AZ-104 Objective 2.3: Configure Azure Files and Azure Blob Storage

September 14, 2025•30 min read•Microsoft Azure Administrator

AZ-104 Exam Focus: This objective covers the detailed configuration and management of Azure Files and Azure Blob Storage services. Understanding file shares, blob containers, storage tiers, soft delete, snapshots, lifecycle management, and versioning is crucial for Azure administrators. Master these concepts for both exam success and real-world Azure storage management.

Understanding Azure Files and Blob Storage

Azure Files and Azure Blob Storage are two distinct storage services in Azure, each designed for specific use cases. Azure Files provides managed file shares accessible via SMB and NFS protocols, while Azure Blob Storage is optimized for storing massive amounts of unstructured data. These services are built on top of Azure Storage accounts and require proper access configuration for security.

Service Comparison:

Azure Files: Managed file shares, SMB/NFS protocols, hierarchical structure
Azure Blob Storage: Object storage, REST API access, flat namespace
Use Cases: Files for shared storage, Blobs for applications and backup
Access Methods: Files via network drives, Blobs via HTTP/HTTPS
Performance: Files for random access, Blobs for sequential access

Create and Configure a File Share in Azure Storage

Understanding Azure Files

Azure Files provides fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol and Network File System (NFS) protocol.

File Share Types

Standard File Shares:

Performance: Standard performance tier
Protocols: SMB 2.1, SMB 3.0, NFS 4.1
Size: Up to 100 TiB per share
IOPS: Up to 10,000 IOPS per share
Use Case: General-purpose file sharing

Premium File Shares:

Performance: Premium performance tier
Protocols: SMB 2.1, SMB 3.0, NFS 4.1
Size: Up to 100 TiB per share
IOPS: Up to 100,000 IOPS per share
Use Case: High-performance workloads

Creating File Shares

Azure Portal Method

Step-by-Step Process:

Navigate to Storage Account: Go to Azure Portal → Storage accounts → Select account
Access File Shares: Click "File shares" in the left navigation
Create File Share: Click "File share" to create new share
Configure Share:
- Name: Enter share name (3-63 characters, lowercase)
- Quota: Set maximum size (1 GiB to 100 TiB)
- Access Tier: Transaction optimized, Hot, Cool
Create Share: Click "Create" to create the file share

PowerShell Method

File Share Creation Commands:

# Get storage account context
$storageAccount = Get-AzStorageAccount -ResourceGroupName "MyRG" -Name "mystorageaccount"
$context = $storageAccount.Context

# Create standard file share
$shareName = "myfileshare"
New-AzStorageShare -Context $context -Name $shareName -QuotaGiB 100

# Create premium file share (requires premium storage account)
$premiumShareName = "mypremiumshare"
New-AzStorageShare -Context $context -Name $premiumShareName -QuotaGiB 100

# Get file share properties
Get-AzStorageShare -Context $context -Name $shareName

# Update file share quota
Set-AzStorageShare -Context $context -Name $shareName -QuotaGiB 200

# Get file share statistics
Get-AzStorageShare -Context $context -Name $shareName | Get-AzStorageShareStats

# List all file shares
Get-AzStorageShare -Context $context

# Remove file share
Remove-AzStorageShare -Context $context -Name $shareName -Force

Azure CLI Method

Azure CLI Commands:

# Create file share
az storage share create --name myfileshare --account-name mystorageaccount --quota 100

# Create premium file share
az storage share create --name mypremiumshare --account-name mystorageaccount --quota 100

# Get file share properties
az storage share show --name myfileshare --account-name mystorageaccount

# Update file share quota
az storage share update --name myfileshare --account-name mystorageaccount --quota 200

# List all file shares
az storage share list --account-name mystorageaccount

# Get file share statistics
az storage share stats --name myfileshare --account-name mystorageaccount

# Delete file share
az storage share delete --name myfileshare --account-name mystorageaccount --yes

File Share Configuration

Access Protocols

SMB Configuration:

SMB Versions: SMB 2.1, SMB 3.0, SMB 3.1.1
Authentication: Azure AD, AD DS, Storage account keys
Encryption: SMB 3.0+ encryption in transit
Permissions: NTFS permissions and Azure RBAC

NFS Configuration:

NFS Version: NFS 4.1
Authentication: IP-based access control
Permissions: POSIX permissions
Use Case: Linux workloads and containers

Create and Configure a Container in Blob Storage

Understanding Blob Containers

Blob containers are similar to directories in a file system, providing a way to organize a set of blobs. All blobs must be in a container, and containers provide a level of access control.

Container Properties

Container Configuration:

Name: 3-63 characters, lowercase letters, numbers, hyphens
Access Level: Private, Blob, Container
Lease State: Available, Leased, Expired, Breaking, Broken
Metadata: Custom key-value pairs
Immutability: Legal hold and time-based retention

Creating Blob Containers

Azure Portal Method

Step-by-Step Process:

Navigate to Storage Account: Go to Azure Portal → Storage accounts → Select account
Access Containers: Click "Containers" in the left navigation
Create Container: Click "Container" to create new container
Configure Container:
- Name: Enter container name
- Public Access Level: Private, Blob, Container
- Version Level Immutability: Enable if needed
Create Container: Click "Create" to create the container

PowerShell Method

Container Creation Commands:

# Get storage account context
$storageAccount = Get-AzStorageAccount -ResourceGroupName "MyRG" -Name "mystorageaccount"
$context = $storageAccount.Context

# Create private container
$containerName = "mycontainer"
New-AzStorageContainer -Context $context -Name $containerName -Permission Off

# Create container with blob-level public access
New-AzStorageContainer -Context $context -Name "publicblobs" -Permission Blob

# Create container with container-level public access
New-AzStorageContainer -Context $context -Name "publiccontainer" -Permission Container

# Get container properties
Get-AzStorageContainer -Context $context -Name $containerName

# Set container metadata
$metadata = @{
    "Project" = "MyProject"
    "Environment" = "Production"
    "Owner" = "IT Team"
}
Set-AzStorageContainerMetadata -Context $context -Name $containerName -Metadata $metadata

# Get container metadata
Get-AzStorageContainerMetadata -Context $context -Name $containerName

# List all containers
Get-AzStorageContainer -Context $context

# Remove container
Remove-AzStorageContainer -Context $context -Name $containerName -Force

Azure CLI Method

Azure CLI Commands:

# Create private container
az storage container create --name mycontainer --account-name mystorageaccount

# Create container with blob-level public access
az storage container create --name publicblobs --account-name mystorageaccount --public-access blob

# Create container with container-level public access
az storage container create --name publiccontainer --account-name mystorageaccount --public-access container

# Get container properties
az storage container show --name mycontainer --account-name mystorageaccount

# Set container metadata
az storage container metadata update --name mycontainer --account-name mystorageaccount --metadata "Project=MyProject" "Environment=Production" "Owner=IT Team"

# Get container metadata
az storage container metadata show --name mycontainer --account-name mystorageaccount

# List all containers
az storage container list --account-name mystorageaccount

# Delete container
az storage container delete --name mycontainer --account-name mystorageaccount --yes

Configure Storage Tiers

Understanding Storage Tiers

Azure Storage offers different access tiers that allow you to store blob data in the most cost-effective manner based on how frequently the data is accessed.

Access Tiers

Hot Access Tier:

Use Case: Frequently accessed data
Storage Cost: Higher storage cost
Access Cost: Lower access cost
Availability: 99.9% availability
Latency: Lowest latency

Cool Access Tier:

Use Case: Infrequently accessed data
Storage Cost: Lower storage cost
Access Cost: Higher access cost
Availability: 99% availability
Latency: Higher latency

Archive Access Tier:

Use Case: Long-term retention, rarely accessed
Storage Cost: Lowest storage cost
Access Cost: Highest access cost
Availability: 99% availability
Latency: Highest latency (hours to days)

Configuring Storage Tiers

PowerShell Method

Storage Tier Configuration:

# Set default access tier for storage account
$storageAccount = Get-AzStorageAccount -ResourceGroupName "MyRG" -Name "mystorageaccount"
$storageAccount | Set-AzStorageAccount -AccessTier "Cool"

# Set access tier for individual blob
$blobName = "myblob.txt"
$containerName = "mycontainer"
Set-AzStorageBlobTier -Context $storageAccount.Context -Container $containerName -Blob $blobName -Tier "Archive"

# Set access tier for multiple blobs
Get-AzStorageBlob -Context $storageAccount.Context -Container $containerName | Set-AzStorageBlobTier -Tier "Cool"

# Get blob access tier
Get-AzStorageBlob -Context $storageAccount.Context -Container $containerName -Blob $blobName | Select-Object AccessTier, AccessTierInferred

# Rehydrate blob from Archive tier
Set-AzStorageBlobTier -Context $storageAccount.Context -Container $containerName -Blob $blobName -Tier "Hot" -RehydratePriority "Standard"

Azure CLI Method

Azure CLI Commands:

# Set default access tier for storage account
az storage account update --name mystorageaccount --resource-group MyRG --access-tier Cool

# Set access tier for individual blob
az storage blob set-tier --container-name mycontainer --name myblob.txt --account-name mystorageaccount --tier Archive

# Set access tier for multiple blobs
az storage blob list --container-name mycontainer --account-name mystorageaccount --query "[].name" -o tsv | xargs -I {} az storage blob set-tier --container-name mycontainer --name {} --account-name mystorageaccount --tier Cool

# Get blob access tier
az storage blob show --container-name mycontainer --name myblob.txt --account-name mystorageaccount --query "properties.accessTier"

# Rehydrate blob from Archive tier
az storage blob set-tier --container-name mycontainer --name myblob.txt --account-name mystorageaccount --tier Hot --rehydrate-priority Standard

Configure Soft Delete for Blobs and Containers

Understanding Soft Delete

Soft delete for blobs and containers protects your data from accidental deletion or overwrites. When soft delete is enabled, deleted blobs and containers are retained for a specified period and can be recovered.

Soft Delete Benefits

Key Benefits:

Data Protection: Prevents accidental data loss
Recovery: Restore deleted blobs and containers
Compliance: Meet data retention requirements
Audit Trail: Track deletion activities
Cost Effective: Pay only for retained data

Configuring Soft Delete

Azure Portal Method

Step-by-Step Process:

Navigate to Storage Account: Go to Azure Portal → Storage accounts → Select account
Access Data Protection: Click "Data protection" in the left navigation
Enable Soft Delete: Toggle "Enable soft delete for blobs"
Configure Settings:
- Retention Period: 1-365 days (default 7 days)
- Enable Soft Delete for Containers: Toggle if needed
- Container Retention Period: 1-365 days
Save Configuration: Click "Save" to apply settings

PowerShell Method

Soft Delete Configuration:

# Enable soft delete for blobs
$storageAccount = Get-AzStorageAccount -ResourceGroupName "MyRG" -Name "mystorageaccount"
$storageAccount | Set-AzStorageAccount -EnableBlobSoftDelete $true -BlobSoftDeleteRetentionDays 30

# Enable soft delete for containers
$storageAccount | Set-AzStorageAccount -EnableContainerSoftDelete $true -ContainerSoftDeleteRetentionDays 30

# Get soft delete configuration
$storageAccount.BlobSoftDeleteRetentionDays
$storageAccount.ContainerSoftDeleteRetentionDays

# List soft deleted blobs
Get-AzStorageBlob -Context $storageAccount.Context -Container "mycontainer" -IncludeDeleted

# Restore soft deleted blob
Restore-AzStorageBlob -Context $storageAccount.Context -Container "mycontainer" -Blob "myblob.txt"

# List soft deleted containers
Get-AzStorageContainer -Context $storageAccount.Context -IncludeDeleted

# Restore soft deleted container
Restore-AzStorageContainer -Context $storageAccount.Context -Name "mycontainer"

Configure Snapshots and Soft Delete for Azure Files

Understanding File Share Snapshots

File share snapshots provide point-in-time backups of your Azure file shares. They capture the state of the file share at a specific moment and can be used for data recovery and backup purposes.

Snapshot Benefits

Key Benefits:

Point-in-Time Recovery: Restore files to specific moments
Backup Solution: Cost-effective backup mechanism
Data Protection: Protection against accidental changes
Compliance: Meet regulatory backup requirements
Version Control: Maintain file versions

Configuring File Share Snapshots

PowerShell Method

Snapshot Management:

# Get storage account context
$storageAccount = Get-AzStorageAccount -ResourceGroupName "MyRG" -Name "mystorageaccount"
$context = $storageAccount.Context

# Create file share snapshot
$shareName = "myfileshare"
$snapshot = New-AzStorageShareSnapshot -Context $context -Name $shareName

# List all snapshots for a share
Get-AzStorageShareSnapshot -Context $context -Name $shareName

# Get snapshot properties
Get-AzStorageShareSnapshot -Context $context -Name $shareName -SnapshotTime $snapshot.SnapshotTime

# List files in snapshot
Get-AzStorageFile -Context $context -ShareName $shareName -SnapshotTime $snapshot.SnapshotTime

# Copy file from snapshot
$sourceFile = "source.txt"
$destinationFile = "restored.txt"
Start-AzStorageFileCopy -Context $context -SrcShareName $shareName -SrcFilePath $sourceFile -DestShareName $shareName -DestFilePath $destinationFile -SrcSnapshotTime $snapshot.SnapshotTime

# Delete snapshot
Remove-AzStorageShareSnapshot -Context $context -Name $shareName -SnapshotTime $snapshot.SnapshotTime

# Enable soft delete for file shares
$storageAccount | Set-AzStorageAccount -EnableShareSoftDelete $true -ShareSoftDeleteRetentionDays 30

# List soft deleted shares
Get-AzStorageShare -Context $context -IncludeDeleted

# Restore soft deleted share
Restore-AzStorageShare -Context $context -Name "deletedshare"

Configure Blob Lifecycle Management

Understanding Lifecycle Management

Blob lifecycle management provides a rule-based policy to automatically transition blobs between access tiers or delete them based on age, access patterns, or other criteria.

Lifecycle Management Rules

Rule Components:

Rule Name: Unique identifier for the rule
Rule Type: Lifecycle management rule
Rule Scope: Container or blob prefix
Actions: Transition to cool/archive or delete
Conditions: Age, access time, creation time

Configuring Lifecycle Management

Azure Portal Method

Step-by-Step Process:

Navigate to Storage Account: Go to Azure Portal → Storage accounts → Select account
Access Lifecycle Management: Click "Lifecycle management" in the left navigation
Add Rule: Click "Add a rule" to create new rule
Configure Rule:
- Rule Name: Enter descriptive name
- Rule Scope: Select containers or blob prefixes
- Blob Subtype: Base blobs, snapshots, versions
- Actions: Set transition and deletion rules
Create Rule: Click "Add" to create the rule

PowerShell Method

Lifecycle Management Configuration:

# Create lifecycle management rule
$storageAccount = Get-AzStorageAccount -ResourceGroupName "MyRG" -Name "mystorageaccount"

# Define lifecycle rule
$rule = @{
    Name = "MyLifecycleRule"
    Type = "Lifecycle"
    Definition = @{
        Filters = @{
            BlobTypes = @("blockBlob")
            PrefixMatch = @("logs/")
        }
        Actions = @{
            BaseBlob = @{
                TierToCool = @{
                    DaysAfterModificationGreaterThan = 30
                }
                TierToArchive = @{
                    DaysAfterModificationGreaterThan = 90
                }
                Delete = @{
                    DaysAfterModificationGreaterThan = 2555
                }
            }
            Snapshot = @{
                Delete = @{
                    DaysAfterCreationGreaterThan = 30
                }
            }
        }
    }
}

# Add lifecycle management rule
Add-AzStorageAccountManagementPolicy -ResourceGroupName "MyRG" -AccountName "mystorageaccount" -Rule $rule

# Get lifecycle management rules
Get-AzStorageAccountManagementPolicy -ResourceGroupName "MyRG" -AccountName "mystorageaccount"

# Remove lifecycle management rule
Remove-AzStorageAccountManagementPolicy -ResourceGroupName "MyRG" -AccountName "mystorageaccount" -RuleName "MyLifecycleRule"

Configure Blob Versioning

Understanding Blob Versioning

Blob versioning automatically maintains previous versions of a blob when it's modified or deleted. This provides protection against accidental deletion or modification and enables point-in-time recovery.

Versioning Benefits

Key Benefits:

Data Protection: Automatic version creation
Point-in-Time Recovery: Restore previous versions
Accidental Overwrite Protection: Preserve original data
Compliance: Meet regulatory requirements
Audit Trail: Track data changes over time

Configuring Blob Versioning

Azure Portal Method

Step-by-Step Process:

Navigate to Storage Account: Go to Azure Portal → Storage accounts → Select account
Access Data Protection: Click "Data protection" in the left navigation
Enable Versioning: Toggle "Enable versioning for blobs"
Configure Settings:
- Versioning: Enable/disable blob versioning
- Change Feed: Enable change feed if needed
- Point-in-Time Restore: Enable if needed
Save Configuration: Click "Save" to apply settings

PowerShell Method

Versioning Configuration:

# Enable blob versioning
$storageAccount = Get-AzStorageAccount -ResourceGroupName "MyRG" -Name "mystorageaccount"
$storageAccount | Set-AzStorageAccount -EnableVersioning $true

# Enable change feed
$storageAccount | Set-AzStorageAccount -EnableChangeFeed $true

# Get versioning status
$storageAccount.EnableVersioning

# List blob versions
$containerName = "mycontainer"
$blobName = "myblob.txt"
Get-AzStorageBlob -Context $storageAccount.Context -Container $containerName -Blob $blobName -IncludeVersion

# Get specific blob version
$versions = Get-AzStorageBlob -Context $storageAccount.Context -Container $containerName -Blob $blobName -IncludeVersion
$latestVersion = $versions | Sort-Object VersionId -Descending | Select-Object -First 1

# Copy blob version to current blob
Start-AzStorageBlobCopy -Context $storageAccount.Context -SrcContainer $containerName -SrcBlob $blobName -DestContainer $containerName -DestBlob "restored.txt" -SrcBlobVersionId $latestVersion.VersionId

# Delete specific blob version
Remove-AzStorageBlob -Context $storageAccount.Context -Container $containerName -Blob $blobName -VersionId $latestVersion.VersionId

# Promote blob version to current version
Start-AzStorageBlobCopy -Context $storageAccount.Context -SrcContainer $containerName -SrcBlob $blobName -DestContainer $containerName -DestBlob $blobName -SrcBlobVersionId $latestVersion.VersionId

Advanced Configuration Scenarios

Scenario 1: Data Archival Strategy

Situation: Organization needs to implement a cost-effective data archival strategy for long-term data retention.

Solution: Configure lifecycle management rules to automatically transition data from Hot to Cool to Archive tiers, implement versioning for critical data, and set up soft delete for additional protection.

Scenario 2: File Share Backup and Recovery

Situation: Organization needs to implement backup and recovery for critical file shares.

Solution: Enable file share snapshots with automated scheduling, configure soft delete for file shares, and implement cross-region replication for disaster recovery.

Scenario 3: Compliance and Data Governance

Situation: Organization needs to meet regulatory compliance requirements for data retention and protection.

Solution: Enable blob versioning and soft delete, implement immutable storage policies, configure lifecycle management for automated retention, and set up audit logging.

Best Practices and Recommendations

Storage Configuration Best Practices

✅ Recommended Practices:

Access Tier Planning: Plan access tiers based on data usage patterns
Lifecycle Management: Implement automated tier transitions
Versioning Strategy: Enable versioning for critical data
Soft Delete Configuration: Set appropriate retention periods
Snapshot Scheduling: Regular snapshots for file shares
Monitoring: Monitor storage usage and costs
Security: Implement proper access controls

Cost Optimization

Cost Optimization Tips:

Access Tier Optimization: Use appropriate tiers for data access patterns
Lifecycle Management: Automate tier transitions to reduce costs
Snapshot Management: Regular cleanup of old snapshots
Version Management: Clean up old blob versions
Soft Delete Retention: Optimize retention periods
Storage Monitoring: Monitor and optimize storage usage

Monitoring and Troubleshooting

Storage Monitoring

Key Metrics to Monitor:

Storage Capacity: Monitor storage usage and growth
Access Patterns: Track data access frequency
Lifecycle Transitions: Monitor tier transitions
Version Count: Track blob version accumulation
Snapshot Count: Monitor snapshot creation and deletion
Soft Delete Usage: Track soft deleted objects
Cost Analysis: Monitor storage costs by tier

Common Issues and Solutions

⚠️ Common Problems:

High Storage Costs: Optimize access tiers and lifecycle management
Version Accumulation: Implement version cleanup policies
Snapshot Management: Regular cleanup of old snapshots
Access Tier Issues: Verify tier configuration and permissions
Lifecycle Rule Conflicts: Review and resolve rule conflicts
Soft Delete Retention: Optimize retention periods
Performance Issues: Monitor and optimize storage performance

Exam Preparation Tips

Key Concepts to Remember

File Share Types: Standard vs Premium file shares
Container Access Levels: Private, Blob, Container access
Storage Tiers: Hot, Cool, Archive tiers and use cases
Soft Delete: Blob, container, and file share soft delete
Snapshots: File share snapshot creation and management
Lifecycle Management: Rule-based tier transitions and deletion
Blob Versioning: Version creation, management, and recovery

Practice Questions

Sample Exam Questions:

What is the difference between Hot and Cool access tiers?
How do you create a file share with PowerShell?
What are the benefits of enabling blob versioning?
How do you configure soft delete for containers?
What is the purpose of lifecycle management rules?
How do you create a file share snapshot?
What are the requirements for blob versioning?
How do you restore a soft deleted blob?
What is the difference between container access levels?
How do you configure lifecycle management with PowerShell?

AZ-104 Success Tip: Azure Files and Blob Storage configuration requires understanding of different storage types, access tiers, data protection mechanisms, and lifecycle management. Focus on understanding when to use each access tier, how to configure soft delete and versioning, and how to implement lifecycle management rules. Practice with PowerShell and Azure CLI commands for all storage operations and understand how these features work together to provide comprehensive data management and protection.