Exam AZ-104 All QuestionsBrowse all questions from this exam
Go to Exam
Question 126

HOTSPOT

-

You have an Azure Storage account named storage1 that uses Azure Blob storage and Azure File storage.

You need to use AzCopy to copy data to the blob storage and file storage in storage1.

Which authentication method should you use for each type of storage? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

    Correct Answer:

Discussion
Vokuhila

First: Azure AD & SAS Second: SAS Source: https://learn.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10#authorize-azcopy

Sameer9371

you are absolutely right

hank00r

The link you provided states: "You can provide authorization credentials by using Microsoft Entra ID, or by using a Shared Access Signature (SAS) token". So it should be Azure AD & SAS for both Questions. Am I getting it wrong?

ggogel

Yes, this must have been changed. The following doc clearly states that Entra ID can be used to authorize access to file shares when using azcopy. https://learn.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-authorize-azure-active-directory

SDiwan

No, if you are targetting copy to the whole "file share" then SAS is the only option. Entra ID can be used , if you are copying a fileor files to a specific folder inside file file share. So, SAS only is correct for 2nd question

tableton

But I think the whole file share is not mentioned in the question: "You need to use AzCopy to copy data to the blob storage and file storage in storage1." So EntraID could be used to azcopy to file share

suddin1

I agree, this is what microsoft says here, " Note The examples in this article show the use of a SAS token to authorize access. However, for commands that target files and directories, you can now provide authorization credentials by using Microsoft Entra ID and omit the SAS token from those commands. You'll still have to use a SAS token in any command that targets only the file share or the account (For example: 'azcopy make https://mystorageaccount.file.core.windows.net/myfileshare' or 'azcopy copy 'https://mystorageaccount.file.core.windows.net'." https://learn.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-files

[Removed]

Currently supported method of authorization Blob storage: Microsoft Entra ID & SAS Blob storage (hierarchical namespace): Microsoft Entra ID & SAS File storage: SAS only

heartfilia42

Sorry, but with the official doc :https://learn.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-authorize-azure-active-directory I don't see anywhere taht you cannot use Azure AD to access File Storage as well as Blob Storage ?

ggogel

Funny how even Microsoft is confused by their naming. It is called "Azure Files" or specifically "File Shares" and not "File storage".

Ziolupo

Entra ID is now available to authorize Azcopy on Azure file share.

AntaninaD

Blob storage- Azure AD & SAS File storage - SAS only https://learn.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10?toc=%2Fazure%2Fstorage%2Ffiles%2Ftoc.json#authorize-azcopy

ssky

for commands that target files and directories, you can now provide authorization credentials by using Microsoft Entra ID and omit the SAS token from those commands. You'll still have to use a SAS token in any command that targets only the file share or the account

MailTempo

Blob storage: Azure AD and shared access signatures File storage: Shared access signatures only That´s correct?

varinder82

Final Answer: First: Azure AD & SAS Second: SAS

RockyChak

Authorize access to blobs and files with AzCopy and Microsoft Entra ID https://learn.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-authorize-azure-active-directory Both Blob and File storage can be authenticated with Entra ID and SAS

ka0s

I'm gonna go with: First: Azure AD Second: SAS Question which solution you SHOULD use not which you CAN. And AD is always preferred.

OpOmOp

It can be authorized with credentials for FileShare as well.. The examples in this article show the use of a SAS token to authorize access. However, for commands that target files and directories, you can now provide authorization credentials by using Microsoft Entra ID and omit the SAS token from those commands. You'll still have to use a SAS token in any command that targets only the file share or the account (For example: 'azcopy make https://mystorageaccount.file.core.windows.net/myfileshare' or 'azcopy copy 'https://mystorageaccount.file.core.windows.net'.

3c5adce

Validated by ChatGPT 4 - Blob Storage: Azure AD and Shared Access Signatures (SAS) File Storage: Shared Access Signatures (SAS) only

3c5adce

Changing my answer Blob storage: Azure AD and shared access signatures (SAS) File storage: Azure AD only

tashakori

Correct

allyou

https://learn.microsoft.com/fr-fr/azure/storage/common/storage-ref-azcopy-copy

allyou

https://learn.microsoft.com/en-us/training/modules/configure-storage-tools/4-use-azcopy

edurakhan

This link: https://learn.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-authorize-azure-active-directory clearly states: "You can provide AzCopy with authorization credentials by using Microsoft Entra ID. That way, you won't have to append a shared access signature (SAS) token to each command." The question is kind of confusing - "which SHOULD you use". You COULD use both, but I am assuming Microsoft Entra ID (Azure AD) SHOULD be the right way for both.