Once the Azure Storage account is created, we can use different options to manage it. Some of the options are similar to the options available to other Azure resources, so let's focus on the Azure Storage account unique options.
The first option under Settings is Access keys. Access keys are used to authenticate access to your Azure Storage account. They are usually used to enable access from applications, so you can find connection strings here along with access keys. There are two access keys available, and you can regenerate them if you think the original keys have been stolen or compromised.
Cross-origin resource sharing (CORS) allows you to define trusted domains. Web browsers implement security restrictions that prevent applications from calling APIs in a different domain. CORS provides ways for the original domain to securely access an API from another domain.
Configuration allows us to change some of the settings that are available when creating the Storage account. Under this option, we can upgrade storage from general purpose v1 to v2, we can change performance, and replication settings, and enable or disable secure transfer requirements.
Azure Storage is automatically encrypted and protects data at rest. Automatic encryption is done using using Microsoft Managed Keys for Azure blobs, tables, files and queues. However, the encryption option allows us to bring our own key and encrypt storage with that key instead.
Shared access signature (SAS) provides an access key that lasts a limited time. We can use this key to provide temporary access to our storage and can define how long this access is going to last. After the key expires, it can't be used again.
Under Firewall and Virtual network settings, we can change networking and access settings for our storage. We can attach storage to VNet (and subnet) or change the VNet storage it's associated with. Using firewall, we can block access to our storage to anyone who isn't coming from a trusted IP address. We can white list our on-premises IP addresses or other trusted IP addresses to allow Azure Storage access only from these addresses and to prevent anyone else from gaining access.
Properties, Locks, and Automation scripts are options available to all Azure resources.
The next set of options is related to blob service. Here we have Blobs, Custom domains, Soft delete, Azure CDN, and Azure search.
Blobs allow you to see the current list of blobs in the storage account and perform actions such as creating a new blob or deleting an existing one. Further, you can access a blob and see the list of files inside the blob and perform actions on files such as download or delete.
Custom domain allows you to use a custom domain with your storage account. Instead of using the provided DNS, you can set up CNAME on your custom domain and point it to your storage to start using the custom domain.
Soft delete allows you to set up a retention policy for your storage. If enabled, the default retention policy is seven days but this can be change to up to 365 days. Soft delete will give you ability to recover any deleted blobs. This extends to blobs that are deleted as result of overwrite, so you can recover deleted blobs or older versions of blobs.
Azure CDN and Azure search are options to link these Azure services to your storage account. Azure CDN is used to cache storage content in order to increase performance and minimize latency. Azure search is a fully managed cloud search service that provides a better user experience.
The following options allow us to manage the file service, table service, and queue service. For each of these services, we can see a list of existing file services in the storage account and we can perform different operations such as Delete existing service, Create a new one or Set up access policies.