The provided document outlines various aspects of managing R Gen2 storage within Microsoft Azure. It addresses the need for additional steps to propagate access control lists when modifying them, the implications of attempting administrative actions by consumers using tools like Microsoft Azure Storage Explorer, and optimizing performance with AzCopy during data transfers. Additionally, it covers how to enable MSAL authentication in Microsoft Azure Storage Explorer and the requirements for B2B invites to grant guest user access externally.
Key takeaways include:
-
R Gen2 storage by default does not propagate ACL changes automatically; manual steps are required after modifications like adding, removing, or changing an access control entry.
-
Storage Consumers can’t directly perform administrative actions through ACLs and must elevate their permissions to a Storage Admin role using Azure’s RBAC for such tasks.
-
Microsoft Azure Storage Explorer and AzCopy are designed with high throughput in mind, which may necessitate throttling network bandwidth during intensive data transfers. Adjusting the Network Concurrency and File Concurrency settings can manage this effectively.
-
To enhance security, it’s recommended to enable MSAL (Microsoft Authentication Library) for sign-in with Azure Storage Explorer by following the set steps in the application’s settings.
-
B2B invites are essential when external partners need access via Microsoft Azure Active Directory, and they can be managed through group membership configurations post the B2B process.
The document also highlights how MDTS (Microsoft Data Lake Storage Gen 2) was developed as a modern solution leveraging Azure’s services to cater to various needs within Microsoft while minimizing reliance on legacy storage solutions. It encourages other teams and consumers of Azure products to consider the advantages of this approach, especially in terms of scalability, compliance with security initiatives like Zero Trust, high-performance data handling, and cost reduction through eliminating third-party dependencies.