:21 +0000</pubDate>
      <link>https://dev.to/degreatkhali/mastering-azure-management-task-a-hands-on-project-part-2-4m7o</link>
      <guid>https://dev.to/degreatkhali/mastering-azure-management-task-a-hands-on-project-part-2-4m7o</guid>
      <description>&lt;p&gt;Securing Your Virtual Network with Subnets and Network Security Groups&lt;/p&gt;

&lt;p&gt;In Part 1, we built the foundation of our Azure environment: a resource group, a virtual network, a virtual machine, and a storage account. Now it's time to put that network to work.&lt;/p&gt;

&lt;p&gt;In this post, we are playing the role of an Azure admin who is asked to prepare the network for a new FTP (File Transfer Protocol) server. The task involves three steps: creating a dedicated subnet for FTP traffic, locking it down with a Network Security Group (NSG), and associating the two together. &lt;/p&gt;

&lt;p&gt;Before you begin: This exercise builds directly on the environment created in Part 1. Make sure you have the guided-project-vnet virtual network and guided-project-rg resource group already in place before continuing.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Task 1: Create a New Subnet on the Existing VNet&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Log in to the Azure portal.&lt;br&gt;
In the search bar, type Virtual networks and select it under Services.&lt;br&gt;
Select guided-project-vnet from the list.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F57z3imwcsqohzk0n5v23.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F57z3imwcsqohzk0n5v23.png" alt=" " width="799" height="272"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;In the left-hand menu under Settings, select Subnets.&lt;br&gt;
Click + Subnet to add a new one.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fhjo41znsood9ys37voiy.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fhjo41znsood9ys37voiy.png" alt=" " width="721" height="493"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Leave the Subnet purpose set to Default.&lt;br&gt;
For Name, enter ftpSubnet.&lt;br&gt;
Leave all other settings at their defaults and click Add.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Ffc2dtili9jvm97rw9nem.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Ffc2dtili9jvm97rw9nem.png" alt=" " width="709" height="545"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Click Home to return to the portal home page.&lt;/p&gt;

&lt;p&gt;You now have a dedicated subnet for your FTP server.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Task 2: Create a Network Security Group (NSG)&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;A Network Security Group acts like a firewall at the subnet level. It contains a set of inbound and outbound rules that control which traffic is allowed in or out. &lt;/p&gt;

&lt;p&gt;From the portal home page, search for Virtual networks again and select it. This time, select Network security groups from the left-hand panel.&lt;br&gt;
Click + Create.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F3ds3bi4w8nnedq21e9lo.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F3ds3bi4w8nnedq21e9lo.png" alt=" " width="800" height="352"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Verify your subscription is correct.&lt;br&gt;
Select guided-project-rg as the resource group.&lt;br&gt;
Enter ftpNSG as the name.&lt;br&gt;
Click Review + create, then Create once validation passes.&lt;br&gt;
Wait for the deployment to complete, then click Go to resource.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fckk3lkj9hpyngwmlvfq3.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fckk3lkj9hpyngwmlvfq3.png" alt=" " width="623" height="571"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F0ljvp1td98jjahfjrmuc.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F0ljvp1td98jjahfjrmuc.png" alt=" " width="800" height="313"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Add an Inbound Security Rule&lt;/p&gt;

&lt;p&gt;Now that the NSG exists, we need to tell it what traffic to allow. SFTP runs over SSH on port 22, so we will create a rule that permits inbound TCP traffic on that port.&lt;/p&gt;

&lt;p&gt;In the NSG's left-hand menu under Settings, select Inbound security rules.&lt;br&gt;
Click + Add.&lt;br&gt;
Change the Destination port ranges value from 8080 to 22.&lt;br&gt;
Set the Protocol to TCP.&lt;br&gt;
Set the Name to ftpInbound.&lt;br&gt;
Click Add.&lt;br&gt;
Click Home to return to the portal home page.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F1n7tcivv49mekserrign.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F1n7tcivv49mekserrign.png" alt=" " width="800" height="381"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The NSG now has a rule allowing inbound SFTP traffic on port 22. Next, we need to attach it to the subnet.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Task 3: Associate the NSG with the FTP Subnet&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Creating an NSG and creating rules is not enough on its own. The NSG has to be associated with a subnet (or a network interface) before it actually does anything. Let us link ftpNSG to ftpSubnet.&lt;/p&gt;

&lt;p&gt;Search for and select Virtual networks from the portal home page.&lt;br&gt;
Select guided-project-vnet.&lt;br&gt;
Under Settings, select Subnets.&lt;br&gt;
Click on ftpSubnet to open it.&lt;br&gt;
On the Edit subnet page, find the Security section and set the Network security group field to ftpNSG.&lt;br&gt;
Click Save.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F1sfs7htbuqrcett4sz1x.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F1sfs7htbuqrcett4sz1x.png" alt=" " width="800" height="259"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F9dst79r5vs3dsddgzkj4.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2F9dst79r5vs3dsddgzkj4.png" alt=" " width="661" height="558"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;What You have Built&lt;/p&gt;

&lt;p&gt;You have done something meaningful: segmented a virtual network, created a security boundary around it, and restricted access to a single protocol on a single port. &lt;/p&gt;

&lt;p&gt;Here is a quick summary of what is now in place:&lt;/p&gt;

&lt;p&gt;ftpSubnet — A dedicated subnet within guided-project-vnet, isolated from other VM traffic.&lt;br&gt;
ftpNSG — A Network Security Group with an inbound rule permitting SSH/SFTP traffic on port 22 only.&lt;br&gt;
The NSG is associated with ftpSubnet, meaning the rules are actively enforced on any resource deployed into that subnet.&lt;/p&gt;

&lt;p&gt;Follow along to part 3. Let us keep building our Azure administration skills together.&lt;/p&gt;

</description>
      <category>azure</category>
      <category>managementtask</category>
      <category>virtualnetwork</category>
      <category>handson</category>
    </item>
    <item>
      <title>Mastering Azure Management: (Part 1)</title>
      <dc:creator>Emmanuel</dc:creator>
      <pubDate>Tue, 23 Jun 2026 23:44:39 +0000</pubDate>
      <link>https://dev.to/degreatkhali/mastering-azure-management-part-1-7fk</link>
      <guid>https://dev.to/degreatkhali/mastering-azure-management-part-1-7fk</guid>
      <description>&lt;p&gt;Welcome to the first post in our series on mastering Microsoft Azure management. This series is built around a practical, guided project inspired by Microsoft. &lt;br&gt;
We are going to move beyond theory and dive deep into a practical, guided project inspired by the official Microsoft Learn path: &lt;a href="https://learn.microsoft.com/en-us/training/paths/introduction-microsoft-azure-management-tasks/" rel="noopener noreferrer"&gt;Introduction to Microsoft Azure Management tasks&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;This learning path is designed to give you a solid foundation in managing core Azure resources. Over the next few clicks, we will confidently deploy, configure, and manage virtual networks, virtual machines, and storage accounts. As the official documentation states, "You'll have the opportunity to learn about managing virtual machines, virtual networks, and storage accounts, and then a guided project will give you hands-on experience actually managing Azure resources." &lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Part 1: Preparing Your Azure Environment&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Our goal today is to create a resource group, a virtual network (VNet), a virtual machine (VM), and a storage account. This collection of resources will serve as our sandbox for all the management tasks to come.&lt;/p&gt;

&lt;p&gt;Prerequisites&lt;br&gt;
Before we begin, ensure you have the following:&lt;/p&gt;

&lt;p&gt;• An active Microsoft Azure subscription. If you don't have one, you can sign up for a free account, which typically includes credits to get you started. The official path also notes, "Choose the Azure account that's right for you. Pay as you go or try Azure free for up to 30 days".&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Note&lt;/strong&gt;: In my screenshots, you will see the resource group may17rg — feel free to use your own unique name!&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Task 1: Log in and Create a Resource Group&lt;/strong&gt;&lt;br&gt;
Everything in Azure starts with a resource group. It is a logical container that holds related resources for an Azure solution. Think of it as a folder on your computer where you organize all the files for a specific project.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt; Navigate to the Azure portal (portal.azure.com).&lt;/li&gt;
&lt;li&gt; Search for "Resource groups" and select + Create.&lt;/li&gt;
&lt;li&gt; Name your resource group something like guided-project-rg. To make things easy and clean next, choose your preferred region and click Review + create. Note from my &lt;strong&gt;resource group name&lt;/strong&gt;, I already had a resource group, so it's not the name above.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fcnshj1ajvrznzrgwi4ra.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fcnshj1ajvrznzrgwi4ra.png" alt=" " width="570" height="429"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Task 2: Deploy a Virtual Network (VNet)&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. It enables many types of Azure resources, such as VMs, to securely communicate with each other, the internet, and on-premises networks.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt; From the Azure portal home page, search for and select Virtual networks.&lt;/li&gt;
&lt;li&gt; Select + Create.&lt;/li&gt;
&lt;li&gt; Under Instance details, ensure your resource group is selected and name your VNet guided-project-vnet. Leave the other settings as defaults for now and click Review + create.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Ffv00manu26sedubqnaq5.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Ffv00manu26sedubqnaq5.png" alt=" " width="577" height="382"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fvbhoaf0kkiilaeajry9r.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fvbhoaf0kkiilaeajry9r.png" alt=" " width="680" height="565"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fye42ekhd76998uinf0kp.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fye42ekhd76998uinf0kp.png" alt=" " width="800" height="329"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Task 3: Provision a Virtual Machine (VM)&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fubnrnzc97t6e0lj3n5a7.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fubnrnzc97t6e0lj3n5a7.png" alt=" " width="715" height="325"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fp62shdeiclu3fnnv2ma7.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fp62shdeiclu3fnnv2ma7.png" alt=" " width="800" height="440"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;virtual machine. VMs are one of the most common Azure services, providing on-demand, scalable computing resources. We will be using a Linux VM for this project.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt; Search for and select Virtual machines.&lt;/li&gt;
&lt;li&gt; Click + Create and then Virtual machine.&lt;/li&gt;
&lt;li&gt; Under Instance details, select your resource group and name the VM guided-project-vm.&lt;/li&gt;
&lt;li&gt; For the Image, select Ubuntu Server 24.04 LTS - x64 Gen2.&lt;/li&gt;
&lt;li&gt; Under Administrator account, choose Password as the authentication type. Enter a username and a strong password (make sure you remember it!).&lt;/li&gt;
&lt;li&gt; Leave the rest of the settings as defaults and click Review + create.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Flb5rm5xd1gy8fqv8bxc1.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Flb5rm5xd1gy8fqv8bxc1.png" alt=" " width="647" height="272"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Task 4: Create a Storage Account&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Finally, we need a storage account. This service provides a unique namespace in Azure, entirely lowercase and containing no hyphens/special characters for your data, storing everything from blobs (like files and images) to tables and queues.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt; Search for and select Storage accounts.&lt;/li&gt;
&lt;li&gt; Click + Create.&lt;/li&gt;
&lt;li&gt; Choose your resource group.&lt;/li&gt;
&lt;li&gt; Enter a Storage account name. This name must be globally unique across all of Azure, so you may need to try a few variations (e.g., guidedprojectstorage123).&lt;/li&gt;
&lt;li&gt; Leave all other settings at their defaults and click Review + create.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Frw0kaw5kpnfha9pqwufh.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Frw0kaw5kpnfha9pqwufh.png" alt=" " width="628" height="286"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fxg1ufdbct8rwuaepcv20.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fxg1ufdbct8rwuaepcv20.png" alt=" " width="800" height="358"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Conclusion and Next Steps&lt;/strong&gt;&lt;br&gt;
Congratulations! We have successfully set up the foundational Azure resources that form the core of our project environment. You performed the first crucial steps: creating a logical container, a secure network, a compute resource, and a storage account.&lt;br&gt;
In the next part of this series, we will dive into the real management work. We'll update our virtual network configuration by creating a new subnet to support additional infrastructure requirements. Stay tuned for Part 2, where the real administration begins!&lt;/p&gt;

&lt;p&gt;This series follows the Microsoft Learn path: &lt;a href="https://learn.microsoft.com/en-us/training/paths/introduction-microsoft-azure-management-tasks/" rel="noopener noreferrer"&gt;Introduction to Microsoft Azure Management tasks.&lt;br&gt;
&lt;/a&gt;&lt;/p&gt;

</description>
      <category>azure</category>
      <category>vms</category>
      <category>taskmanagement</category>
      <category>beginners</category>
    </item>
    <item>
      <title>Azure Resource Creation: A Step-by-Step Guide to Provisioning Core Infrastructure</title>
      <dc:creator>Emmanuel</dc:creator>
      <pubDate>Tue, 09 Jun 2026 14:35:52 +0000</pubDate>
      <link>https://dev.to/degreatkhali/azure-resource-creation-a-step-by-step-guide-to-provisioning-core-infrastructure-15o8</link>
      <guid>https://dev.to/degreatkhali/azure-resource-creation-a-step-by-step-guide-to-provisioning-core-infrastructure-15o8</guid>
      <description>&lt;p&gt;Azure Resource Creation: A Step-by-Step Guide to Provisioning Core Infrastructure&lt;br&gt;
Estimated reading time: 15 minutes&lt;/p&gt;

&lt;p&gt;Introduction&lt;br&gt;
If you are just getting started with Microsoft Azure, one of the first skills you will need is creating basic infrastructure resources. Let us walk through this guide provisioning:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;A Resource Group (to organize everything)&lt;/li&gt;
&lt;li&gt;A Virtual Network with one subnet&lt;/li&gt;
&lt;li&gt;A Linux Virtual Machine&lt;/li&gt;
&lt;li&gt;A Storage Account&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;At the end, you will have a working Azure environment ready for management tasks and a solid foundation for future Azure projects.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Prerequisite:&lt;/strong&gt; An active Azure subscription is needed. If you don't have one, you can sign up for a free Azure account that includes $200 in credits that would enable you practice.&lt;/p&gt;

&lt;p&gt;Once logged in, you'll see the Azure Portal home page with dashboards and recent resources.&lt;/p&gt;

&lt;p&gt;Step 1: Create a Resource Group&lt;br&gt;
Resource groups are containers that hold related Azure resources. They make cleanup much easier when you are done with a project.&lt;/p&gt;

&lt;p&gt;In the search bar at the top of the portal, type "resource groups" and select it from the results.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fr520okso25l7lukke8wo.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fr520okso25l7lukke8wo.png" alt=" " width="800" height="354"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Click Create at the top of the Resource Groups page.&lt;/p&gt;

&lt;p&gt;Fill in the following:&lt;/p&gt;

&lt;p&gt;Subscription: Your active subscription (auto-selected)&lt;/p&gt;

&lt;p&gt;Resource group name: guided-project-rg&lt;/p&gt;

&lt;p&gt;Region: Leave the default (e.g., East US)&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faef01gztfb6bntktvf6z.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faef01gztfb6bntktvf6z.png" alt=" " width="800" height="396"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fuk7r46lahl8yrqeytnpj.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fuk7r46lahl8yrqeytnpj.png" alt=" " width="683" height="779"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Click Review + create, then Create.&lt;/p&gt;

&lt;p&gt;Click Home to return to the portal home page.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Pro tip:&lt;/strong&gt; Take note of any existing resource groups (like NetworkWatcherRG). During cleanup later, you will want to delete only the groups you created.&lt;/p&gt;

&lt;p&gt;Step 2: Create a Virtual Network with One Subnet&lt;br&gt;
Virtual networks (VNets) provide the networking foundation for Azure resources like VMs.&lt;/p&gt;

&lt;p&gt;From the portal home page, search for "virtual networks" and select it under Services.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkco3cp2d7bimtjv2wl06.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkco3cp2d7bimtjv2wl06.png" alt=" " width="800" height="266"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Click Create &amp;gt; Virtual network.&lt;/p&gt;

&lt;p&gt;On the Basics tab:&lt;/p&gt;

&lt;p&gt;Resource group: Select guided-project-rg&lt;/p&gt;

&lt;p&gt;Name: guided-project-vnet&lt;/p&gt;

&lt;p&gt;Region: Same as your resource group&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7dg3a0svhodbr95jkts9.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7dg3a0svhodbr95jkts9.png" alt=" " width="799" height="300"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4q2y4u6m1atbiw2tyoi6.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4q2y4u6m1atbiw2tyoi6.png" alt=" " width="800" height="602"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Click Next: IP Addresses. You'll see a default IPv4 address space of 10.0.0.0/16 with a default subnet 10.0.0.0/24. Keep these defaults.&lt;/p&gt;

&lt;p&gt;Click Review + create, then Create.&lt;/p&gt;

&lt;p&gt;Step 3: Create a Virtual Machine (Ubuntu Linux)&lt;br&gt;
Now let's create an Ubuntu Linux VM inside your virtual network.&lt;/p&gt;

&lt;p&gt;From the portal home page, search for "virtual machines" and select it.&lt;/p&gt;

&lt;p&gt;Here is how you can create Ubuntu Linux Virtual machines from my previous article.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://dev.to/degreatkhali/how-to-deploy-an-ubuntu-linux-vm-in-azure-347o"&gt;Link&lt;/a&gt;: &lt;/p&gt;

&lt;p&gt;Click Create &amp;gt; Virtual machine.&lt;/p&gt;

&lt;p&gt;Fill out the Basics tab:&lt;/p&gt;

&lt;p&gt;Subscription: Your subscription (auto-selected)&lt;/p&gt;

&lt;p&gt;Resource group: guided-project-rg&lt;/p&gt;

&lt;p&gt;Virtual machine name: guided-project-vm&lt;/p&gt;

&lt;p&gt;Region: Same as before&lt;/p&gt;

&lt;p&gt;Image: Ubuntu Server 24.04 LTS - x64 Gen2 (or any recent Ubuntu LTS)&lt;/p&gt;

&lt;p&gt;Size: Leave default (e.g., Standard B1s—free tier eligible)&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy25dple7v77oekwipo3f.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy25dple7v77oekwipo3f.png" alt=" " width="800" height="631"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Scroll to Administrator account:&lt;/p&gt;

&lt;p&gt;Authentication type: Password&lt;/p&gt;

&lt;p&gt;Username: guided-project-admin&lt;/p&gt;

&lt;p&gt;Password: Enter a strong password (minimum 12 characters with uppercase, lowercase, digit, and special character)&lt;/p&gt;

&lt;p&gt;Confirm password: Re-enter the same password&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbiu43p57egazr4ucecon.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbiu43p57egazr4ucecon.png" alt=" " width="799" height="598"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Leave all other settings as defaults. Scroll down and click Review + create.&lt;/p&gt;

&lt;p&gt;Azure will validate your configuration. Once validation passes, you'll see a cost estimate.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcf0yxqgrqtcqgdgbjj6p.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcf0yxqgrqtcqgdgbjj6p.png" alt=" " width="800" height="192"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Click Create to deploy the VM.&lt;/p&gt;

&lt;p&gt;Wait for deployment to complete, then click Home to return to the portal home page.&lt;/p&gt;

&lt;p&gt;Note: VM creation takes 2-3 minutes.&lt;/p&gt;

&lt;p&gt;Step 4: Create a Storage Account&lt;br&gt;
Storage accounts provide cloud storage for blobs, files, queues, and tables.&lt;/p&gt;

&lt;p&gt;From the portal home page, search for "storage accounts" and select it.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fx5m7919xz9etmaat3xcw.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fx5m7919xz9etmaat3xcw.png" alt=" " width="799" height="310"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Click Create.&lt;/p&gt;

&lt;p&gt;On the Basics tab:&lt;/p&gt;

&lt;p&gt;Subscription: Your subscription (auto-selected)&lt;/p&gt;

&lt;p&gt;Resource group: guided-project-rg&lt;/p&gt;

&lt;p&gt;Storage account name: Enter a globally unique name (e.g., guidedprojectsa2027). If the name is taken, try adding numbers or your initials.&lt;/p&gt;

&lt;p&gt;Region: Same region&lt;/p&gt;

&lt;p&gt;Performance: Standard&lt;/p&gt;

&lt;p&gt;Redundancy: Locally-redundant storage (LRS)&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq6u20jcdp2g5yopxz89x.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq6u20jcdp2g5yopxz89x.png" alt=" " width="799" height="702"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Click Review + create.&lt;/p&gt;

&lt;p&gt;After validation, click Create.&lt;/p&gt;

&lt;p&gt;Wait for your deployment is complete, then click Home.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc2abz5wtuoa2tabvokvn.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc2abz5wtuoa2tabvokvn.png" alt=" " width="798" height="216"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Step 5: Verify Your Deployed Resources&lt;br&gt;
Let's confirm everything was created successfully.&lt;/p&gt;

&lt;p&gt;From the portal home page, go to Resource groups.&lt;/p&gt;

&lt;p&gt;Click on guided-project-rg.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmj9ctk789w28pun79moc.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmj9ctk789w28pun79moc.png" alt=" " width="800" height="247"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcmdd5csnpuih4u052x94.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcmdd5csnpuih4u052x94.png" alt=" " width="800" height="293"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;You should see:&lt;/p&gt;

&lt;p&gt;guided-project-vm (Virtual machine)&lt;/p&gt;

&lt;p&gt;guided-project-vnet (Virtual network)&lt;/p&gt;

&lt;p&gt;Your storage account name&lt;/p&gt;

&lt;p&gt;Possibly NetworkWatcherRG (created automatically—do not delete if it existed before)&lt;/p&gt;

&lt;p&gt;Cleanup (Optional but Recommended)&lt;br&gt;
To avoid ongoing costs, delete the resource group when you're done:&lt;br&gt;
Step 6:&lt;br&gt;
Navigate to guided-project-rg&lt;/p&gt;

&lt;p&gt;Click Delete resource group&lt;/p&gt;

&lt;p&gt;Type the resource group name to confirm&lt;/p&gt;

&lt;p&gt;Click Delete&lt;/p&gt;

&lt;p&gt;Warning: Only delete the resource group you created. Do not delete NetworkWatcherRG if it existed before you started this guide.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq9m8s7004typvpaxf8qe.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq9m8s7004typvpaxf8qe.png" alt=" " width="800" height="535"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;What you have Accomplished&lt;br&gt;
Congratulations! You've successfully provisioned:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Resource               Purpose&lt;/strong&gt;&lt;br&gt;
&lt;strong&gt;Resource Group&lt;/strong&gt;  Logical container for organization&lt;br&gt;
&lt;strong&gt;Virtual Network&lt;/strong&gt; Networking foundation&lt;br&gt;
&lt;strong&gt;Ubuntu VM&lt;/strong&gt;   Compute resource for running applications&lt;br&gt;
&lt;strong&gt;Storage Account&lt;/strong&gt; Persistent cloud storage&lt;/p&gt;

</description>
      <category>provision</category>
      <category>azure</category>
      <category>infrastructure</category>
      <category>beginners</category>
    </item>
    <item>
      <title>Cloud Concepts Explained: 6 Key Concepts Every Beginner Needs to Know</title>
      <dc:creator>Emmanuel</dc:creator>
      <pubDate>Tue, 09 Jun 2026 14:17:27 +0000</pubDate>
      <link>https://dev.to/degreatkhali/cloud-concepts-explained-6-key-concepts-every-beginner-needs-to-know-1cgf</link>
      <guid>https://dev.to/degreatkhali/cloud-concepts-explained-6-key-concepts-every-beginner-needs-to-know-1cgf</guid>
      <description>&lt;p&gt;understanding cloud now is a smart move. But if you have already started reading up on it, you have probably hit a wall of tech buzzwords.&lt;/p&gt;

&lt;p&gt;Like; Scalability, agility, virtualization which can sound like a sci-fi movie.&lt;/p&gt;

&lt;p&gt;Let us Strip away the jargon, the cloud is actually pretty straightforward. At its core, it is about helping businesses run faster, smarter, and more reliably.&lt;/p&gt;

&lt;p&gt;Let us break down six essential cloud concepts in plain English and clear up the single biggest point of confusion: &lt;em&gt;the difference between scalability and elasticity.&lt;/em&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Virtualization:&lt;/strong&gt; The magic trick behind the Cloud
Before the cloud, if a company needed three different servers for three different tasks, they had to buy three physical boxes of hardware. Expensive and was wasteful.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Virtualization changes that. It is software that separates physical hardware from the operating systems. Think of it as turning one giant physical computer into multiple “virtual” computers (called Virtual Machines, or VMs) that run independently.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;The Analogy&lt;/em&gt;: Imagine an apartment building. Instead of everyone buying their own private piece of land to build a tiny house (physical servers), virtualization builds one massive apartment complex where each person gets their own private, secure unit (virtual server). It maximizes space and resources.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Scalability&lt;/strong&gt;: Growing Without growing Pains
Ever tried to open a website on Black Friday only to have it crash? That is a scale issue.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Scalability is the cloud’s ability to handle increasing (or decreasing) workloads by adding or removing resources. If your website gets a sudden traffic spike, a scalable system lets you easily add more power so the site stays up.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Two ways to scale:&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Vertical Scaling (Scaling Up): Making a single server more powerful (like adding more RAM or a faster CPU to your laptop).&lt;/p&gt;

&lt;p&gt;Horizontal Scaling (Scaling Out): Adding more servers to share the load (like hiring five more people to move furniture instead of making one person carry it all).&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Agility&lt;/strong&gt;: Moving at the Speed of Ideas
In the old IT world, getting a new server could take weeks—ordering hardware, shipping, setup. In the cloud, you can spin up a new server in minutes with a few clicks.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;That’s agility. It means developers can test new ideas, launch features, or respond to customer feedback almost instantly. Instead of waiting for infrastructure, you just build.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Elasticity&lt;/strong&gt;: The Key Difference from Scalability
This is where most people get confused.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Scalability is planned. You know traffic will grow over time, so you design your system to handle more load by adding resources proactively.&lt;/p&gt;

&lt;p&gt;Elasticity is automatic and dynamic. Resources scale up and down in real time, based on current demand—no human needed.&lt;/p&gt;

&lt;p&gt;Example: A video streaming service expects more viewers on Friday night (scalability). But if a surprise live event causes a sudden spike, elasticity automatically adds more servers for 20 minutes, then removes them when traffic drops. You only pay for what you use.&lt;/p&gt;

&lt;p&gt;Another analogy: Scalability is like adding more chairs to a conference room before a scheduled meeting. Elasticity is like a restaurant that magically expands and shrinks its floor space depending on the lunch rush.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Pay-as-You-Go&lt;/strong&gt;: No More Guessing
Traditional IT forced companies to buy enough capacity for peak demand—even if that peak happened only once a year. The rest of the time, those servers sat idle.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;The cloud flips this. You pay only for what you actually use, by the second or hour. If you need less next month, you pay less. No waste, no guessing games.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Reliability&lt;/strong&gt;: Not Putting All Your Eggs in One Basket
In the old days, if a server’s hard drive failed, your website went down. In the cloud, your data is usually copied across multiple physical machines—often across different data centers in different regions.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;If one server fails, another takes over seamlessly. This is called redundancy, and it is why cloud services can promise 99.9% uptime.&lt;/p&gt;

&lt;p&gt;The Bottom Line&lt;br&gt;
The cloud is not magic. It is just virtualization + automation + smart pricing.&lt;/p&gt;

&lt;p&gt;Virtualization makes one physical server act like many.&lt;/p&gt;

&lt;p&gt;Scalability lets you grow (or shrink) on purpose.&lt;/p&gt;

&lt;p&gt;Elasticity does it automatically, in real time.&lt;/p&gt;

&lt;p&gt;Agility means you can move fast.&lt;/p&gt;

&lt;p&gt;Pay-as-you-go saves money.&lt;/p&gt;

&lt;p&gt;Reliability keeps things running.&lt;/p&gt;

&lt;p&gt;Once you separate the marketing hype from the actual mechanics, the cloud is one of the most practical tools businesses have ever had. If you did love to add to this article kindly leave a comment below. &lt;/p&gt;

</description>
      <category>cloud</category>
      <category>beginners</category>
      <category>azure</category>
      <category>keyconcept</category>
    </item>
    <item>
      <title>Securing Azure Storage: A Hands-on Guide to Managed Identities, Key Vaults, and Immutability</title>
      <dc:creator>Emmanuel</dc:creator>
      <pubDate>Wed, 27 May 2026 14:13:43 +0000</pubDate>
      <link>https://dev.to/degreatkhali/securing-azure-storage-a-hands-on-guide-to-managed-identities-key-vaults-and-immutability-4b44</link>
      <guid>https://dev.to/degreatkhali/securing-azure-storage-a-hands-on-guide-to-managed-identities-key-vaults-and-immutability-4b44</guid>
      <description>&lt;p&gt;Azure Storage security involves multiple layers of protection &lt;br&gt;
working together. In this guide from &lt;a href="https://microsoftlearning.github.io/Secure-storage-for-Azure-Files-and-Azure-Blob-Storage/Instructions/Labs/LAB_04_storage_web_app.html" rel="noopener noreferrer"&gt;Microsoft Learn&lt;/a&gt; , we are going to eliminate that risk by configuring a User-Assigned Managed Identity (allowing our app to authenticate without passwords) and leveraging an Azure Key Vault to manage encryption keys securely. &lt;/p&gt;

&lt;p&gt;You will learn how to:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Eliminate credential management using Managed Identities&lt;/li&gt;
&lt;li&gt;Centralize key management using Azure Key Vault
-Protect data from modification using Immutable Blob Storage&lt;/li&gt;
&lt;li&gt;Add an extra encryption layer using Encryption Scopes &lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Who this is for:&lt;/strong&gt; &lt;br&gt;
Anyone new to Azure security who wants hands-on experience securing cloud storage.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Estimated time:&lt;/strong&gt; 20–25 minutes&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Task Overview:&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Create the storage account and managed identity.&lt;/li&gt;
&lt;li&gt;Secure access to the storage account with a key vault and key.&lt;/li&gt;
&lt;li&gt;Configure the storage account to use the customer managed key in the key vault&lt;/li&gt;
&lt;li&gt;Configure a time-based retention policy and an encryption scope.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;STEP 01&lt;/strong&gt;:&lt;/p&gt;

&lt;h2&gt;
  
  
  Create the storage account and managed identity
&lt;/h2&gt;

&lt;ol&gt;
&lt;li&gt;In the global Azure search bar, search for and select Storage accounts. Create a storage account for the web app.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faztn8i7bv1ofoksd1rhw.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Faztn8i7bv1ofoksd1rhw.png" alt=" " width="800" height="394"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Select + Create.&lt;/li&gt;
&lt;li&gt;For the Resource group field, click Create new, assign your group a custom name, and select OK..&lt;/li&gt;
&lt;li&gt;Provide a Storage account name. Ensure the name is unique and meets the naming requirements.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;Click next to move to the Encryption tab.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foyukdpaxgq7hjabk8gxe.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foyukdpaxgq7hjabk8gxe.png" alt=" " width="800" height="585"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Check the box for Enable infrastructure encryption.&lt;br&gt;
Notice the warning, This option cannot be changed after this storage account is created. Select Review + Create. Wait for the resource to deploy.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdjvpsrh1m9ykgg52aqs9.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdjvpsrh1m9ykgg52aqs9.png" alt=" " width="800" height="623"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;STEP 02&lt;/strong&gt;: &lt;/p&gt;

&lt;h2&gt;
  
  
  Provide a managed identity for the web app to use.
&lt;/h2&gt;

&lt;p&gt;Search for and select Managed identities.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8tnrswame7nveoevfe4h.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8tnrswame7nveoevfe4h.png" alt=" " width="800" height="385"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Select Create.&lt;br&gt;
Select your resource group.&lt;br&gt;
Give your managed identity a name.&lt;br&gt;
Select Review and create, and then Create.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fya79upz50aeekofxkjxs.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fya79upz50aeekofxkjxs.png" alt=" " width="800" height="718"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;STEP 03:&lt;/strong&gt; &lt;/p&gt;

&lt;h2&gt;
  
  
  Assign the correct permissions to the managed identity. The identity only needs to read and list containers and blobs.
&lt;/h2&gt;

&lt;p&gt;Search for and select your storage account.&lt;br&gt;
Select the Access Control (IAM) blade.&lt;br&gt;
Select Add role assignment (center of the page).&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foafi7oe6e3qnq0nwiv9p.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Foafi7oe6e3qnq0nwiv9p.png" alt=" " width="735" height="768"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;On the Job functions roles page, search for and select the &lt;strong&gt;Storage Blob Data Reader role.&lt;/strong&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;On the Members page, select Managed identity.&lt;/li&gt;
&lt;li&gt;Select Select members, in the Managed identity drop-down select User-assigned managed identity.&lt;/li&gt;
&lt;li&gt;Select the managed identity you created in the previous step.&lt;/li&gt;
&lt;li&gt;Click Select and then Review + assign the role.&lt;/li&gt;
&lt;li&gt;Select Review + assign a second time to add the role assignment.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpdwj7906sspjioiwgjpa.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpdwj7906sspjioiwgjpa.png" alt=" " width="800" height="649"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0akycs1fxwujtq1w037p.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0akycs1fxwujtq1w037p.png" alt=" " width="799" height="330"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Your storage account can now be accessed by a managed identity with the Storage Data Blob Reader permissions.&lt;/p&gt;

&lt;h2&gt;
  
  
  Secure access to the storage account with a key vault and key
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;STEP 04:&lt;/strong&gt;&lt;br&gt;
To create the key vault and key needed for this part of the lab, your user account must have Key Vault Administrator permissions. &lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;In the portal, search for and select Resource groups. By now you know how to search using the Azure portal search bar. &lt;/li&gt;
&lt;li&gt;Select your resource group, and then the Access Control (IAM) blade.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;Select Add role assignment&lt;/strong&gt; (center of the page).&lt;/li&gt;
&lt;li&gt;On the Job functions roles page, search for and select the &lt;strong&gt;Key Vault Administrator role&lt;/strong&gt;.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnfdotjjhpt838h7lr0un.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnfdotjjhpt838h7lr0un.png" alt=" " width="693" height="713"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdh7nbjm66zu6zypg50e8.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdh7nbjm66zu6zypg50e8.png" alt=" " width="799" height="425"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;On the Members page, select User, group, or service principal.&lt;/li&gt;
&lt;li&gt;Select Select members.&lt;/li&gt;
&lt;li&gt;Search for and select your user account. Your user account is shown in the top right of the portal.&lt;/li&gt;
&lt;li&gt;Click Select and then Review + assign.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feacm8wz09ph8q1n5oujr.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feacm8wz09ph8q1n5oujr.png" alt=" " width="799" height="335"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Select Review + assign a second time to add the role assignment.
You are now ready to continue with the lab.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;strong&gt;STEP 05:&lt;/strong&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Create a key vault to store the access keys.
&lt;/h2&gt;

&lt;p&gt;In the portal, search for and select Key vaults.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp68wgbpieunkmgqeoyhi.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp68wgbpieunkmgqeoyhi.png" alt=" " width="800" height="376"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;STEP 06:&lt;/strong&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Select Create.&lt;/li&gt;
&lt;li&gt;Select your resource group.&lt;/li&gt;
&lt;li&gt;Provide the name for the key vault. The name must be unique.&lt;/li&gt;
&lt;li&gt;Ensure on the Access configuration tab that Azure role-based access control (recommended) is selected.&lt;/li&gt;
&lt;li&gt;Select Review + create.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F39qxrtqi0h8vaynb6s63.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F39qxrtqi0h8vaynb6s63.png" alt=" " width="800" height="641"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Wait for the validation checks to complete and then select Create.&lt;/li&gt;
&lt;li&gt;After the deployment, select Go to resource.
On the Overview blade ensure both Soft-delete and Purge protection are enabled.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;strong&gt;STEP 07:&lt;/strong&gt;&lt;br&gt;
*&lt;em&gt;Create a customer-managed key in the key vault.&lt;br&gt;
*&lt;/em&gt;&lt;br&gt;
Customer-managed keys allow organizations to control their own encryption lifecycle instead of relying solely on Microsoft-managed encryption.&lt;/p&gt;

&lt;p&gt;In your key vault, in the Objects section, select the Keys blade.&lt;br&gt;
Select Generate/Import and Name the key.&lt;br&gt;
Take the defaults for the rest of the parameters, and Create the key.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F575mzb3ru6yfl0kwj42e.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F575mzb3ru6yfl0kwj42e.png" alt=" " width="800" height="639"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;h2&gt;
  
  
  Configure the storage account to use the customer managed key in the key vault
&lt;/h2&gt;

&lt;p&gt;Before you can complete the next steps, you must assign the Key Vault Crypto Service Encryption User role to the managed identity. &lt;/p&gt;

&lt;p&gt;&lt;strong&gt;STEP 08:&lt;/strong&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Select your resource group, and then the Access Control (IAM) blade.&lt;/li&gt;
&lt;li&gt;Select Add role assignment (center of the page).&lt;/li&gt;
&lt;li&gt;On the Job functions roles page, search for and select the &lt;strong&gt;Key Vault Crypto Service Encryption User role&lt;/strong&gt;.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd7ocbwssmqmimgdf6gsu.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd7ocbwssmqmimgdf6gsu.png" alt=" " width="800" height="435"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;STEP 09:&lt;/strong&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;On the Members page, select Managed identity.&lt;/li&gt;
&lt;li&gt;Select Select members, in the Managed identity drop-down select User-assigned managed identity.&lt;/li&gt;
&lt;li&gt;Select your managed identity.&lt;/li&gt;
&lt;li&gt;Click Select and then Review + assign.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fffyocl0pno08chz79y7c.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fffyocl0pno08chz79y7c.png" alt=" " width="800" height="380"&gt;&lt;/a&gt;&lt;br&gt;
Select Review + assign a second time to add the role assignment.&lt;/p&gt;

&lt;h2&gt;
  
  
  Configure the storage account to use the customer managed key in your key vault.
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;STEP 10:&lt;/strong&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Return to your the storage account.&lt;/li&gt;
&lt;li&gt;In the Security + networking section, &lt;/li&gt;
&lt;li&gt;select the Encryption blade.&lt;/li&gt;
&lt;li&gt;Select Customer-managed keys.&lt;/li&gt;
&lt;li&gt;Select a &lt;strong&gt;key vault and key&lt;/strong&gt;. &lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqpb8454o313pflcurfu1.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqpb8454o313pflcurfu1.png" alt=" " width="800" height="454"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;STEP 11:&lt;/strong&gt;&lt;br&gt;
Select your key vault and key.&lt;br&gt;
Select to confirm your choices.&lt;br&gt;
Ensure the Identity type is User-assigned.&lt;br&gt;
Select an identity.&lt;br&gt;
Select your managed identity then select Add.&lt;br&gt;
Save your changes.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd5ngu5r7r3vor685nq8u.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd5ngu5r7r3vor685nq8u.png" alt=" " width="800" height="689"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;If you receive an error that your identity does not have the correct permissions, wait a minute and try again.&lt;/p&gt;

&lt;h2&gt;
  
  
  Configure a time-based retention policy and an encryption scope.
&lt;/h2&gt;

&lt;p&gt;The developers require a storage container where files can’t be modified, even by the administrator.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;STEP 12:&lt;/strong&gt;&lt;br&gt;
Navigate to your storage account. In the Data storage section, &lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Select the Containers blade.&lt;/li&gt;
&lt;li&gt;Create a container called hold. Take the defaults. Be sure to Create the container.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fuecx6anx62j83ort3cyw.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fuecx6anx62j83ort3cyw.png" alt=" " width="800" height="362"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Upload a file to the container.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzzl36pf6pdmn6qrmohlj.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzzl36pf6pdmn6qrmohlj.png" alt=" " width="800" height="196"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;In the Settings section, select the Access policy blade.&lt;/li&gt;
&lt;li&gt;In the Immutable blob storage section, select + Add policy. Immutable Blob Storage helps organizations meet compliance requirements and protects against ransomware by preventing data deletion or modification during the retention period.&lt;/li&gt;
&lt;li&gt;For the Policy type, select time-based retention.&lt;/li&gt;
&lt;li&gt;Set the Retention period to 5 days.&lt;/li&gt;
&lt;li&gt;Be sure to Save your changes.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2iyphrmr9bba88xawy35.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2iyphrmr9bba88xawy35.png" alt=" " width="800" height="332"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Try to delete the file in the container.&lt;/li&gt;
&lt;li&gt;Verify you are notified failed to delete blobs due to policy.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd5ke2yxdz8s8uhy3oxgs.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd5ke2yxdz8s8uhy3oxgs.png" alt=" " width="800" height="295"&gt;&lt;/a&gt;&lt;br&gt;
The developers require an encryption scope that enables infrastructure encryption. Learn more about infrastructure encryption.&lt;/p&gt;

&lt;p&gt;Navigate back to your storage account.&lt;br&gt;
In the Security + networking blade, select Encryption.&lt;br&gt;
In the Encryption scopes tab, select Add.&lt;br&gt;
Give your encryption scope a name.&lt;br&gt;
The Encryption type is Microsoft-managed key.&lt;br&gt;
Set Infrastructure encryption to Enable.&lt;br&gt;
Create the encryption scope.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fouazecvyxxlrjy9fpk16.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fouazecvyxxlrjy9fpk16.png" alt=" " width="799" height="342"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Return to your storage account and create a new container.&lt;br&gt;
Notice on the New container page, there is the Name and Public access level.&lt;br&gt;
Notice in the Advanced section you can select the Encryption scope you created and apply it to all blobs in the container.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flcx50bgp8mhza9fqwm3a.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Flcx50bgp8mhza9fqwm3a.png" alt=" " width="799" height="336"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;What You Accomplished&lt;/p&gt;

&lt;p&gt;In this guide you successfully implemented four layers of &lt;br&gt;
Azure Storage security:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Managed Identity — your app accesses storage without 
storing credentials&lt;/li&gt;
&lt;li&gt;Key Vault + Customer-Managed Key — you control the 
encryption keys for your storage data&lt;/li&gt;
&lt;li&gt;Immutable Blob Storage — files in your container 
cannot be modified or deleted during the retention period&lt;/li&gt;
&lt;li&gt;Encryption Scope — an additional encryption layer 
applied at the container level&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;These security controls work together to protect your data &lt;br&gt;
against unauthorized access, accidental deletion, and &lt;br&gt;
compliance risks.&lt;/p&gt;

&lt;p&gt;You have successfully configured an end-to-end cloud security framework for Azure Storage! By leveraging managed identities, safeguarding keys via Azure Key Vault, and setting up time-based immutability parameters, you have built a production-ready, zero-trust storage layer. &lt;/p&gt;

&lt;p&gt;How did you customize your configuration? Let me know in the comments section below!&lt;/p&gt;

</description>
      <category>security</category>
      <category>azurestorage</category>
      <category>managedidentity</category>
      <category>keyvault</category>
    </item>
    <item>
      <title>Lock Down Your Cloud Shares: A Beginner’s Guide to Azure Files Security.</title>
      <dc:creator>Emmanuel</dc:creator>
      <pubDate>Mon, 25 May 2026 11:32:43 +0000</pubDate>
      <link>https://dev.to/degreatkhali/lock-down-your-cloud-shares-a-beginners-guide-to-azure-files-security-1ld3</link>
      <guid>https://dev.to/degreatkhali/lock-down-your-cloud-shares-a-beginners-guide-to-azure-files-security-1ld3</guid>
      <description>&lt;p&gt;Cloud storage makes file sharing easy, but it also creates new security risks if access is not controlled carefully. &lt;/p&gt;

&lt;p&gt;Take this scenario for instance: Your finance team stores payroll files in the cloud, but a misconfigured setting accidentally exposed them to the public internet last week. This guide shows you how to prevent exactly that. &lt;/p&gt;

&lt;p&gt;In this hands-on tutorial, you will learn the basics of securing Azure Storage using practical, layer-by-layer security steps: from automated backups to network-level blockades.&lt;/p&gt;

&lt;p&gt;Why storage security matters&lt;br&gt;
Azure Storage is designed to be secure, but the way you configure it determines how much protection your data actually gets. &lt;/p&gt;

&lt;p&gt;*&lt;em&gt;Tasks Overview *&lt;/em&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Create a storage account specifically for file shares.&lt;/li&gt;
&lt;li&gt;Configure a file share and directory.&lt;/li&gt;
&lt;li&gt;Configure snapshots and practice restoring files.&lt;/li&gt;
&lt;li&gt;Restrict access to a specific virtual network and subnet.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;In the portal, search for and select Storage accounts.&lt;br&gt;
Select + Create.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5ave89z9u39mhivwiwhv.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5ave89z9u39mhivwiwhv.png" alt=" " width="800" height="480"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;For resource group select Create new. Give your resource group a name- Provide a Storage account name. Ensure the name meets the naming requirements. Storage account names must be 3–24 characters, all lowercase, no spaces or hyphens. Example: exercise42026.&lt;br&gt;
Azure will show a green checkmark if the name is valid and available.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;NOTE&lt;/strong&gt;: &lt;strong&gt;Premium = SSD-backed&lt;/strong&gt;, low-latency storage. Use it when your app needs fast file access. &lt;strong&gt;Standard&lt;/strong&gt; (HDD) is cheaper for less time-sensitive files. &lt;strong&gt;ZRS&lt;/strong&gt; = Zone-Redundant Storage: your data is copied across 3 availability zones in the same region, protecting against a single data  center going down.&lt;/p&gt;

&lt;p&gt;NEXT:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Set the Performance to Premium.&lt;/li&gt;
&lt;li&gt;Set the Premium account type to File shares.&lt;/li&gt;
&lt;li&gt;Set the Redundancy to Zone-redundant storage.&lt;/li&gt;
&lt;li&gt;Select Review and then Create the storage account.&lt;/li&gt;
&lt;li&gt;Wait for the resource to deploy.&lt;/li&gt;
&lt;li&gt;Select Go to resource.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frhqyeno5e6cb8v0vw3p4.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frhqyeno5e6cb8v0vw3p4.png" alt=" " width="800" height="598"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Select Go to resource.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmojp7x5yqg8lhcuzzlyk.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmojp7x5yqg8lhcuzzlyk.png" alt=" " width="800" height="500"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Azure Files is like a shared network drive in the cloud — multiple users or VMs can connect and access files simultaneously using the SMB protocol, just like a traditional office file server.&lt;/p&gt;

&lt;p&gt;In the storage account, in the Data storage section, &lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;select the File shares blade.&lt;/li&gt;
&lt;li&gt;Select + File share and provide a Name.&lt;/li&gt;
&lt;li&gt;Review the other options, but take the defaults.&lt;/li&gt;
&lt;li&gt;Select Review + create, then Create.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F89ax5ov5hwzw86n7shkr.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F89ax5ov5hwzw86n7shkr.png" alt=" " width="800" height="514"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F68nl1al3g2f4qp46x3tx.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F68nl1al3g2f4qp46x3tx.png" alt=" " width="800" height="514"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Next Step:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Select your file share and select + Add directory.&lt;/li&gt;
&lt;li&gt;Name the new directory finance.&lt;/li&gt;
&lt;li&gt;Select Browse and then select the finance directory.&lt;/li&gt;
&lt;li&gt;Notice you can Add directory to further organize your file share.&lt;/li&gt;
&lt;li&gt;Upload a file of your choosing.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Facg7mmpmbsye9v6jeqky.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Facg7mmpmbsye9v6jeqky.png" alt=" " width="800" height="411"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3ag7xa7e9p8a8mns09wt.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3ag7xa7e9p8a8mns09wt.png" alt=" " width="800" height="268"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsaz42uho49p0oo15bm51.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsaz42uho49p0oo15bm51.png" alt=" " width="800" height="206"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Similar to blob storage, you need to protect against accidental deletion of files. You decide to use snapshots. A snapshot is a read-only copy of your file share captured at a specific point in time like a save point in a video game. If someone accidentally deletes or overwrites a file, you can roll back to the snapshot and restore it. Here is how to create one:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Select your file share.&lt;/li&gt;
&lt;li&gt;In the Operations section, select the Snapshots blade.&lt;/li&gt;
&lt;li&gt;Select + Add snapshot. The comment is optional. &lt;/li&gt;
&lt;li&gt;Select OK.&lt;/li&gt;
&lt;li&gt;Select your snapshot and verify your file directory and uploaded file are included.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbqcq9m76spucmjfq0nnb.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbqcq9m76spucmjfq0nnb.png" alt=" " width="800" height="303"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;NEXT: Practice using snapshots to restore a file.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Return to your file share.&lt;/li&gt;
&lt;li&gt;Browse to your file directory.&lt;/li&gt;
&lt;li&gt;Locate your uploaded file and in the Properties pane select Delete. Select Yes to confirm the deletion.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq6cpeipd8iqywq7ifaxr.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq6cpeipd8iqywq7ifaxr.png" alt=" " width="800" height="273"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Select the Snapshots blade and then select your snapshot.&lt;/li&gt;
&lt;li&gt;Navigate to the file you want to restore,&lt;/li&gt;
&lt;li&gt;Select the file and the select Restore.&lt;/li&gt;
&lt;li&gt;Provide a Restored file name.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff8gvx3k7zpdexjn6kcx5.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff8gvx3k7zpdexjn6kcx5.png" alt=" " width="800" height="206"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Verify your file directory has the restored file.&lt;br&gt;
After restoring, go back to Browse in your file share. You should see the restored file listed alongside the original directory as shown in the screenshot above. The restored copy has a new name we provided, so the original is not overwritten.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fauk41zie9j6k7oyxtsyy.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fauk41zie9j6k7oyxtsyy.png" alt=" " width="800" height="240"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Configure restricting storage access to selected virtual networks.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;The tasks in this section require a virtual network and a subnet to demonstrate perimeter security. &lt;br&gt;
A Virtual Network (VNet) is a private network in Azure — like your office's internal network, but in the cloud. A subnet is a segment within that network.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Search for and select Virtual networks.&lt;/li&gt;
&lt;li&gt;Select Create. &lt;/li&gt;
&lt;li&gt;Select your resource group. and give the virtual network a name.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F942zaehxebrbq5csjhgr.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F942zaehxebrbq5csjhgr.png" alt=" " width="800" height="505"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Take the defaults for other parameters, &lt;/li&gt;
&lt;li&gt;select Review + create, and then Create.&lt;/li&gt;
&lt;li&gt;Wait for the resource to deploy.&lt;/li&gt;
&lt;li&gt;Select Go to resource.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;In the Settings section, select the Subnets blade.&lt;br&gt;
Select the default subnet.&lt;br&gt;
In the Service endpoints section choose Microsoft.Storage in the Services drop-down.&lt;br&gt;
Do not make any other changes.&lt;br&gt;
Be sure to Save your changes.&lt;br&gt;
The storage account should only be accessed from the virtual network you just created. &lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp5kjbbwyumb7tgynohxr.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fp5kjbbwyumb7tgynohxr.png" alt=" " width="800" height="347"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Return to your files storage account.&lt;/li&gt;
&lt;li&gt;In the Security + networking section, select the Networking blade.&lt;/li&gt;
&lt;li&gt;Change the Public network access to Enabled from selected virtual networks and IP addresses.&lt;/li&gt;
&lt;li&gt;In the Virtual networks section, select Add existing virtual network.&lt;/li&gt;
&lt;li&gt;Select your virtual network and subnet, select Add.&lt;/li&gt;
&lt;li&gt;Be sure to Save your changes.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpv3r38a86d5im94eouji.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpv3r38a86d5im94eouji.png" alt=" " width="800" height="337"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Select the Storage browser and navigate to your file share.&lt;br&gt;
Verify the message not authorized to perform this operation. You are not connecting from the virtual network. You should see a 403 error: This request is not authorized to perform this operation. This is expected — it confirms your network restriction is working. Your storage account is now only accessible from inside the virtual network you created.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg5r7uusfnxixbh3uyosj.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg5r7uusfnxixbh3uyosj.png" alt=" " width="800" height="353"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Did this guide help you? Got stuck at a step or found something that could be explained better?&lt;br&gt;
Drop a comment below I do read every one and I genuinely appreciate the feedback.&lt;br&gt;
If you found this useful, consider sharing it with someone just getting started with Azure. As we all learn faster together.&lt;/p&gt;

</description>
      <category>blobstorage</category>
      <category>security</category>
      <category>azurefiles</category>
      <category>beginnerguide</category>
    </item>
    <item>
      <title>Azure Blob Storage for Beginners: Private Access, SAS Tokens &amp; Cost Savings Explained</title>
      <dc:creator>Emmanuel</dc:creator>
      <pubDate>Tue, 19 May 2026 10:36:32 +0000</pubDate>
      <link>https://dev.to/degreatkhali/azure-blob-storage-for-beginners-private-access-sas-tokens-cost-savings-explained-1opo</link>
      <guid>https://dev.to/degreatkhali/azure-blob-storage-for-beginners-private-access-sas-tokens-cost-savings-explained-1opo</guid>
      <description>&lt;p&gt;In this beginner walkthrough based on the Microsoft Learn guided exercise we configure a private Azure Blob Storage account for internal company documents.&lt;/p&gt;

&lt;p&gt;Imagine your company stores HR files, contracts, or financial reports. You need them available 24/7, protected from public access, and cost-efficient to store long-term. That's exactly what this guide sets up.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;What we will build:&lt;/strong&gt;&lt;br&gt;
•A private storage account with GRS redundancy&lt;br&gt;
•A restricted blob container for internal documents&lt;br&gt;
•A time-limited SAS token for partner access&lt;br&gt;
•Automated lifecycle rules to move blobs to Cool tier after 30 days&lt;br&gt;
•Cross-account object replication for public website backup&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Overview&lt;/strong&gt;&lt;br&gt;
The solution uses a single private storage account containing two blob containers: one for internal documents and one named 'backup' that receives replicated content from the public website storage account.&lt;/p&gt;

&lt;p&gt;In the portal, search for and select Storage accounts.&lt;br&gt;
Select + Create.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqtbyha1isxk7vlz0addd.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqtbyha1isxk7vlz0addd.png" alt=" " width="800" height="504"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Select the Resource group created in the previous lab.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Set the Storage account name to &lt;strong&gt;private&lt;/strong&gt;. Add an identifier to the name to ensure the name is unique. &lt;strong&gt;Tip&lt;/strong&gt; : Storage account names must be 3–24 characters, all lowercase, no spaces or special characters. Try something like privatecompany2025. Azure will tell you if it's already taken.&lt;/p&gt;

&lt;p&gt;Select Review, and then Create the storage account.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5r4ox6epfgq6h0cai8aa.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5r4ox6epfgq6h0cai8aa.png" alt=" " width="800" height="502"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxoied92mwximncgk1yjp.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxoied92mwximncgk1yjp.png" alt=" " width="800" height="367"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Wait for the storage account to deploy, and then select Go to resource.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm08twyoix0stcgxpfcu8.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm08twyoix0stcgxpfcu8.png" alt=" " width="800" height="284"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Configure the appropriate level of redundancy.&lt;/p&gt;

&lt;p&gt;In the storage account, in the Data management section, select the Redundancy blade.&lt;br&gt;
Ensure Geo-redundant storage (GRS) is selected.&lt;br&gt;
Refresh the page.&lt;/p&gt;

&lt;p&gt;What is GRS? Geo-Redundant Storage automatically copies your data to a second Azure region. So if a data center goes down, your files are still safe and accessible.&lt;/p&gt;

&lt;p&gt;Review the primary and secondary location information.&lt;br&gt;
Save your changes.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fggo30steyc8pnuslaw1u.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fggo30steyc8pnuslaw1u.png" alt=" " width="800" height="438"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;In the storage account, in the Data storage section, select the Containers blade. Select + Container.&lt;br&gt;
Ensure the name of the container is &lt;strong&gt;private&lt;/strong&gt;.&lt;br&gt;
Ensure the Public access level is Private (no anonymous access).&lt;/p&gt;

&lt;p&gt;Why Private? Setting the container to Private means no one can view or download files using just a URL. They need a key or a special token. This is what keeps internal company files away from the public internet. As you have time, review the Advanced settings, but take the defaults. Select Create.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Friz10fr83ki41leijt7p.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Friz10fr83ki41leijt7p.png" alt=" " width="800" height="351"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzibes77957f2rzv6k665.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzibes77957f2rzv6k665.png" alt=" " width="800" height="310"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;For testing, upload a file to the private container. The type of file doesn’t matter. A small image or text file is a good choice. Test to ensure the file isn’t publically accessible.&lt;/p&gt;

&lt;p&gt;Select the container.&lt;br&gt;
Select Upload.&lt;br&gt;
Browse to files and select a file.&lt;br&gt;
Upload the file.&lt;br&gt;
Select the uploaded file.&lt;br&gt;
On the Overview tab, copy the URL.&lt;br&gt;
Paste the URL into a new browser tab.&lt;/p&gt;

&lt;p&gt;Verify the file doesn’t display and you receive an error. You should see a &lt;strong&gt;ResourceNotFound&lt;/strong&gt; or &lt;strong&gt;403&lt;/strong&gt; (Forbidden) error, this is correct! It confirms your container is properly locked down.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F67embaap0gx27m8077js.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F67embaap0gx27m8077js.png" alt=" " width="800" height="310"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2gu7jz0wqnuo8makgiji.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2gu7jz0wqnuo8makgiji.png" alt=" " width="800" height="456"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1guvf6ljrcpo9tq7j8go.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1guvf6ljrcpo9tq7j8go.png" alt=" " width="800" height="357"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;What is a SAS Token? A Shared Access Signature is like a temporary visitor badge. Instead of giving your partner your account password, you generate a special link that expires after a set time and only allows the permissions you choose (e.g., read-only). Once it expires, the link stops working automatically.&lt;/p&gt;

&lt;p&gt;An external partner requires read and write access to the file for at least the next 24 hours. Configure and test a shared access signature (SAS).&lt;/p&gt;

&lt;p&gt;Select your uploaded blob file and move to the Generate SAS tab- Select Generate SAS token and URL. Copy the SAS URL immediately. Azure will not show it again once you close this panel.Treat it like a password; don't share it publicly. In the Permissions drop-down, ensure the partner has only Read permissions.Verify the Start and expiry date/time is for the next 24 hours or time requested.&lt;/p&gt;

&lt;p&gt;Copy the Blob SAS URL to a new browser tab.&lt;br&gt;
Verify you can access the file. If you have uploaded an image file it will display in the browser as you have seen in the screenshot. Other file types will be downloaded.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fklrwpdeh6jz31ezunjek.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fklrwpdeh6jz31ezunjek.png" alt=" " width="799" height="296"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5p1npdhccryxfdms3ppr.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5p1npdhccryxfdms3ppr.png" alt=" " width="800" height="350"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc07axpt4az8d89uiix8o.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fc07axpt4az8d89uiix8o.png" alt=" " width="800" height="461"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Configure storage access tiers and content replication.&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;To save on costs, after 30 days, move blobs from the hot tier to the cool tier. Hot vs Cool Storage: Azure charges you based on how often data is accessed. Hot tier is for files you access frequently, faster but pricier. Cool tier is for files you rarely touch — slower but cheaper. Lifecycle rules automate the switch so you don't have to do it manually.&lt;/p&gt;

&lt;p&gt;Return to the storage account.&lt;br&gt;
In the Overview section, notice the Default access tier is set to Hot. In the Data management section, select the Lifecycle management blade. Select Add rule.Set the Rule name to movetocool.&lt;br&gt;
Set the Rule scope to Apply rule to all blobs in the storage account.&lt;br&gt;
Select Next.Ensure Last modified is selected.Set More than (days ago) to 30.In the drop-down select Move to cool storage.&lt;/p&gt;

&lt;p&gt;As you have time, review other lifecycle options in the drop-down.&lt;br&gt;
Add the rule.The public website files need to be backed up to another storage account.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd94ig2epthkslqc0s52m.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd94ig2epthkslqc0s52m.png" alt=" " width="799" height="432"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;In your storage account, create a new container called backup. Use the default values. Refer back to Lab 02a we did if you need detailed instructions.&lt;/p&gt;

&lt;p&gt;Navigate to your publicwebsite storage account. This storage account was created in the previous exercise. If you don't already have a public storage account, create one using the same steps in Step 1 above, and name it publicwebsite. Create a container inside it called public and upload any file to it.&lt;/p&gt;

&lt;p&gt;In the Data management section, select the Object replication blade. Select Create replication rules.&lt;br&gt;
Set the Destination storage account to the private storage account.&lt;br&gt;
Set the Source container to public and the Destination container to backup. Once done you can click &lt;strong&gt;create&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft1dgo5sczyb2cjvra9eb.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft1dgo5sczyb2cjvra9eb.png" alt=" " width="799" height="399"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;That's it — we've successfully concluded that the necessary steps needed to create a redundant storage account.&lt;/p&gt;

&lt;p&gt;Great work! Here is what you have built:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Feature&lt;/strong&gt; What It Does&lt;br&gt;&lt;br&gt;
GRS Storage Account - Keeps data safe across regions.&lt;br&gt;
Private Container - Blocks public internet access.&lt;br&gt;
SAS Token Grants time -limited partner access Lifecycle &lt;br&gt;
Rule - Saves cost by moving old data to Cool tier Object Replication Auto - backs up your public website files.&lt;/p&gt;

&lt;p&gt;Next steps: When you have time you could Explore Azure RBAC(&lt;a href="https://learn.microsoft.com/en-us/azure/role-based-access-control/overview" rel="noopener noreferrer"&gt;https://learn.microsoft.com/en-us/azure/role-based-access-control/overview&lt;/a&gt;) to control who in your team can manage storage, or try Azure Key Vault to manage SAS keys securely.&lt;/p&gt;

&lt;p&gt;I did truly appreciate any insights or additions that could help enhance this article!&lt;/p&gt;

</description>
      <category>azurestorage</category>
      <category>beginners</category>
      <category>azure</category>
      <category>sastoken</category>
    </item>
    <item>
      <title>How to Deploy an Ubuntu Linux VM in Azure</title>
      <dc:creator>Emmanuel</dc:creator>
      <pubDate>Sat, 16 May 2026 21:44:39 +0000</pubDate>
      <link>https://dev.to/degreatkhali/how-to-deploy-an-ubuntu-linux-vm-in-azure-347o</link>
      <guid>https://dev.to/degreatkhali/how-to-deploy-an-ubuntu-linux-vm-in-azure-347o</guid>
      <description>&lt;p&gt;We will use the Azure Portal (GUI) to launch an Ubuntu Linux Virtual Machine (VM).&lt;/p&gt;

&lt;p&gt;Note: Azure charges by the minute while your VM is running. Don't forget to delete everything at the end so you pay nothing (or just pennies).&lt;/p&gt;

&lt;p&gt;Step 1: Create Your Resource Group &lt;br&gt;
Think of a Resource Group as a folder that will hold your VM and all its related parts. Creating it first keeps things organized.&lt;/p&gt;

&lt;p&gt;Sign In: Log into the Azure Portal.&lt;/p&gt;

&lt;p&gt;Create a Resource Group:&lt;/p&gt;

&lt;p&gt;Click + Create a resource in the top left corner.&lt;/p&gt;

&lt;p&gt;Type "Resource Group" in the search bar and select it.&lt;/p&gt;

&lt;p&gt;Click Create.&lt;/p&gt;

&lt;p&gt;Name it MyLinuxLab_RG&lt;/p&gt;

&lt;p&gt;Select a Region close to you (e.g., East/West US)&lt;/p&gt;

&lt;p&gt;Click Review + create → Create&lt;/p&gt;

&lt;p&gt;Quick Definition: A Region is the physical location of the data center where your cloud resources will live.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffn5mp5wf5oclermlkptl.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffn5mp5wf5oclermlkptl.png" alt=" " width="800" height="622"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdi77y9dbamal6fow7q5s.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdi77y9dbamal6fow7q5s.png" alt=" " width="800" height="534"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Step 2: Create the Ubuntu Linux VM &lt;br&gt;
Now that your folder (Resource Group) is ready, let's build the actual Linux computer.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Basics Tab:&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Resource Group: Select MyLinuxLab_RG from the dropdown&lt;/p&gt;

&lt;p&gt;Virtual Machine Name: Ubuntu-Lab-01&lt;/p&gt;

&lt;p&gt;Region: Choose the same region you used for your Resource Group&lt;/p&gt;

&lt;p&gt;Availability Options: Leave as "No infrastructure redundancy required" (fine for learning)&lt;/p&gt;

&lt;p&gt;Image: Confirm it says Ubuntu Server 22.04 LTS (or newer)&lt;/p&gt;

&lt;p&gt;Size: Choose Standard_B2s — it's cost-effective and perfect for learning or the default.&lt;/p&gt;

&lt;p&gt;Administrator Account:&lt;/p&gt;

&lt;p&gt;Authentication type: Select password&lt;/p&gt;

&lt;p&gt;Username: azadmin (or a name you'll remember)&lt;/p&gt;

&lt;p&gt;Quick Definition: SSH (Secure Shell) is the secure "door" that lets you type commands into your Linux VM from your own terminal. The key pair is like a digital lock and key.&lt;/p&gt;

&lt;p&gt;Inbound Port Rules: Under "Public inbound ports," ensure Allow selected ports is checked Http Port 80 and SSH (22) is selected as we move forward we will learn more together.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F57u6dq2m1y4de4mpyp95.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F57u6dq2m1y4de4mpyp95.png" alt=" " width="800" height="408"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsx595kewrcmdr1pa7y47.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsx595kewrcmdr1pa7y47.png" alt=" " width="800" height="512"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv0cij3zfm6ps25e5r38i.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fv0cij3zfm6ps25e5r38i.png" alt=" " width="800" height="366"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Femb8arcuscbk66jv59iu.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Femb8arcuscbk66jv59iu.png" alt=" " width="799" height="404"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnf90ln5y1xklfod11gzt.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnf90ln5y1xklfod11gzt.png" alt=" " width="800" height="188"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Click Review + create → wait for the green "Validation passed" message → Click Create&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fprjhf4j1mzynohvwh7da.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fprjhf4j1mzynohvwh7da.png" alt=" " width="800" height="469"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Note: Don't worry if you see yellow warnings — those are usually fine. Look for the green checkmark.&lt;/p&gt;

&lt;p&gt;To ensure that your terminal section does not go off. Click the IP address ensure you extend the time under networking.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqu4powoxwjyj65988ji8.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqu4powoxwjyj65988ji8.png" alt=" " width="799" height="470"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Step 3:&lt;br&gt;
Click Connect which would enable you remotely login to the Linux VM:&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft3kttn5emsqg6c3zdcpb.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft3kttn5emsqg6c3zdcpb.png" alt=" " width="800" height="319"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxv6xekz1ison4qo2v1dh.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxv6xekz1ison4qo2v1dh.png" alt=" " width="800" height="460"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;For windows you would need to open/launch Powershell and For Mac you would open/launch Terminal and run the ID and Ip given.&lt;br&gt;
Now you see my powershell on my windows prompting for Password.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F97xi8br2t5nxxv4zjr9i.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F97xi8br2t5nxxv4zjr9i.png" alt=" " width="800" height="464"&gt;&lt;/a&gt;&lt;br&gt;
Next: We would login in as a root user which is the same as an administrator in Windows. &lt;br&gt;
"sudo su" and run "apt update" which is to ensure that the latest update is installed.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff4jsxafffzfflah29e2k.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff4jsxafffzfflah29e2k.png" alt=" " width="800" height="720"&gt;&lt;/a&gt;&lt;br&gt;
Step 4: We would install the ntp package - also know as the package manager. "ntp install nginx"&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1z5kz64oonvcsenfkfqp.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1z5kz64oonvcsenfkfqp.png" alt=" " width="800" height="249"&gt;&lt;/a&gt;&lt;br&gt;
This shows we did login in successfully and we can also remotely login using other options.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjfnmq9nod59iiegem7em.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjfnmq9nod59iiegem7em.png" alt=" " width="800" height="320"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdss78v97zaa8dqsue5wg.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdss78v97zaa8dqsue5wg.png" alt=" " width="799" height="294"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Step 5:&lt;br&gt;
Remember to delete.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdoga6ryl00bm1ybblrwi.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdoga6ryl00bm1ybblrwi.png" alt=" " width="800" height="356"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;If this help you in any way kindly share. If you did like to spice up this beginner guide in the comment section I did love that. &lt;/p&gt;

</description>
      <category>vm</category>
      <category>ubuntu</category>
      <category>linux</category>
      <category>azure</category>
    </item>
    <item>
      <title>How to Create a Windows 10 Virtual Machine in the Azure Portal (No CLI Needed)</title>
      <dc:creator>Emmanuel</dc:creator>
      <pubDate>Wed, 13 May 2026 23:00:52 +0000</pubDate>
      <link>https://dev.to/degreatkhali/azure-portal-101-deploy-a-windows-10-vm-without-ever-touching-the-cli-33db</link>
      <guid>https://dev.to/degreatkhali/azure-portal-101-deploy-a-windows-10-vm-without-ever-touching-the-cli-33db</guid>
      <description>&lt;p&gt;In this guide, we are going to bypass the command line entirely (that is the CLI — Command Line Interface, like PowerShell or Bash). We will use the Azure Portal (GUI) to launch a Windows 10 Virtual Machine (VM) in about 7 minutes.&lt;/p&gt;

&lt;p&gt;Cost Note: Azure charges by the minute while your VM is running. Delete everything at the end and your cost will be minimal or zero, especially if you are on a free trial.&lt;/p&gt;

&lt;p&gt;A Virtual Machine (VM) is a computer that runs inside another computer — entirely in the cloud. You access it remotely just like a normal PC.&lt;/p&gt;

&lt;p&gt;Phase 1: &lt;strong&gt;The Setup&lt;/strong&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Sign In: Log into the &lt;a href="https://www.google.com/search?q=https://portal.azure.com" rel="noopener noreferrer"&gt;Azure Portal&lt;/a&gt;.&lt;/li&gt;
&lt;li&gt;Create a Resource: Click the + Create a resource button in the top left.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F154v4jzb58luhws2maqb.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F154v4jzb58luhws2maqb.png" alt=" " width="800" height="250"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Resource Group:&lt;/strong&gt; Click "Create new" and name it any name for example MyVMGroup.
Virtual Machine Name: Name it DevOps-Lab-01.
Region: Select the one closest to you (e.g., East US).&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsfvjbvoxnlo8gk487d4p.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsfvjbvoxnlo8gk487d4p.png" alt=" " width="744" height="565"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;When finish go to the resource group you just created and open it.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Next Select the Service search bar:&lt;/strong&gt; Type "Windows 10" in the search bar and select the Windows 10 option or the "consumer editions" or "Pro."&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fikhnxtiliustlfpcd1o5.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fikhnxtiliustlfpcd1o5.png" alt=" " width="800" height="499"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F06xe9m8a3qb8r20433ir.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F06xe9m8a3qb8r20433ir.png" alt=" " width="799" height="278"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Quick Definition:&lt;/strong&gt; A Region is simply the physical location of the data center where your virtual computer will live.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Phase 2: Configuration &amp;amp; Identity&lt;/strong&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Size: Choose Standard_B2s. It's cost-effective and perfect for learning.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcjnt7pg7frfnthgu08a6.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcjnt7pg7frfnthgu08a6.png" alt=" " width="783" height="531"&gt;&lt;/a&gt;&lt;br&gt;
The "Size" selection window showing the B2s option and its estimated monthly cost. Ensure you check the &lt;strong&gt;Run with Azure spot discount&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;This lets Azure use spare capacity to run your VM at a lower cost. It is perfect for learning because we are not running anything critical.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff3sqfdpe6gjxohplsvbn.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff3sqfdpe6gjxohplsvbn.png" alt=" " width="799" height="483"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;*&lt;em&gt;7. Administrator Account: *&lt;/em&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Enter a username&lt;/strong&gt; and &lt;/li&gt;
&lt;li&gt;&lt;strong&gt;A strong password.&lt;/strong&gt;&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;⚠️ &lt;strong&gt;Important:&lt;/strong&gt; Save these! You will need them to "log in" to your computer later.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;*&lt;em&gt;Inbound Port Rules: *&lt;/em&gt;
Under "Public inbound ports," ensure Allow selected ports is checked and RDP (3389) &amp;amp; Http (80)  is selected.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyplqahldg1y4eq1bjkfq.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyplqahldg1y4eq1bjkfq.png" alt=" " width="800" height="548"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;
&lt;strong&gt;Review + Create:&lt;/strong&gt; Skip the other tabs for now. Click the blue Review + Create button at the bottom.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;strong&gt;The Deployment&lt;/strong&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Confirm: Azure will run a validation check. Look for the green "Validation passed" message. Then click Create.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;strong&gt;Phase 3: Connecting via Remote Desktop (RDP)&lt;/strong&gt;&lt;br&gt;
Once the deployment is complete, click Go to resource.&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Click the Connect button at the top left and select RDP.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2vn02kpfu8n570hlljqr.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2vn02kpfu8n570hlljqr.png" alt=" " width="570" height="420"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmm1jpvkkn81oqg8vyxzx.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmm1jpvkkn81oqg8vyxzx.png" alt=" " width="799" height="434"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Click Download RDP File. This file is your "digital key."&lt;/li&gt;
&lt;li&gt;Open the downloaded file and click Connect.&lt;/li&gt;
&lt;li&gt;Enter the Username and Password you created in Phase 2.&lt;/li&gt;
&lt;li&gt;The Certificate Warning: A box will pop up saying the identity     cannot be verified. This is normal! Click Yes.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqupx0t7idotzy1wtq62x.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqupx0t7idotzy1wtq62x.png" alt=" " width="729" height="554"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpzo27ywn24gchuxz5wv1.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpzo27ywn24gchuxz5wv1.png" alt=" " width="541" height="429"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe4mdlv47ygrruyd1oaz2.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe4mdlv47ygrruyd1oaz2.png" alt=" " width="582" height="602"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;VM running live.&lt;/strong&gt;&lt;br&gt;
&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwb73h1ompl56no4vj2gv.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwb73h1ompl56no4vj2gv.png" alt=" " width="800" height="425"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;You have just deployed a real cloud computer from scratch no command line needed. &lt;/p&gt;

&lt;p&gt;&lt;em&gt;What You Just Learned:&lt;/em&gt;&lt;br&gt;
&lt;strong&gt;Azure Term : What It Actually Means&lt;/strong&gt;&lt;br&gt;
 Resource Group:  A folder for your cloud project&lt;br&gt;
 Region:  Which data center your VM lives in&lt;br&gt;
 VM :  A computer that runs inside another computer entirely in the cloud.&lt;br&gt;
 RDP:  The remote "screen share" protocol&lt;br&gt;
 VM Size:  How much CPU/RAM your lab computer gets&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Next Step: Don't Forget to Clean Up!&lt;/strong&gt;&lt;br&gt;
When you are finished testing, delete your Resource Group to avoid any unnecessary charges:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Go to Resource groups in the Azure Portal.&lt;/li&gt;
&lt;li&gt;Find MyVMGroup.&lt;/li&gt;
&lt;li&gt;Click Delete resource group and type the name to confirm.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;The Resource Group page showing the "Delete resource group" button and the confirmation text box.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ferilc2hkgu4cra6v6uo5.png" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ferilc2hkgu4cra6v6uo5.png" alt=" " width="800" height="562"&gt;&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;If you found this helpful, kindly share it with someone else starting their DevOps journey. If you are on the same path, I did love to hear how your experience went — drop a comment or reach out. &lt;/p&gt;

</description>
      <category>vm</category>
      <category>azure</category>
      <category>beginners</category>
      <category>devopspath</category>
    </item>
  </channel>
</rss>
