You have an Azure subscription that contains a storage account named storage1 and a web app named WebApp1. WebApp1 uses a system-assigned managed identity.
You need to ensure that WebApp1 can read and write files to storage1 by using the system-assigned managed identity.
What should you configure for storage1 in the Azure portal?
To ensure that WebApp1 can read and write files to storage1 using the system-assigned managed identity, you need to configure the Access control (IAM) settings for the storage account in the Azure portal. By doing so, you can assign necessary roles, such as Storage Blob Data Reader for read access and Storage Blob Data Contributor for write access, to the managed identity associated with WebApp1. This approach leverages Azure Role-Based Access Control (RBAC) to manage resource access effectively.
C is the correct answer because access to resources in Azure is dealt with through Azure Role-Based Access Control (RBAC). This allows fine-grained access management for Azure. System-assigned managed identities can be assigned roles through IAM settings of a resource, granting them permissions to perform certain actions. To access files in Azure Storage, you would assign the Storage Blob Data Reader role for read access and the Storage Blob Data Contributor role for write access to the managed identity in the IAM settings. Here's the Microsoft documentation needed about granting access using RBAC and Azure AD identities: https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal
Access control (IAM) settings in Azure allow you to manage access to various resources within your Azure subscription. If you want to ensure that the WebApp1 web app can read and write files in storage1, you must grant the web app the appropriate permissions on the storage1 storage account. By configuring access control (IAM) for the storage account "storage1", you can assign the necessary permissions (such as "Storage Blob Data Contributor" or "Storage Blob Data Reader") to the web app's managed identity to access the Blob services can access to read and write files.
In the Azure portal, go into your storage account to grant your web app access. Select Access control (IAM) in the left pane, and then select Role assignments. You'll see a list of who has access to the storage account. Now you want to add a role assignment to a robot, the app service that needs access to the storage account. Select Add > Add role assignment to open the Add role assignment page. https://learn.microsoft.com/en-us/entra/identity-platform/multi-service-web-app-access-storage?tabs=azure-portal%2Cprogramming-language-csharp#grant-access-to-the-storage-account
Answer C