Module 2
Beginner to Intermediate
AZ-104
AZ-900
20 min read
Azure Storage
Azure Storage is Microsoft's cloud storage solution — massively scalable, highly available, and incredibly durable. Learn everything about the four storage types, how to create a storage account, secure your data, manage costs, and use storage effectively in real world scenarios.
What you'll learn: What Azure Storage is · Storage account types · Blob, File, Queue & Table storage · Creating a storage account · Access tiers · Redundancy options · Security & access control · Pricing · Real world use cases · Best practices · AZ-104 exam tips
In this tutorial
What is Azure Storage?
Storage account types
The 4 Azure Storage services
Creating a storage account
Blob storage access tiers
Redundancy options
Security and access control
Azure Storage pricing
Real world use cases
Best practices
AZ-104 exam tips
What is Azure Storage?
Azure Storage is Microsoft's cloud-based storage service that lets you store virtually any type of data — files, images, videos, logs, database backups, application data, and more — in a secure, scalable, and highly available environment.
Think of Azure Storage like a massive, intelligent hard drive in the cloud — except it never runs out of space, never fails, is accessible from anywhere in the world, and costs a fraction of traditional storage solutions.
Azure Storage is built on three core principles:
1
Durable & Highly Available — Azure Storage automatically replicates your data multiple times across different hardware and locations. Even if hardware fails, your data is safe and accessible.
2
Secure — All data is encrypted at rest and in transit by default. You control who can access your data using keys, shared access signatures, and role-based access control.
3
Massively Scalable — Azure Storage can handle exabytes of data. Whether you store 1 MB or 1 petabyte, the service scales automatically without any configuration.
Storage account types
Before creating storage, you choose a storage account type. This determines what storage services are available and at what performance level.
1
Standard general-purpose v2 (recommended) — The most commonly used account type. Supports all four storage services (Blob, File, Queue, Table). Best for most scenarios including web apps, backups, and archives. Uses HDD-based storage.
2
Premium block blobs — SSD-based storage for block blobs. Best for high-transaction workloads, AI/ML applications, and scenarios requiring low latency like interactive applications.
3
Premium file shares — SSD-based storage for Azure Files only. Best for enterprise file shares, high-performance computing, and database scenarios requiring fast file I/O.
4
Premium page blobs — SSD-based storage for page blobs only. Best for Azure Virtual Machine disks and scenarios requiring random read/write operations.
💡 Which one to choose? For 90% of use cases — choose Standard general-purpose v2. It's the most flexible, supports all storage types, and is the most cost-effective option.
The 4 Azure Storage services
Inside a storage account, Azure offers four distinct storage services — each designed for a different type of data and use case.
1
Azure Blob Storage — Object storage for unstructured data
Blob stands for Binary Large Object. Blob storage is designed for storing massive amounts of unstructured data — files that don't follow a specific data model or definition.
What you store here: Images, videos, audio files, documents, backups, log files, static website content, ML training data
Blob types:
• Block blobs — Most common. Used for text and binary files like images and videos
• Append blobs — Optimised for append operations. Perfect for log files
• Page blobs — Used for random read/write operations. Used by Azure VM disks
Real world example: Netflix stores video content in blob storage. Instagram stores photos in blob storage.
Blob stands for Binary Large Object. Blob storage is designed for storing massive amounts of unstructured data — files that don't follow a specific data model or definition.
What you store here: Images, videos, audio files, documents, backups, log files, static website content, ML training data
Blob types:
• Block blobs — Most common. Used for text and binary files like images and videos
• Append blobs — Optimised for append operations. Perfect for log files
• Page blobs — Used for random read/write operations. Used by Azure VM disks
Real world example: Netflix stores video content in blob storage. Instagram stores photos in blob storage.
2
Azure Files — Fully managed cloud file shares
Azure Files provides fully managed file shares in the cloud that are accessible using the industry-standard SMB (Server Message Block) and NFS (Network File System) protocols.
What you store here: Shared configuration files, application data that needs to be accessed by multiple VMs, migration of on-premises file servers
Key benefit: Mount Azure file shares on Windows, Linux, and macOS — just like a network drive. Your applications don't even know the storage is in the cloud!
Real world example: A company with 100 employees replaces their on-premises file server with Azure Files — employees access it just like before but it's now in the cloud.
Azure Files provides fully managed file shares in the cloud that are accessible using the industry-standard SMB (Server Message Block) and NFS (Network File System) protocols.
What you store here: Shared configuration files, application data that needs to be accessed by multiple VMs, migration of on-premises file servers
Key benefit: Mount Azure file shares on Windows, Linux, and macOS — just like a network drive. Your applications don't even know the storage is in the cloud!
Real world example: A company with 100 employees replaces their on-premises file server with Azure Files — employees access it just like before but it's now in the cloud.
3
Azure Queue Storage — Message queuing for distributed applications
Queue storage provides reliable messaging between application components. It stores large numbers of messages that can be accessed from anywhere via HTTP or HTTPS.
What you store here: Messages between application components, work items for background processing, task queues
Key benefit: Decouples application components so they can scale independently. If one part of your app is overwhelmed, messages queue up and are processed when the component recovers.
Real world example: An e-commerce site receives 10,000 orders per minute during a sale. Orders go into a queue and are processed one by one — no orders are lost even if the backend is slow.
Queue storage provides reliable messaging between application components. It stores large numbers of messages that can be accessed from anywhere via HTTP or HTTPS.
What you store here: Messages between application components, work items for background processing, task queues
Key benefit: Decouples application components so they can scale independently. If one part of your app is overwhelmed, messages queue up and are processed when the component recovers.
Real world example: An e-commerce site receives 10,000 orders per minute during a sale. Orders go into a queue and are processed one by one — no orders are lost even if the backend is slow.
4
Azure Table Storage — NoSQL key-value store
Table storage is a NoSQL datastore for storing structured, non-relational data. It's simple, fast, and extremely cost-effective for large amounts of structured data.
What you store here: User data, device information, metadata, application configuration data, IoT telemetry data
Key benefit: Incredibly cheap storage for structured data that doesn't need complex relationships. Great for IoT scenarios where you're storing millions of small records.
Note: For more advanced NoSQL needs, consider Azure Cosmos DB which we cover in a later tutorial.
Table storage is a NoSQL datastore for storing structured, non-relational data. It's simple, fast, and extremely cost-effective for large amounts of structured data.
What you store here: User data, device information, metadata, application configuration data, IoT telemetry data
Key benefit: Incredibly cheap storage for structured data that doesn't need complex relationships. Great for IoT scenarios where you're storing millions of small records.
Note: For more advanced NoSQL needs, consider Azure Cosmos DB which we cover in a later tutorial.
Creating a storage account
1
Go to portal.azure.com → Search for "Storage accounts" → Click "+ Create"
2
Basics tab:
• Subscription: Your subscription
• Resource Group:
• Storage account name:
• Region: Central India
• Performance: Standard
• Redundancy: Locally Redundant Storage (LRS) for learning
• Subscription: Your subscription
• Resource Group:
rkc-storage-rg (create new)• Storage account name:
rkcstorageaccount (must be globally unique, 3-24 chars, lowercase only)• Region: Central India
• Performance: Standard
• Redundancy: Locally Redundant Storage (LRS) for learning
3
Advanced tab:
• Require secure transfer: ✅ Enabled (always keep this on)
• Enable blob public access: Disabled (keep data private by default)
• Minimum TLS version: TLS 1.2
• Require secure transfer: ✅ Enabled (always keep this on)
• Enable blob public access: Disabled (keep data private by default)
• Minimum TLS version: TLS 1.2
4
Networking tab:
• For learning: Public endpoint (all networks)
• For production: Restrict to specific virtual networks
• For learning: Public endpoint (all networks)
• For production: Restrict to specific virtual networks
5
Click "Review + Create" → "Create"
Deployment takes about 30 seconds — much faster than VMs!
Deployment takes about 30 seconds — much faster than VMs!
6
Upload your first blob:
• Click "Go to resource"
• Click "Containers" on the left → "+ Container"
• Name it
• Click into the container → "Upload"
• Upload any file from your computer — it's now stored in Azure! 🎉
• Click "Go to resource"
• Click "Containers" on the left → "+ Container"
• Name it
my-first-container → Create• Click into the container → "Upload"
• Upload any file from your computer — it's now stored in Azure! 🎉
Azure CLI — Create storage account and upload a blob
# Create a storage account
az storage account create \
--name rkcstorageaccount \
--resource-group rkc-storage-rg \
--location centralindia \
--sku Standard_LRS
# Create a container
az storage container create \
--name my-first-container \
--account-name rkcstorageaccount
# Upload a file to blob storage
az storage blob upload \
--container-name my-first-container \
--name myfile.txt \
--file ./myfile.txt \
--account-name rkcstorageaccount
az storage account create \
--name rkcstorageaccount \
--resource-group rkc-storage-rg \
--location centralindia \
--sku Standard_LRS
# Create a container
az storage container create \
--name my-first-container \
--account-name rkcstorageaccount
# Upload a file to blob storage
az storage blob upload \
--container-name my-first-container \
--name myfile.txt \
--file ./myfile.txt \
--account-name rkcstorageaccount
Blob storage access tiers
Azure Blob Storage offers three access tiers that let you balance storage cost against access frequency. The less frequently you access data, the cheaper the storage — but the more you pay to retrieve it.
1
Hot tier — For data accessed frequently. Highest storage cost, lowest access cost. Best for active data like website images, app data, and files in regular use.
Example: Profile pictures on a social media app
Example: Profile pictures on a social media app
2
Cool tier — For data accessed infrequently (at least 30 days). Lower storage cost, higher access cost. Best for short-term backup and disaster recovery data.
Example: Monthly financial reports, infrequently accessed logs
Example: Monthly financial reports, infrequently accessed logs
3
Cold tier — For data accessed rarely (at least 90 days). Even lower storage cost than Cool. Best for long-term backup data that occasionally needs to be retrieved.
Example: Quarterly compliance reports, old project archives
Example: Quarterly compliance reports, old project archives
4
Archive tier — For data almost never accessed (at least 180 days). Lowest storage cost but highest retrieval cost and time. Data is stored offline and takes hours to retrieve.
Example: 7-year tax records, old security camera footage kept for compliance
Example: 7-year tax records, old security camera footage kept for compliance
⚠️ Important: You can set access tiers at the storage account level or at the individual blob level. Lifecycle management policies can automatically move blobs between tiers based on age — saving significant cost!
Redundancy options
Azure Storage automatically replicates your data to protect against hardware failures. You choose how many copies and where they're stored:
1
LRS — Locally Redundant Storage
3 copies of data within a single datacenter in the primary region. Protects against server rack and drive failures. Cheapest option.
Best for: Learning, dev/test, data that can be easily recreated
3 copies of data within a single datacenter in the primary region. Protects against server rack and drive failures. Cheapest option.
Best for: Learning, dev/test, data that can be easily recreated
2
ZRS — Zone Redundant Storage
3 copies across 3 Availability Zones in the primary region. Protects against datacenter-level failures.
Best for: High availability applications, production workloads
3 copies across 3 Availability Zones in the primary region. Protects against datacenter-level failures.
Best for: High availability applications, production workloads
3
GRS — Geo Redundant Storage
6 copies — 3 in primary region (LRS) + 3 in a secondary region hundreds of miles away. Protects against regional disasters.
Best for: Business-critical data that must survive regional outages
6 copies — 3 in primary region (LRS) + 3 in a secondary region hundreds of miles away. Protects against regional disasters.
Best for: Business-critical data that must survive regional outages
4
GZRS — Geo Zone Redundant Storage
The most durable option — combines ZRS in the primary region with GRS replication to a secondary region. 99.99999999999999% (16 nines) durability.
Best for: Mission-critical enterprise data
The most durable option — combines ZRS in the primary region with GRS replication to a secondary region. 99.99999999999999% (16 nines) durability.
Best for: Mission-critical enterprise data
Security and access control
1
Storage Account Keys — Two 512-bit keys that provide full admin access to the storage account. Treat these like passwords — never share them or commit them to code repositories. Rotate them regularly.
2
Shared Access Signatures (SAS) — Time-limited, permission-scoped tokens that grant limited access to storage resources. Best way to share access with external users or applications without giving full account access.
Example: Generate a SAS URL that lets a client download a specific file for the next 24 hours only.
Example: Generate a SAS URL that lets a client download a specific file for the next 24 hours only.
3
Azure Active Directory (Entra ID) — Use Azure RBAC to grant users and applications access to storage resources. The most secure and recommended approach for internal access.
4
Encryption — All data in Azure Storage is automatically encrypted at rest using 256-bit AES encryption. Data is also encrypted in transit using HTTPS. You can use Microsoft-managed keys or bring your own keys (BYOK).
Azure Storage pricing
Azure Storage pricing is based on how much data you store, how often you access it, and what redundancy option you choose. Here's a simplified overview for Central India region:
Azure Blob Storage pricing (Central India — approximate):
Hot tier → ~$0.018 per GB/month
Cool tier → ~$0.01 per GB/month
Cold tier → ~$0.004 per GB/month
Archive tier→ ~$0.001 per GB/month
Redundancy cost comparison (per GB/month):
LRS → Cheapest
ZRS → ~25% more than LRS
GRS → ~2x the cost of LRS
GZRS → Most expensive
Hot tier → ~$0.018 per GB/month
Cool tier → ~$0.01 per GB/month
Cold tier → ~$0.004 per GB/month
Archive tier→ ~$0.001 per GB/month
Redundancy cost comparison (per GB/month):
LRS → Cheapest
ZRS → ~25% more than LRS
GRS → ~2x the cost of LRS
GZRS → Most expensive
Real world use cases
1
Static website hosting — Host static websites directly from Blob storage. Extremely cheap and globally fast using Azure CDN. This is actually how simple websites like documentation sites are often hosted.
2
Media storage & streaming — Store images, videos, and audio files in Blob storage and serve them to users worldwide. Used by media companies, e-commerce sites for product images, and social platforms.
3
Backup & disaster recovery — Store VM backups, database backups, and application backups in cool or archive tier for cost-effective long-term retention.
4
Big data & analytics — Store large datasets for processing with Azure Synapse Analytics, Azure Databricks, or HDInsight. Azure Data Lake Storage Gen2 is built on top of Blob storage.
5
Application logging — Store application logs in Append blobs — perfectly designed for log files since you only add to the end, never modify existing data.
Best practices
1
Never expose storage account keys in code — Use Azure Key Vault to store keys or use Managed Identities instead of keys entirely.
2
Enable soft delete — Soft delete protects blobs and containers from accidental deletion by retaining deleted data for a configurable period (1–365 days).
3
Use lifecycle management policies — Automatically move blobs from Hot → Cool → Archive as they age, saving significant storage costs without manual intervention.
4
Enable versioning — Blob versioning automatically maintains previous versions of blobs. If data is accidentally overwritten or deleted, you can restore the previous version.
5
Use private endpoints for production — Instead of accessing storage over the public internet, use private endpoints to route traffic through your Azure Virtual Network for maximum security.
AZ-104 exam tips
✅ Know the 4 storage services — Blob, Files, Queue, Table and their use cases
✅ Understand the 4 access tiers — Hot, Cool, Cold, Archive and minimum retention days
✅ Know redundancy options — LRS, ZRS, GRS, GZRS and what each protects against
✅ Understand SAS tokens — time-limited, permission-scoped access
✅ Remember storage account names must be globally unique, 3-24 chars, lowercase only
✅ Know that Archive tier data takes hours to retrieve (rehydration)
✅ Understand blob types — Block blobs, Append blobs, Page blobs
✅ Remember all Azure Storage data is encrypted at rest by default
✅ Understand the 4 access tiers — Hot, Cool, Cold, Archive and minimum retention days
✅ Know redundancy options — LRS, ZRS, GRS, GZRS and what each protects against
✅ Understand SAS tokens — time-limited, permission-scoped access
✅ Remember storage account names must be globally unique, 3-24 chars, lowercase only
✅ Know that Archive tier data takes hours to retrieve (rehydration)
✅ Understand blob types — Block blobs, Append blobs, Page blobs
✅ Remember all Azure Storage data is encrypted at rest by default