DEV Community: okunola babatunde

Manage tags and locks

okunola babatunde — Fri, 13 Mar 2026 19:28:04 +0000

Cloud environments can scale rapidly, making proper organization and protection essential. After completing tasks such as creating a subnet, updating a virtual machine, and working with an Azure storage account, the next step was to improve governance by implementing tags and resource locks.

Tags allow administrators to attach key-value metadata to resources, making it easier to categorize, track, and manage them across the environment. Resource locks, on the other hand, help prevent accidental deletion or modification of critical resources, adding an extra layer of protection.

During this exercise, I revisited the previously created resources and applied appropriate tags, locks, or both to strengthen management and oversight.
A simple guide to implement, how locks and tags are set, is stated bellow.

Add tags to a virtual machine

You’ll start by adding a pair of tags to the virtual machine. One tag will be to identify the purpose of the virtual machine and the other will be to indicate the department the machine supports.

Login to Microsoft Azure at https://portal.azure.com
From the Azure portal home page, in the search box, enter virtual machines.
Select virtual machines under services.
Select the guided-project-vm virtual machine.
From the menu pane, select Tags.
On one line for Name enter Department and for Value enter Customer Service
On the next line, for Name enter Purpose and for Value enter FTP Server.
Select Apply. While you’re working on the virtual machine, it’s a great time to add a resource lock. ## Add a resource lock to a VM
If necessary, expand the Settings submenu.
Select Locks.
Select + Add.
For the name, enter VM-delete-lock.
For the Lock type, select Delete. You may enter a note to help remind you why you created the lock.
Select OK. That’s it. Now the VM is protected from deletion and has tags assigned to help track use. Time to move onto the network. Select Home to return to the Azure portal home page. ## Add tags to network resources
From the Azure portal home page, in the search box, enter virtual networks.
Select virtual networks under services.
Select the guided-project-vnet network.
From the menu pane, select Tags. ## Note: Notice that now you can select an existing tag to apply or add a new tag. You can also select just the name or value and apply create something new in the other field.
For the Name select Department.
For the Value enter IT.
Select Apply. Now both the VNet and VM have are organised.

Conclusion

Using tags and resource locks is a simple but powerful way to maintain organization, visibility, and security in Azure environments as they continue to grow.

Control storage access

okunola babatunde — Fri, 13 Mar 2026 19:04:51 +0000

The effective storage management is key to a secure and efficient cloud environment. Recently, I worked hands-on with Azure storage accounts, creating a storage container and a file share, and uploading files to both. Containers provide scalable, structured object storage, while file shares allow SMB/NFS-style access for team collaboration.

This exercise helped me practice setting permissions, managing access keys, and ensuring data is organized and secure—skills essential for modern cloud operations.
Here, in this practical guide, I have shared with you how storage container and fileshare have been created, and how restriction is set on the container's content.

Create a storage container

Login to Microsoft Azure at (Azure Portal)[https://portal.azure.com] From the Azure portal home page, in the search box, enter storage accounts.
Select storage accounts under services.
Select the storage account you created in the Prepare exercise
The storage account name is the hyperlink to the storage account. (Note: it should be associated with the resource group guided-project-rg.) 5. On the storage account blade, under the Data storage submenu, select Containers.
Select + Add container.
In the Name field, enter storage-container.
Select Create.

Upload a file to the storage container

Select the storage container you just created.
Select Upload and upload the file you prepared.
Once the file is ready for upload, select Upload. With the file uploaded, notice that the Access tier is displayed. For something we uploaded just for testing, it doesn’t need to be assigned to the Hot access tier. In the next few steps, you’ll change the access tier for the file. ## Change the access tier
Select the file you just uploaded (the file name is a hyperlink).
Select Change tier.
Select Cold.
Select Save. ## Note: You just changed the access tier for an individual blob or file. To change the default access tier for all blobs within the storage account, you could change it at the storage account level.
Select Home to return to the Azure portal home page.
From the Azure portal home page, in the search box, enter storage accounts.
Select storage accounts under services.
Select the storage account you created in the Prepare exercise. The storage account name is the hyperlink to the storage account. (Note: it should be associated with the resource group guided-project-rg.)
On the storage account blade, under the Data storage submenu, select File shares.
Select + File share.
On the Basics tab, in the name field enter file-share.
On the Backup tab, uncheck Enable backup
Select Review + create.
Select Create.
Once the file share is created, select Upload.
Upload the same file you uploaded to the blob storage or a different file, it’s up to you.
Select Home to return to the Azure portal home page. The next piece of the puzzle is figuring one way to control access to the files that have been uploaded. Azure has many ways to control files, including things like role-based access control. In this scenario, the Azure admin wants you to use shared access tokens or keys. ## Create a shared access signature token
From the Azure portal home page, in the search box, enter storage accounts.
Select storage accounts under services.
Select the storage account you created in the Prepare exercise.
On the storage account blade, select Storage browser. Expand Blob containers
Expand Blob containers ## Note: Blob container is another name for the storage containers. Items uploaded to a storage container are called blobs.
Select the storage container you created earlier, storage-container. 7. Select the ellipses (three dots) on the end of the line for the image you uploaded.
Select Generate SAS ## Note: When you generate a shared access signature, you set the duration. Once the duration is over, the link stops working. The **Start automatically populates with the current date and time.Set 9. Signing method to Account key.
Set Signing key to Key 1 ## Tip: There are two signing keys available. You can choose either one, or create SAS tokens with different durations.
Set Stored access policy to None.
Set Permissions to Read.
Enter a custom start and expiry time or leave the defaults. 14. Set Allowed protocols to HTTPS only.
Select Generate SAS token and URI.
Copy the Blob SAS URL and paste it in another window or tab of your browser. It should display the image you uploaded. Keep this tab or window open.
Select Home to return to the Azure portal home page. With the SAS token created, anyone with that link can access the file for the duration that was set when you created the SAS token. However, controlling access to a resource or file is about more than just granting access. It’s also about being able to revoke access. To revoke access with a SAS token, you need to invalidate the token. You invalidate the token by rotating the key that was used. ## Rotate access keys
From the Azure portal home page, in the search box, enter storage accounts.
Select storage accounts under services.
Select the storage account you created in the Prepare exercise.
Expand the Security + networking submenu.
Select Access keys. 6. For Key 1, select Rotate key.
Read and then acknowledge the warning about regenerating the access key by selecting Yes. 8. Once you see the success message for rotating the access key, go back to the window or tab you used to check the SAS token and refresh the page. You should receive an authentication failed error.

Conclusion:

Mastering Azure storage accounts, containers, and file shares enables admins to control access, simplify file sharing, and maintain scalable, secure cloud environments.

Manage virtual machines

okunola babatunde — Fri, 13 Mar 2026 18:30:32 +0000

Managing virtual machines in Azure isn’t just about creating them—it’s about placing them strategically within the network for efficiency and visibility. After updating network settings to support subnet segmentation, I moved an existing Linux VM to a newly created subnet. This ensures better traffic isolation, simplifies monitoring, and lays the groundwork for scalable deployments.

Migrating the VM to its dedicated subnet preserved the integrity of the existing network while enhancing visibility into its resource utilisation and network flow. Proactive network management like this, keeps the cloud environment organised, secure, and easier to maintain.Here, these procedures guide you on how to do it yourself in a less stressful way.

Move the virtual machine network to the new subnet

Login to Microsoft Azure at (Azure Portal)[https://portal.azure.com]
From the Azure portal home page, in the search box, enter virtual machines.
Select virtual machines under services.
Select the guided-project-vm virtual machine.
If the virtual machine is running, select Stop. ## Note: In order to make some configuration changes, such as changing the subnet, the VM will need to be restarted. You can request the change without stopping the VM, but Azure will force a restart before completing the change.
Wait for the Status field to update and show Stopped (deallocated).
Within the Networking subsection of the menu, select Network settings.
Select the Network interface / IP configuration hyperlink for the VM.
On the IP Configurations page, update the Subnet to ftpSubnet.
Select Apply. 11. Select Home to return to the Azure portal home page.

Vertically scale the virtual machine

From the Azure portal home page, in the search box, enter virtual machines.
Select virtual machines under services.
Select the guided-project-vm virtual machine.
Locate the Availability + scale submenu and select Size. 5. Select a new VM size D2s_v5 for example. (Note: If you don’t see the same size as shown in this exercise, select something similar.)
Select Resize.
Select Home to return to the Azure portal home page.

Attach data disks to a virtual machine

From the Azure portal home page, in the search box, enter virtual machines.
Select virtual machines under services.
Select the guided-project-vm virtual machine.
Locate the settings submenu and select Disks. 5. Select Create and attach a new disk.
Leave LUN as default.
Enter ftp-data-disk for the Disk name.
Leave the Storage type as default.
Enter 20 for the Size.
Select Apply to create the new storage disk and attach the disk to the machine. 11. Select Home to return to the Azure portal home page.

Configure automatic shutdown on a virtual machine

From the Azure portal home page, in the search box, enter virtual machines.
Select virtual machines under services.
Select the guided-project-vm virtual machine.
Under the Operations submenu, select Auto-shutdown. 5. In order to let late uploads finish, set the Scheduled shutdown to 7:15:00 PM.
Select Save.
Select Home to return to the Azure portal home page.

Conclusion:

Using dedicated subnets for VMs is a straightforward, yet impactful practice in Azure. It enables workload isolation, better performance monitoring, and future-proofing of the infrastructure—keeping operations smooth and manageable.

Update the virtual network

okunola babatunde — Fri, 13 Mar 2026 18:05:49 +0000

As part of supporting an Azure Admin in managing cloud resources, I assist with specific tasks rather than maintaining the entire infrastructure. Currently, one Linux virtual machine (VM) is under-utilised, and there’s a requirement to deploy a new Linux VM to act as an FTP server. To ensure effective monitoring of network traffic and resource utilization for the FTP server, the Azure Admin has requested the creation of a dedicated subnet. The existing subnet will remain unchanged to accommodate future VM deployments. Here is a simple guide to provisioning a subnet for a Linux FTP Server. To achieve this goal, you need to follow a step-by-step guide as stated bellow

Create a new subnet on an existing virtual network (vNet)

Login to Microsoft Azure at (Azure Portal)[https://portal.azure.com]
From the Azure portal home page, in the search box, enter virtual networks.
Select virtual networks under services.
Select the guided-project-vnet virtual network.
From the guided-project-vnet blade, under settings, select Subnets.
To add a subnet, select + Subnet.
For Subnet purpose leave it as Default.
For Name enter: ftpSubnet.
Leave the rest of the settings alone and select Add.
Select Home to return to the Azure portal home page.

Create a network security group

From the Azure portal home page, in the search box, enter virtual networks.
Select virtual networks under services.
Select Network security groups.
Select + Create.
Verify the subscription is correct.
Select the guided-project-rg resource group.
Enter ftpNSG for the network security group name.
Select Review + create.
Once the validation is complete, select Create.
Wait for the screen to refresh and display Your deployment is complete.
Select Go to resource.

Create an inbound security rule

Under settings, select Inbound security rules.
Select + Add.
Change the Destination port ranges from 8080 to 22.
Select TCP for the protocol.
Set the name to ftpInbound.
Select Add.
Select Home to return to the Azure portal home page.

Associate a network security group to a subnet

From the Azure portal home page, in the search box, enter virtual networks.
Select virtual networks under services.
Select the guided-project-vnet virtual network.
Under settings, select Subnets.
Select the ftpSubnet you created.
On the Edit subnet page, under the Security section heading, update the Network security group field to ftpNSG.
Select Save.

Conclusion
In Azure, planning network segmentation and resource allocation is essential for performance, monitoring, and security. By provisioning a new subnet for an FTP server, the infrastructure becomes more organised, maintainable, and transparent for administrators tracking usage metrics. This approach exemplifies proactive cloud governance and prepares the environment for future scaling needs.

Hands-On Azure Infrastructure Setup: My Learning Journey

okunola babatunde — Fri, 13 Mar 2026 17:39:29 +0000

I recently completed a hands-on exercise in Azure to set up the foundation of a cloud environment—and it was a game-changer for understanding real-world cloud infrastructure.

Here’s what I did:

Logged into Microsoft Azure – The portal is your central hub for managing and monitoring cloud resources.
Created a Resource Group – Grouping resources together makes management, access control, and lifecycle policies much easier. I named mine guided-project-rg
Set up a Virtual Network & Subnet – Networking is the backbone of cloud infrastructure. With guided-project-vnet. I defined IP ranges and prepared the network for secure communication.
Provisioned a Virtual Machine – I created guided-project-vm running Ubuntu Server 24.04 LTS - x64 Gen2 .VMs provide scalable compute and are the building blocks for cloud applications.
Created a Storage Account – Storage is essential for persisting data. I set up privateokunola2strg with standard performance and hot access tier, perfect for development and testing workloads.

Key Takeaways:

Planning your resources upfront saves headaches later.

VNets, subnets, and resource groups aren’t just concepts—they’re practical tools for building scalable, secure environments.

Hands-on practice bridges the gap between theory and real-world application.

Cloud infrastructure isn’t just about creating resources—it’s about understanding how they connect and scale. Exercises like this are a great way to build confidence and technical skills in Azure.

From the Azure portal home page, in the search box, enter resource groups.
Select Resource groups under services.
Select Create

Note:

Your subscription should already be selected. If you have multiple Azure subscriptions associated with this login, select the one you’d like to use for the guided project.
Enter "guided-project-rg" in the Resource group name field.
The Region field will automatically populate. Leave your region set on Korea central
Select Review + create.
Select Create.
Return to the home page of the Azure portal by selecting Home.

Create a virtual network with one subnet
From the Azure portal home page, in the search box, enter virtual networks.
Select virtual networks under services.
Select Create.
Scroll down to the Instance details section and enter guided-project-vnet for the Virtual network name.
Select Review + create.
Select Create.
Wait for the screen to refresh and show Your deployment is complete.
Select Home to return to the Azure portal home page.

Create a virtual machine

From the Azure portal home page, in the search box, enter virtual machines.
Select virtual machines under services.
Select Create and then select Virtual machine
Select guided-project-rg for the Resource group.
Enter guided-project-vm for the Virtual machine name.
For the Image, select one of the Ubuntu Server options. (For example, Ubuntu Server 24.04 LTS - x64 Gen2)
Continue further on the Basics page to the Administrator account section.
Select Password for authentication type.
Enter guided-project-admin for the admin Username.
Enter a password for the admin account.
Confirm the password for the admin account.
Leave the rest of the settings as default settings. You can uploads.s3.amazonaws.com/uploads/articles/4y09h45cv9svvlrw5scz.png)
Select Review + create
Select Create to confirm the resource cost and create the virtual machine.
Select Home to return to the Azure portal home page. Note: Once validation has passed, you’ll receive a cost estimate of how much it will cost per hour to run the VM.

Create a Storage account

From the Azure portal home page, in the search box, enter storage accounts.
Select Storage accounts under services.
Select Create.
Scroll down to the Instance details section and enter a name for the storage account. Storage accounts must be globally unique, so you may have to try a few different times to get a storage account name.
Select Review + create.
Select Create.
Wait for the screen to refresh and show Your deployment is complete.
Select Home to return to the Azure portal home page.

Hands-On Azure Cloud Engineering: Managing Networks, Virtual Machines, Storage Blobs, and Resource Governance

okunola babatunde — Fri, 13 Mar 2026 16:13:43 +0000

Cloud infrastructure is not just about launching servers in the cloud. It’s about designing systems that are organized, secure, scalable, and easy to manage over time. Recently, I worked on a hands-on Azure guided project where I practiced managing key parts of a cloud environment. The experience simulated assisting an Azure administrator with maintaining and improving an existing infrastructure. The project covered several important areas of cloud engineering, including:

Network configuration
Virtual machine management
Cloud storage services
Resource governance and protection

Although the work involved technical tools, the main idea behind it was simple: build systems that are easy to understand, monitor, and protect from mistakes.

Preparing the Azure Environment

The project required an active Azure subscription, since all tasks involved creating and managing real cloud resources. One of the first best practices emphasised was using clear naming conventions when creating resources. In simple terms, this means naming resources in a way that clearly describes their purpose. When teams follow structured naming patterns, it becomes much easier to:

Quickly identify resources
Keep infrastructure organized
Clean up environments after projects
Maintain consistency across teams

Another important lesson was cost awareness. Because cloud services charge based on usage, engineers must always create and manage resources responsibly.

Supporting an Azure Administrator

In this scenario, I was supporting an Azure administrator who manages an existing cloud environment. The infrastructure already contained a Linux Virtual Machine (VM), but it wasn’t being fully utilised. At the same time, there was a need for another Linux system that could function as an FTP server to allow files to be transferred between systems.
Before setting this up, the administrator wanted better visibility into network traffic and system usage.
To make this possible, the first step was to create a new subnet within the existing virtual network.
Creating a New Subnet for Better Network Organization
Rather than modifying the current network segment, the administrator requested the creation of a separate subnet dedicated to the FTP server.
The original subnet was left untouched because it may be used for future virtual machines.

Creating a new subnet offers several advantages:

It separates workloads into different network segments
It improves monitoring of network activity
It keeps infrastructure organised
It allows the environment to scale in the future This approach is known as network segmentation, and it helps improve both security and visibility in cloud environments.

Managing the Virtual Machine

Once the network structure was prepared, the next task was to update the virtual machine configuration.
The existing Linux VM was moved to the newly created subnet, ensuring it would operate within the correct network environment for the FTP service.
In real-world cloud environments, tasks like this are common. Infrastructure engineers often need to adjust existing systems while ensuring services continue to run smoothly.

Working with Azure Storage Services

Another key part of the project involved learning how to manage cloud storage services.
Organizations often need reliable ways to store and share files across systems, and Azure provides several services designed for this purpose.
During the exercise, I worked with:

AzureStorage Accounts
Blob Storage Containers
Azure File Shares

The tasks included:

Creating a storage container
Creating a file share
Uploading files to both storage locations

Blob Storage is typically used for storing large amounts of data such as application files, backups, logs, and media.
Azure File Shares, on the other hand, work more like a shared network folder, allowing multiple systems to access the same files.
These services are essential when organizations need secure and scalable file storage in the cloud.

Protecting and Organising Resources with Tags and Locks

As cloud environments grow, managing resources becomes more complex. Azure provides governance tools to help teams keep everything organised and protected.

Two important tools used in this project were resource tags and resource locks.

Resource Tags
Tags are simple labels attached to resources.
For example, a tag can show:
• Which department owns the resource
• The purpose of the resource
• The environment (development, testing, or production)
This makes it easier to track usage, manage costs, and quickly understand what each resource is used for.
Resource Locks
Resource locks help prevent accidental deletion or modification of important systems.
Because the Linux VM was going to operate as an FTP server, a lock was applied to ensure that no one could mistakenly delete it.
This adds an extra layer of operational protection and stability.

Final Outcome
By completing the project, the environment now includes:

A new subnet for better network organization
A Linux virtual machine positioned correctly within the network
Azure storage services configured for file sharing and storage
Resource tags applied for better organization Resource locks implemented to protect critical infrastructure from being accidentally deleted. Together, these improvements help ensure the cloud environment is structured, secure, and easier to manage.

Key Takeaways

This experience reinforced several important cloud engineering principles:

Designing well-structured network architectures
Managing and updating virtual machine configurations
Using cloud storage solutions effectively
Organising infrastructure with resource tagging
Protecting critical resources using locks These are foundational skills for anyone working with modern cloud platforms like Microsoft Azure. Cloud engineering is not only about deploying resources — it's about building environments that are reliable, organised, and sustainable.

However, to make this learning easier for others, I also created a step-by-step guide with screenshots, so anyone interested in Azure infrastructure can follow along and practice these tasks independently.

Need an Azure account?
If you already have a Microsoft Azure account to use for this lab, skip to Login to Microsoft Azure. If you need to create an Azure account, complete the following steps.

Go to the Azure free account page.
Select Try Azure for free
Complete the sign-up process for an Azure account.
Login to Microsoft Azure
Login to Microsoft Azure at Azure Portal

Create a resource group

In order to make clean-up easy at the end, start with creating a new resource group to hold the resources for this guided project. Using resource groups to organize things is a quick way to ensure you can manage resources when a project is over.

From the Azure portal home page, in the search box, enter resource groups.
Select Resource groups under services.
Select Create

Note:

Your subscription should already be selected. If you have multiple Azure subscriptions associated with this login, select the one you’d like to use for the guided project.
Enter "guided-project-rg" in the Resource group name field.
The Region field will automatically populate. Leave your region set on Korea central
Select Review + create.
Select Create.
Return to the home page of the Azure portal by selecting Home.

Create a virtual network with one subnet
From the Azure portal home page, in the search box, enter virtual networks.
Select virtual networks under services.
Select Create.
Scroll down to the Instance details section and enter guided-project-vnet for the Virtual network name.
Select Review + create.
Select Create.
Wait for the screen to refresh and show Your deployment is complete.
Select Home to return to the Azure portal home page.

Create a virtual machine

From the Azure portal home page, in the search box, enter virtual machines.
Select virtual machines under services.
Select Create and then select Virtual machine
Select guided-project-rg for the Resource group.
Enter guided-project-vm for the Virtual machine name.
For the Image, select one of the Ubuntu Server options. (For example, Ubuntu Server 24.04 LTS - x64 Gen2)
Continue further on the Basics page to the Administrator account section.
Select Password for authentication type.
Enter guided-project-admin for the admin Username.
Enter a password for the admin account.
Confirm the password for the admin account.
Leave the rest of the settings as default settings. You can uploads.s3.amazonaws.com/uploads/articles/4y09h45cv9svvlrw5scz.png)
Select Review + create
Select Create to confirm the resource cost and create the virtual machine.
Select Home to return to the Azure portal home page. Note: Once validation has passed, you’ll receive a cost estimate of how much it will cost per hour to run the VM.

Create a Storage account

From the Azure portal home page, in the search box, enter storage accounts.
Select Storage accounts under services.
Select Create.
Scroll down to the Instance details section and enter a name for the storage account. Storage accounts must be globally unique, so you may have to try a few different times to get a storage account name.
Select Review + create.
Select Create.
Wait for the screen to refresh and show Your deployment is complete.
Select Home to return to the Azure portal home page.

Create a new subnet on an existing virtual network (vNet)

Login to Microsoft Azure at (Azure Portal)[https://portal.azure.com]
From the Azure portal home page, in the search box, enter virtual networks.
Select virtual networks under services.
Select the guided-project-vnet virtual network.
From the guided-project-vnet blade, under settings, select Subnets.
To add a subnet, select + Subnet.
For Subnet purpose leave it as Default.
For Name enter: ftpSubnet.
Leave the rest of the settings alone and select Add.
Select Home to return to the Azure portal home page.

Create a network security group

From the Azure portal home page, in the search box, enter virtual networks.
Select virtual networks under services.
Select Network security groups.
Select + Create.
Verify the subscription is correct.
Select the guided-project-rg resource group.
Enter ftpNSG for the network security group name.
Select Review + create.
Once the validation is complete, select Create.
Wait for the screen to refresh and display Your deployment is complete.
Select Go to resource.

Create an inbound security rule

Under settings, select Inbound security rules.
Select + Add.
Change the Destination port ranges from 8080 to 22.
Select TCP for the protocol.
Set the name to ftpInbound.
Select Add.
Select Home to return to the Azure portal home page.

Associate a network security group to a subnet

From the Azure portal home page, in the search box, enter virtual networks.
Select virtual networks under services.
Select the guided-project-vnet virtual network.
Under settings, select Subnets.
Select the ftpSubnet you created.
On the Edit subnet page, under the Security section heading, update the Network security group field to ftpNSG.
Select Save. *Move the virtual machine network to the new subnet *
Login to Microsoft Azure at (Azure Portal)[https://portal.azure.com]
From the Azure portal home page, in the search box, enter virtual machines.
Select virtual machines under services.
Select the guided-project-vm virtual machine.
If the virtual machine is running, select Stop. ## Note: In order to make some configuration changes, such as changing the subnet, the VM will need to be restarted. You can request the change without stopping the VM, but Azure will force a restart before completing the change.
Wait for the Status field to update and show Stopped (deallocated).
Within the Networking subsection of the menu, select Network settings.
Select the Network interface / IP configuration hyperlink for the VM.
On the IP Configurations page, update the Subnet to ftpSubnet.
Select Apply. 11. Select Home to return to the Azure portal home page.

Vertically scale the virtual machine

From the Azure portal home page, in the search box, enter virtual machines.
Select virtual machines under services.
Select the guided-project-vm virtual machine.
Locate the Availability + scale submenu and select Size. 5. Select a new VM size D2s_v5 for example. (Note: If you don’t see the same size as shown in this exercise, select something similar.)
Select Resize.
Select Home to return to the Azure portal home page.

Attach data disks to a virtual machine

From the Azure portal home page, in the search box, enter virtual machines.
Select virtual machines under services.
Select the guided-project-vm virtual machine.
Locate the settings submenu and select Disks. 5. Select Create and attach a new disk.
Leave LUN as default.
Enter ftp-data-disk for the Disk name.
Leave the Storage type as default.
Enter 20 for the Size.
Select Apply to create the new storage disk and attach the disk to the machine. 11. Select Home to return to the Azure portal home page.

Configure automatic shutdown on a virtual machine

From the Azure portal home page, in the search box, enter virtual machines.
Select virtual machines under services.
Select the guided-project-vm virtual machine.
Under the Operations submenu, select Auto-shutdown. 5. In order to let late uploads finish, set the Scheduled shutdown to 7:15:00 PM.
Select Save.
Select Home to return to the Azure portal home page.

Create a storage container

Login to Microsoft Azure at (Azure Portal)[https://portal.azure.com] From the Azure portal home page, in the search box, enter storage accounts.
Select storage accounts under services.
Select the storage account you created in the Prepare exercise
The storage account name is the hyperlink to the storage account. (Note: it should be associated with the resource group guided-project-rg.) 5. On the storage account blade, under the Data storage submenu, select Containers.
Select + Add container.
In the Name field, enter storage-container.
Select Create.

Upload a file to the storage container

Select the storage container you just created.
Select Upload and upload the file you prepared.
Once the file is ready for upload, select Upload. With the file uploaded, notice that the Access tier is displayed. For something we uploaded just for testing, it doesn’t need to be assigned to the Hot access tier. In the next few steps, you’ll change the access tier for the file. ## Change the access tier
Select the file you just uploaded (the file name is a hyperlink).
Select Change tier.
Select Cold.
Select Save. ## Note: You just changed the access tier for an individual blob or file. To change the default access tier for all blobs within the storage account, you could change it at the storage account level.
Select Home to return to the Azure portal home page.
From the Azure portal home page, in the search box, enter storage accounts.
Select storage accounts under services.
Select the storage account you created in the Prepare exercise. The storage account name is the hyperlink to the storage account. (Note: it should be associated with the resource group guided-project-rg.)
On the storage account blade, under the Data storage submenu, select File shares.
Select + File share.
On the Basics tab, in the name field enter file-share.
On the Backup tab, uncheck Enable backup
Select Review + create.
Select Create.
Once the file share is created, select Upload.
Upload the same file you uploaded to the blob storage or a different file, it’s up to you.
Select Home to return to the Azure portal home page. The next piece of the puzzle is figuring one way to control access to the files that have been uploaded. Azure has many ways to control files, including things like role-based access control. In this scenario, the Azure admin wants you to use shared access tokens or keys. ## Create a shared access signature token
From the Azure portal home page, in the search box, enter storage accounts.
Select storage accounts under services.
Select the storage account you created in the Prepare exercise.
On the storage account blade, select Storage browser. Expand Blob containers
Expand Blob containers ## Note: Blob container is another name for the storage containers. Items uploaded to a storage container are called blobs.
Select the storage container you created earlier, storage-container. 7. Select the ellipses (three dots) on the end of the line for the image you uploaded.
Select Generate SAS ## Note: When you generate a shared access signature, you set the duration. Once the duration is over, the link stops working. The **Start automatically populates with the current date and time.Set 9. Signing method to Account key.
Set Signing key to Key 1 ## Tip: There are two signing keys available. You can choose either one, or create SAS tokens with different durations.
Set Stored access policy to None.
Set Permissions to Read.
Enter a custom start and expiry time or leave the defaults. 14. Set Allowed protocols to HTTPS only.
Select Generate SAS token and URI.
Copy the Blob SAS URL and paste it in another window or tab of your browser. It should display the image you uploaded. Keep this tab or window open.
Select Home to return to the Azure portal home page. With the SAS token created, anyone with that link can access the file for the duration that was set when you created the SAS token. However, controlling access to a resource or file is about more than just granting access. It’s also about being able to revoke access. To revoke access with a SAS token, you need to invalidate the token. You invalidate the token by rotating the key that was used. ## Rotate access keys
From the Azure portal home page, in the search box, enter storage accounts.
Select storage accounts under services.
Select the storage account you created in the Prepare exercise.
Expand the Security + networking submenu.
Select Access keys. 6. For Key 1, select Rotate key.
Read and then acknowledge the warning about regenerating the access key by selecting Yes. 8. Once you see the success message for rotating the access key, go back to the window or tab you used to check the SAS token and refresh the page. You should receive an authentication failed error. ## Add tags to a virtual machine You’ll start by adding a pair of tags to the virtual machine. One tag will be to identify the purpose of the virtual machine and the other will be to indicate the department the machine supports.
Login to Microsoft Azure at https://portal.azure.com
From the Azure portal home page, in the search box, enter virtual machines.
Select virtual machines under services.
Select the guided-project-vm virtual machine.
From the menu pane, select Tags.
On one line for Name enter Department and for Value enter Customer Service
On the next line, for Name enter Purpose and for Value enter FTP Server.
Select Apply. While you’re working on the virtual machine, it’s a great time to add a resource lock. ## Add a resource lock to a VM
If necessary, expand the Settings submenu.
Select Locks.
Select + Add.
For the name, enter VM-delete-lock.
For the Lock type, select Delete. You may enter a note to help remind you why you created the lock.
Select OK. That’s it. Now the VM is protected from deletion and has tags assigned to help track use. Time to move onto the network. Select Home to return to the Azure portal home page. ## Add tags to network resources
From the Azure portal home page, in the search box, enter virtual networks.
Select virtual networks under services.
Select the guided-project-vnet network.
From the menu pane, select Tags. ## Note: Notice that now you can select an existing tag to apply or add a new tag. You can also select just the name or value and apply create something new in the other field.
For the Name select Department.
For the Value enter IT.
Select Apply. Now both the VNet and VM have are organized. ## Exercise – Clean up ## Warning: Failure to complete this Clean up task could result in unexpected Azure costs. This task will remove resources created during this guided project. ## Remove delete locks If you attempt to delete a resource with a delete lock, you’ll receive a warning that the operation failed due to a delete lock being in place. To avoid that, it’s important to clear delete locks from resources you intend to delete before issuing the delete command.
Login to Microsoft Azure at (Azure Portal)[https://portal.azure.com]
From the Azure portal home page, in the search box, enter virtual machines.
Select virtual machines under services.
Select the guided-project-vm virtual machine.
If necessary, expand the Settings submenu.
Select Locks.
Select Delete on the line for the VM-delete-lock.
On the pop-up window, select Delete to confirm deletion of the lock. Once the delete lock is removed, you’ll be able to delete the VM. While this was the only delete lock required by the exercise, if you applied other delete locks during the exercise, remove them now. When you’re done, select Home to return to the Azure portal home page. ## Delete the project resource group A key benefit of using resource groups is the ability to rapidly delete all of the resources assigned to a resource group at once.
From the Azure portal home page, in the search box, enter Resource groups.
Select resource groups under services.
Select the guided-project-rg resource group.
Select Delete resource group.
Select Apply force delete…
Enter guided-project-rg in the confirmation box.
Select Delete It will approximately 5 minutes before the resource group is fully deleted. You’ll need to refresh the resource group page every few minutes until the guided-project-rg is gone to confirm complete deletion. ## Important: Recall at the beginning of the Guided Project you checked for a NetworkWatcherRG resource group. If there WAS a NetworkWatcherRG when you started, then you’re finished. However, if the NetworkWatcherRG was created for the guided project, you’ll need to delete the NetworkWatcherRG as well following a nearly identical process. ## Delete the NetworkWatcherRG ## Important: If the NetworkWatcherRG existed prior to starting the guided project, do not delete it as part of the guided project clean up.
From the Azure portal home page, in the search box, enter Resource groups.
Select resource groups under services.
Select the NetworkWatcherRG resource group.
Select Delete resource group.
Enter NetworkWatcherRG in the confirmation box.
Select Delete.
On the Delete confirmation pop-up, select Delete.

Architecting Compute Infrastructure Using Amazon EC2

okunola babatunde — Fri, 27 Feb 2026 07:45:10 +0000

Hey, the advent of owing on-prem server, equipped with vast number of Air conditional, security maintenance cost, cost of installation, purchase of hardware, has been replaced with cloud technology known as virtualization. However, owning a computer system on your palm comes to negate high cost of expenses which fosters security, resilency, efficiency and scalability.
In today's article, i am going to basically walk you, a less tasky and very fast procedures on how to provision a test-ready linux EC2 instance.

Step1: On the Console Home page, search for EC2 in the search bar.

Step2; On the Launch instance section, select Launch Instance.

Step3: Name your server as Linux-Production-Server

Step4: Application and OS Images (Amazon Machine Image) Info
An AMI contains the operating system, application server, and applications for your instance. If you don't see a suitable AMI below, use the search field or choose Browse more AMIs.For the purpose of learning and testing, my desire is Ubuntu linux distribution.

Incase, your choice distribution is not itemize here, you can search to pick your choice.

There are many distribution of Linux and for the purpose of practice and free tier subscription level, i have decided to choose Amazon Linux 2023 kernel.

Here, you can select your instance type

Step5:Ensure to create a new key pin.You will use this key pair to securely connect to your instance. Ensure that you have access to the selected key pair before you launch the instance.

Click on the New key pair and name it "Linux key". Live other settings default and click on create.

the key pair has been downloaded into downloads file. Keep it intact for once its tampered with, it becomes useless.

Step6: Go to network settings and leave other settings default.

Step7: Configure your storage depending on your workloads

Step8: Click on the "Lunch instance" button

Step9: Connect to your instance

Step10: Down the connect section, scrow down and select "connect"

You would notice from here, that the server named Linux-Production- Sever has been connected with the internet.
.
With this, are successfully connected to our server. However, to log out of this server, you need to type the command prompt "exit". Now, the server is logged out.

For the learning purpose, in other to save cost, it is advised to always shutdown the EC2 created for the purpose of unnecessary cost incurred. That leads me to re-visit the log out in the proper way.
Go back to the Console page and select the EC2 you created
Select EC2 created
In other to delete your instance, click on "Instant State"
From dropdown menu, select terminate to delete your resources.
when you click on delete from prop down menu, this prompt will appear, then click on it to terminate the instance.
Now the instance is deleted.
To confirm your deletion is effected, click on refresh
EC2 deleted

Provide storage for a new company app

okunola babatunde — Tue, 24 Feb 2026 18:53:33 +0000

When building a new application in today’s cloud-driven world, storage is no longer just about saving data — it’s about protecting it.
The company which designs and develops a new app, its utmost goal is clear: create a storage environment that is secure, controlled, and built with best practices from day one. Developers want storage access to happen only through secure access keys and managed identities. This eliminates risky, anonymous access and ensures that every request to the storage layer is traceable and authenticated.

Beyond authentication, the team plans to implement Role-Based Access Control (RBAC). In simple terms, this means giving the right people and services the right level of access — nothing more, nothing less. Developers get what they need to build, operations teams get what they need to manage, and no one has unnecessary permissions. This “least privilege” approach reduces security risks while improving governance and accountability.

To support testing and validation, the company also requires protected immutable storage. This ensures that critical test data cannot be altered or deleted — even accidentally. Whether it’s for compliance validation, audit preparation, or resilience testing, immutability adds an extra layer of confidence that data integrity is preserved.

This isn’t just about infrastructure. It’s about building a secure-by-design application architecture — one that prioritizes identity, governance, and data protection from the very beginning.
Because in today’s cloud environment, security is not an add-on. It’s the foundation.

Here in this article, I have clearly highlighted and anotated this with the series of screenshots to facilitate the ease of understanding these step-by-step guides you need to follow to achieve this as a young cloud engineer who is trying to understand the basis of cloud infrastructure e.g. storage and many more.

Create the storage account and managed identity

Provide a storage account for the web app.

In the portal, search for and select Storage accounts.
Select + Create.
For Resource group select Create new. Give your resource group a name and select OK to save your changes.
Provide a Storage account name.
Move to the Encryption tab.
Check the box for Enable infrastructure encryption.
Notice the warning, This option cannot be changed after this storage account is created.
Select Review + Create.
Wait for the resource to deploy.

Provide a managed identity for the web app to use.

Search for and select Managed identities
Select Create.
Select your resource group.
Give your managed identity a name.
Select Review and create, and then Create.

2. Assign the correct permissions to the managed identity. The identity only needs to read and list containers and blobs.

Search for and select your storage account.
Select the Access Control (IAM) blade.
Select Add role assignment (center of the page).
In the Job functions roles page, search for and select the Storage Blob Data Reader role.
On the Members page, select Managed identity.
Select Select members, in the Managed identity drop-down select User-assigned managed identity
Select the managed identity you created in the previous step.
Click Select and then Review + assign the role.
Select Review + assign a second time to add the role assignment.
Your storage account can now be accessed by a managed identity with the Storage Data Blob Reader permissions. With this type of permission, you can only access the contents of your storage but but you wont be able to change or edit the contents.

Secure access to the storage account with a key vault and key

To create the key vault and key needed for this part of the lab, your user account must have Key Vault Administrator permissions

In the portal, search for and select Resource groups.
Select your resource group, and then the Access Control (IAM) blade.
Select Add role assignment (center of the page).
On the Job functions roles page, search for and select the Key Vault Administrator role.
On the Members page, select User, group, or service principal.
Select Select members.
Search for and select your user account. Your user account is shown in the top right of the portal.
Click Select and then Review + assign.
Select Review + assign a second time to add the role assignment.
You are now ready to continue with the lab.

2. Create a key vault to store the access keys.

In the portal, search for and select Key vaults.
Select Create.
Select your resource group.
Provide the name for the key vault. The name must be unique.
Ensure on the Access configuration tab that Azure role-based access control (recommended) is selected.
Select Review + create.
Wait for the validation checks to complete and then select Create.
After the deployment, select Go to resource.
On the Overview blade ensure both Soft-delete and Purge protection are enabled.

3. Create a customer-managed key in the key vault.

In your key vault, in the Objects section, select the Keys blade.
Select Generate/Import and Name the key.
Take the defaults for the rest of the parameters, and Create the key.

Configure the storage account to use the customer managed key in the key vault

Before you can complete the next steps, you must assign the Key Vault Crypto Service Encryption User role to the managed identity.

In the portal, search for and select Resource groups.
Select your resource group, and then the Access Control (IAM) blade.
Select Add role assignment (center of the page)
On the Job functions roles page, search for and select the Key Vault Crypto Service Encryption User role.
On the Members page, select Managed identity.
Select select members, in the Managed identity drop-down select User-assigned managed identity.
Select your managed identity.
Click Select and then Review + assign.
Click Select and then Review + assign.

2. Configure the storage account to use the customer managed key in your key vault.

Return to your the storage account.
In the Security + networking section, select the Encryption blade.
Select Customer-managed keys.
Select a key vault and key. Select your key vault and key.
Select to confirm your choices.
Ensure the Identity type is User-assigned.
Select an identity.
Select your managed identity then select Add.
Save your changes.
If you receive an error that your identity does not have the correct permissions, wait a minute and try again.

Configure an time-based retention policy and an encryption scope.

The developers require a storage container where files can’t be modified, even by the administrator.

Navigate to your storage account.
In the Data storage section, select the Containers blade.
Create a container called hold. Take the defaults. Be sure to Create the container.
Upload a file to the container.
In the Settings section, select the Access policy blade.
In the Immutable blob storage section, select + Add policy.
For the Policy type, select time-based retention.
Set the Retention period to 5 days.
Be sure to Save your changes.
Try to delete the file in the container.
Verify you are notified failed to delete blobs due to policy.

2. The developers require an encryption scope that enables infrastructure encryption.

Navigate back to your storage account.
In the Security + networking blade, select Encryption.
In the Encryption scopes tab, select Add.
Give your encryption scope a name.
The Encryption type is Microsoft-managed key.
Set Infrastructure encryption to Enable.
Create the encryption scope.
Return to your storage account and create a new container.
Notice on the New container page, there is the Name and Public access level.
Notice in the Advanced section you can select the Encryption scope you created and apply it to all blobs in the container.

Designing Secure Shared File Storage for a Geographically Dispersed Company Using Azure Files

okunola babatunde — Mon, 23 Feb 2026 15:09:01 +0000

Create a storage account for the finance department’s shared files. Learn more about storage accounts for Azure Files deployments.

In the portal, search for and select Storage accounts.
Select + Create.
For Resource group select Create new. Give your resource group a name and select OK to save your changes.
Provide a Storage account name
Set the Performance to Premium.
Set the Premium account type to File shares.
Set the Redundancy to Zone-redundant storage.
Select Review and then Create the storage account.
Wait for the resource to deploy.
Select Go to resource.

Create and configure a file share with directory.

Create a file share for the corporate office.

In the storage account, in the Data storage section, select the File shares blade.
Select + File share and provide a Name.
Review the other options, but take the defaults.
Select Create

2. Add a directory to the file share for the finance department. For future testing, upload a file.

Select your file share and select + Add directory.
Name the new directory finance.
Select Browse and then select the finance directory.
Notice you can Add directory to further organize your file share.
Upload a file of your choosing.

Configure and test snapshots.

Select your file share.
In the Operations section, select the Snapshots blade.
Select + Add snapshot. Giving a comment is optional. Select OK.
Select your snapshot and verify your file directory and uploaded file are included.

Configure and test snapshots.

Similar to blob storage, you need to protect against accidental deletion of files. However, in case there is accidental deletion of a file, the option to recover lost files or document is to use snapshot.

Select your file share
In the Operations section, select the Snapshots blade.
Select + Add snapshot. The comment is optional. Select OK.
Select + Add snapshot. The comment is optional. Select OK.
Select your snapshot and verify your file directory and uploaded file are included.

2. Practice using snapshots to restore a file.

Return to your file share.
Browse to your file directory.
Locate your uploaded file and in the Properties pane select Delete. Select Yes to confirm the deletion.
Select the Snapshots blade and then select your snapshot.
Navigate to the file you want to restore,
Select the file and the select Restore.
Provide a Restored file name.
Verify your file directory has the restored file.

Configure restricting storage access to selected virtual

networks. When virtual network is properly configure, it could restrict a access to a provisioned resources over the internet. In a nut shell, how an access to a storage could be restricted to resources is dependent of virtual network configuration, here, i will walk you through the processes needed to achieve this.

This tasks in this section require a virtual network with subnet. In a production environment these resources would already be created.

Search for and select Virtual networks.
Select Create. Select your resource group. and give the virtual network a name.
Take the defaults for other parameters, select Review + create, and then Create.
Wait for the resource to deploy.
Select Go to resource.
In the Settings section, select the Subnets blade.
Select the default subnet
In the Service endpoints section choose Microsoft.Storage in the Services drop-down.
Do not make any other changes.
Be sure to Save your changes.

2. The storage account should only be accessed from the virtual network you just created.

Return to your files storage account.
In the Security + networking section, select the Networking blade.
Change the Public network access to Enabled from selected virtual networks and IP addresses

-In the Virtual networks section, select Add existing virtual network.

Select your virtual network and subnet, select Add.
Be sure to Save your changes.
Select the Storage browser and navigate to your file share.
Verify the message not authorized to perform this operation. However, you are not meant to connect from the virtual network.

Azure Virtual Machines

okunola babatunde — Thu, 19 Feb 2026 06:17:57 +0000

Step-by-Step Guide: Creating & Connecting to an Azure Virtual Machine

Overview:

In this guide, we will create a Virtual Machine (VM) in Microsoft Azure using a Free Trial Account with $200 in credits. Follow these easy steps to set up, configure, and connect to your Azure VM.

1.Log in to Azure Portal

Navigate to portal.azure.com.
Enter your username & password to access the dashboard.

2. "Search for "Virtual Machines"

In the Search bar, type "Virtual Machines". You can also find it by clicking the hamburger menu or selecting "Create a Resource" → "Virtual Machine".

3. Select Virtual Machine from the Search Results

Click on "Virtual Machine" from the search results.

4. Click on "Create"

Click "Create" → "Azure Virtual Machine".
Choose "Virtual Machine hosted by Azure

5. Enter Project Details

Select the appropriate Subscription.
Click "Create Resource Group" → Enter a name for it.

6. Configure Virtual Machine Details

Enter:

VM Name (e.g., Feb15VM)
Windows 10 Enterprise N, version 22H2 - x64 Gen2 free services eligibe
VM Size: Keep the default option.

7. Set Up Administrator Account

Authentication Type: Select Password.
Username: baokoncepts
Password: ****** (Change for security purposes).

8. Configure Inbound Port Rules

Select HTTP and RDP for Windows).

10. Accept Licensing Terms

Click the checkbox to accept the license agreement

11. Disable Boot Diagnostics

Click Next → Navigate to Monitoring Tab → Disable Boot Diagnostics.

12. Review & Deploy the Virtual Machine

Click "Review + Create".
Ensure validation passes.
Click "Create" to deploy.
Deployment takes 3-5 minutes.

Check VM Status
If the status is "Running", your VM is ready!
Connect to the Virtual Machine
Click "Connect" in the Azure VM blade.
Download & Open RDP File (Windows VM Only)
Click "Native RDP" → Download RDP file.
Open the RDP file on your computer.
Enter the Username & Password created earlier.
Click "Connect" to access the VM.
Complete Connection
Follow the prompts & click "Continue" when asked.
Wait for Configuration
The remote desktop will be configured in a few seconds.
Success! Start Using Your VM
You are now connected! You can start using your Azure Virtual Machine
A virtual copy was screen shoted and pasted as thus;

Provide private storage for internal company documents

okunola babatunde — Sat, 14 Feb 2026 02:11:36 +0000

Aim:

This exercise aims atdesigning and implementing a secure, centralised cloud storage solution that enables authorized employees to safely store, access, and manage internal company documents while preventing unauthorized access.

Create a storage account and configure high availability.

Create a storage account for the internal private company documents.

In the portal, search for and select Storage accounts.
Select + Create.
Select the Resource group created in the previous lab
Set the Storage account name to private.
Select Review, and then Create the storage account.
Wait for the storage account to deploy, and then select Go to resource.

2.This storage requires high availability if there’s a regional outage. Read access in the secondary region is not required. Configure the appropriate level of redundancy.

In the storage account, in the Data management section, select the Redundancy blade.
Ensure Geo-redundant storage (GRS) is selected.
Refresh the page.
Review the primary and secondary location information.
Review the primary and secondary location information.
Save your changes.

Create a storage container, upload a file, and restrict access to the file.

Create a private storage container for the corporate data.

In the storage account, in the Data storage section, select the Containers blade.
Select + Container.
Ensure the Name of the container is private.
Ensure the Public access level is Private (no anonymous access).
As you have time, review the Advanced settings, but take the defaults.
Select Create.

2. For testing, upload a file to the private container. he type of file doesn’t matter. A small image or text file is a good choice. Test to ensure the file isn’t publically accessible.

Select the container.
Select Upload.
Browse to files and select a file.
Upload the file.
Select the uploaded file.
On the Overview tab, copy the URL.
Paste the URL into a new browser tab
Verify the file doesn’t display and you receive an error.

3. An external partner requires read and write access to the file for at least the next 24 hours. Configure and test a shared access signature (SAS)

Select your uploaded blob file and move to the Generate SAS tab.
In the Permissions drop-down, ensure the partner has only Read permissions.

Verify the Start and expiry date/time is for the next 24 hours.
Select Generate SAS token and URL.
Copy the Blob SAS URL to a new browser tab.
Verify you can access the file. If you have uploaded an image file it will display in the browser. Other file types will be downloaded.

Configure storage access tiers and content replication.

To save on costs, after 30 days, move blobs from the hot tier to the cool tier

Return to the storage account.
In the Overview section, notice the Default access tier is set to Hot.
In the Data management section, select the Lifecycle management blade.
Select Add rule.
Set the Rule name to movetocool.
Set the Rule scope to Apply rule to all blobs in the storage account.
Select Next.
Ensure Last modified is selected.
Set More than (days ago) to 30.
In the Then drop-down select Move to cool storage.
As you have time, review other lifecycle options in the drop-down.
Add the rule.

2. The public website files need to be backed up to another storage account

In your storage account, create a new container called backup
Navigate to your publicwebsite storage account. This storage account was created in the previous exercise.
In the Data management section, select the Object replication blade.
Select Create replication rules.
Set the Destination storage account to the private storage account.
Set the Source container to public and the Destination container to backup.
Create the replication rule.
Optionally, as you have time, upload a file to the public container. Return to the private storage account and refresh the backup container. Within a few minutes your public website file will appear in the backup folder.
When these two files were uploaded into publicwebsite storage,it later appeared in backup when refreshed.

Provide storage for the public website

okunola babatunde — Fri, 13 Feb 2026 08:04:23 +0000

Objective:

the objective of the exercise requires us to to design and implement a secure, scalable, and reliable storage solution for public website assets, ensuring high availability and optimal performance for users worldwide.

In other to create a storage account with high availability, the follow steps are to be followed;

Step1:

Create a storage account to support the public website.

In the portal, search for and select Storage accounts
Select + Create.
For resource group select new. Give your resource group a name and select OK.
Resource group for this project known as publicwebsiterg created

select + create to create a storage account name
Select Review and then Create

Wait for the storage account to deploy, and then select Go to resource.

Step2: This storage requires high availability if there’s a regional outage. Additionally, enable read access to the secondary region

In the storage account, in the Data management section, select the Redundancy blade
Ensure Read-access Geo-redundant storage is selected.

Review the primary and secondary location information.

Step3: Information on the public website should be accessible without requiring customers to login.

In the storage account, in the Settings section, select the Configuration blade.
Ensure the Allow blob anonymous access setting is Enabled.
Be sure to Save your changes.

Create a blob storage container with anonymous read access

Step1: The public website has various images and documents. Create a blob storage container for the content. Learn more about storage containers.

In your storage account, in the Data storage section, select the Containers blade.
Select + Container.
Ensure the Name of the container is public
Select Create.

Customers should be able to view the images without being authenticated. Configure anonymous read access for the public container blobs

Select your public container
On the Overview blade, select Change access level.

-Ensure the Public access level is Blob (anonymous read access for blobs only)

Select OK.

Practice uploading files and testing access.

For testing, upload a file to the public container. The type of file doesn’t matter. A small image or text file is a good choice.

Ensure you are viewing your container.
Select Upload
Browse to files and select a file. Browse to a file of your choice.
Select Upload.
Close the upload window, Refresh the page and ensure your file was uploaded.

Determine the URL for your uploaded file. Open a browser and test the URL

Select your uploaded file.
On the Overview tab, copy the URL.
Paste the URL into a new browser tab.
If you have uploaded an image file it will display in the browser

Configure soft delete

Go to the Overview blade of the storage account.

On the Properties page, locate the Blob service section.
Select the Blob soft delete setting.
Ensure the Enable soft delete for blobs is checked.
Change the Keep deleted blobs for (in days) setting to 21
Notice you can also Enable soft delete for containers.
Don’t forget to Save your changes.

2. If something gets deleted, you need to practice using soft delete to restore the files.

Navigate to your container where you uploaded a file.
Select the file you uploaded and then select Delete.
Select OK to confirm deleting the file.

Refresh the container and confirm the file has been restored.
On the container Overview page, toggle the slider Show deleted blobs. This toggle is to the right of the search box.
Select your deleted file, and use the ellipses on the far right, to Undelete the file.
Refresh the container and confirm the file has been restored.

**Configure blob versioning

It’s important to keep track of the different website product document versions

Go to the Overview blade of the storage account.
In the Properties section, locate the Blob service section.
Select the Versioning setting.
Ensure the Enable versioning for blobs checkbox is checked.
Notice your options to keep all versions or delete versions after.
Don’t forget to Save your changes.

As you have time experiment with restoring previous blob versions.

Upload another version of your container file. This overwrites your existing file.

Your previous file version is listed on Show deleted blobs page.

DEV Community: okunola babatunde

Manage tags and locks

Add tags to a virtual machine

Conclusion

Control storage access

Create a storage container

Upload a file to the storage container

Conclusion:

Manage virtual machines

Move the virtual machine network to the new subnet

Vertically scale the virtual machine

Attach data disks to a virtual machine

Configure automatic shutdown on a virtual machine

Conclusion:

Update the virtual network

Create a new subnet on an existing virtual network (vNet)

Create a network security group

Create an inbound security rule

Associate a network security group to a subnet

Hands-On Azure Infrastructure Setup: My Learning Journey

Note:

Create a virtual network with one subnet

Create a virtual machine

Create a Storage account

Hands-On Azure Cloud Engineering: Managing Networks, Virtual Machines, Storage Blobs, and Resource Governance

Preparing the Azure Environment

Supporting an Azure Administrator

Managing the Virtual Machine

Working with Azure Storage Services

Protecting and Organising Resources with Tags and Locks

Create a resource group

Note:

Create a virtual network with one subnet

Create a virtual machine

Create a Storage account

Create a new subnet on an existing virtual network (vNet)

Create a network security group

Create an inbound security rule

Associate a network security group to a subnet

Vertically scale the virtual machine

Attach data disks to a virtual machine

Configure automatic shutdown on a virtual machine

Create a storage container

Upload a file to the storage container

Architecting Compute Infrastructure Using Amazon EC2

Provide storage for a new company app

Create the storage account and managed identity

2. Assign the correct permissions to the managed identity. The identity only needs to read and list containers and blobs.

Secure access to the storage account with a key vault and key

2. Create a key vault to store the access keys.

3. Create a customer-managed key in the key vault.

Configure the storage account to use the customer managed key in the key vault

2. Configure the storage account to use the customer managed key in your key vault.

Configure an time-based retention policy and an encryption scope.

2. The developers require an encryption scope that enables infrastructure encryption.

Designing Secure Shared File Storage for a Geographically Dispersed Company Using Azure Files

Create and configure a file share with directory.

2. Add a directory to the file share for the finance department. For future testing, upload a file.

Configure and test snapshots.

Configure and test snapshots.

2. Practice using snapshots to restore a file.

Configure restricting storage access to selected virtual

2. The storage account should only be accessed from the virtual network you just created.

Azure Virtual Machines

Step-by-Step Guide: Creating & Connecting to an Azure Virtual Machine

Overview:

1.Log in to Azure Portal

2. "Search for "Virtual Machines"

3. Select Virtual Machine from the Search Results

4. Click on "Create"

5. Enter Project Details

6. Configure Virtual Machine Details

Enter:

7. Set Up Administrator Account

8. Configure Inbound Port Rules

10. Accept Licensing Terms

11. Disable Boot Diagnostics

12. Review & Deploy the Virtual Machine

Provide private storage for internal company documents

Aim: