Azure Blob Storage

Azure Blob Storage – Complete Guide for DP-900

Why Azure Blob Storage Is Important

Azure Blob Storage is one of the most fundamental services in Microsoft Azure and a core topic on the DP-900 (Microsoft Azure Data Fundamentals) exam. It is Microsoft's massively scalable object storage solution designed for storing unstructured data — data that does not conform to a particular data model or schema. Understanding Blob Storage is critical because:

• It underpins many Azure services (Azure Data Lake, Azure CDN, Azure Backup, etc.).
• It is the go-to solution for storing images, videos, documents, logs, backups, and any binary or text data at scale.
• It is a key example of non-relational data storage on Azure, which is a significant portion of the DP-900 exam.
• Real-world cloud architectures rely heavily on Blob Storage for cost-effective, durable, and highly available data persistence.

What Is Azure Blob Storage?

Azure Blob Storage is an object storage service optimized for storing massive amounts of unstructured data. The word "Blob" stands for Binary Large Object. It provides a flat storage hierarchy (unlike file systems with nested folders) and is accessed via HTTP/HTTPS using REST APIs, Azure SDKs, PowerShell, Azure CLI, or Azure Storage Explorer.

Key Concepts:

1. Storage Account
A storage account is the top-level namespace that provides a unique endpoint for your Azure Storage data. All blobs exist within a storage account. The account name forms part of the URL, e.g., https://mystorageaccount.blob.core.windows.net.

2. Containers
Containers are logical groupings within a storage account, similar to directories or folders. Every blob must reside in a container. A storage account can have an unlimited number of containers, and each container can hold an unlimited number of blobs. Container names must be lowercase.

3. Blobs (Objects)
Blobs are the actual data files stored within containers. Each blob is identified by a unique name within its container.

Types of Blobs:

• Block Blobs – Optimized for uploading large amounts of data efficiently. Block blobs are made up of blocks, each identified by a block ID. They are ideal for storing text and binary data such as files, images, and videos. This is the most commonly used blob type. Block blobs can store up to approximately 190.7 TiB.

• Append Blobs – Similar to block blobs but optimized for append operations. They are ideal for scenarios such as logging, where data is constantly being added to the end of the blob. You cannot modify or delete existing blocks in an append blob — only append new ones.

• Page Blobs – Optimized for random read/write operations. They store up to 8 TiB and are primarily used as the backing storage for Azure Virtual Machine (VM) disks (VHD files). Page blobs allow efficient random access to any part of the file.

Access Tiers:

Azure Blob Storage offers different access tiers to help manage costs based on how frequently data is accessed:

• Hot Tier – For data that is accessed frequently. Has the highest storage cost but the lowest access cost. This is the default tier.

• Cool Tier – For data that is accessed infrequently and stored for at least 30 days. Lower storage cost than Hot but higher access cost.

• Cold Tier – For data that is rarely accessed and stored for at least 90 days. Lower storage cost than Cool but higher access cost.

• Archive Tier – For data that is rarely accessed and stored for at least 180 days. Has the lowest storage cost but the highest access cost and highest retrieval latency. Data in the archive tier is stored offline and must be rehydrated (moved to Hot or Cool tier) before it can be read, which can take hours.

How Azure Blob Storage Works

Data Organization:
Storage Account → Container(s) → Blob(s)

Example URL: https://mystorageaccount.blob.core.windows.net/mycontainer/myimage.jpg

Redundancy Options:
Data stored in Azure Blob Storage is automatically replicated to ensure durability and high availability. Options include:
• LRS (Locally Redundant Storage) – 3 copies within a single data center.
• ZRS (Zone-Redundant Storage) – 3 copies across availability zones in one region.
• GRS (Geo-Redundant Storage) – 6 copies: 3 in the primary region and 3 in a secondary region.
• RA-GRS (Read-Access Geo-Redundant Storage) – Same as GRS but with read access to the secondary region.
• GZRS and RA-GZRS – Combines zone redundancy with geo-redundancy.

Security:
• All data is encrypted at rest using Storage Service Encryption (SSE) with 256-bit AES encryption.
• Data in transit is protected using HTTPS/TLS.
• Access can be controlled via Azure Active Directory (Azure AD / Microsoft Entra ID), Shared Access Signatures (SAS), access keys, and role-based access control (RBAC).
• Containers can have public access levels: Private (no anonymous access), Blob (anonymous read access to blobs only), or Container (anonymous read access to the entire container).

Lifecycle Management:
Azure Blob Storage supports lifecycle management policies that automatically transition blobs between access tiers or delete them based on rules you define. For example, you can automatically move blobs to the Cool tier after 30 days of no access and to the Archive tier after 90 days.

Soft Delete:
Blob soft delete allows you to recover blobs that have been accidentally deleted within a specified retention period.

Versioning:
Blob versioning automatically maintains previous versions of a blob when it is modified or deleted.

Common Use Cases:
• Serving images, documents, or videos directly to a browser
• Storing files for distributed access
• Streaming audio and video
• Writing to log files (using append blobs)
• Storing data for backup, disaster recovery, and archiving
• Storing data for analysis by an on-premises or Azure-hosted service
• Serving as a data lake foundation (Azure Data Lake Storage Gen2 is built on top of Blob Storage)

Azure Data Lake Storage Gen2:
It is worth noting that Azure Data Lake Storage Gen2 is built on top of Azure Blob Storage by enabling a hierarchical namespace. This adds file-system-like directory structures, fine-grained access control (ACLs), and is optimized for big data analytics workloads. For the DP-900 exam, understand that Data Lake Storage Gen2 combines the scalability and cost benefits of Blob Storage with the analytical capabilities needed for big data.

---

Exam Tips: Answering Questions on Azure Blob Storage

1. Know the Blob Types and Their Use Cases
The exam frequently tests whether you can match the blob type to the scenario:
• Logging or audit trails? → Append Blobs
• Images, videos, documents, general file storage? → Block Blobs
• Virtual machine disks (VHDs)? → Page Blobs

2. Understand Access Tiers Thoroughly
Expect questions that describe a scenario and ask you to choose the most cost-effective tier:
• Data accessed daily → Hot
• Data accessed monthly or stored for at least 30 days → Cool
• Data rarely accessed, stored for at least 90 days → Cold
• Data almost never accessed, stored for at least 180 days, and long retrieval time is acceptable → Archive
• Remember: Archive tier data is offline and requires rehydration before access.

3. Remember the Hierarchy
Storage Account → Container → Blob. Questions may test this organizational structure. Blobs do not exist outside of containers.

4. Blob Storage Is for Unstructured Data
If a question asks about storing unstructured data (images, videos, backups, logs, documents), Blob Storage is almost always the correct answer. Do not confuse it with Azure Table Storage (semi-structured key-value data) or Azure SQL Database (structured relational data).

5. Differentiate Blob Storage from Azure Files
Azure Blob Storage is object/REST-based access. Azure Files provides SMB/NFS file shares that can be mounted as network drives. If a question mentions mounting a file share or replacing an on-premises file server, the answer is Azure Files, not Blob Storage.

6. Know That Data Lake Storage Gen2 Uses Blob Storage
If a question references big data analytics with a hierarchical namespace on top of Blob Storage, the answer is Azure Data Lake Storage Gen2. It enables hierarchical namespace on Blob Storage for analytics workloads.

7. Lifecycle Management Policies
If a question describes automatically moving data between tiers over time to save costs, the answer involves Blob Storage lifecycle management policies.

8. Security and Access
• All data at rest is encrypted by default (SSE).
• SAS tokens provide time-limited, granular access without sharing account keys.
• If a question asks about the most secure way to grant temporary access, the answer is often Shared Access Signatures (SAS).

9. Redundancy Is Not Unique to Blob Storage
Redundancy options (LRS, ZRS, GRS, etc.) apply at the storage account level, not just to blobs. However, know them for scenario-based questions about durability and availability.

10. Watch for Distractor Answers
Common distractors on the exam include Azure Cosmos DB, Azure SQL, and Azure Table Storage. Always check whether the scenario involves unstructured data (Blob Storage), semi-structured key-value data (Table Storage or Cosmos DB), or structured relational data (Azure SQL). This distinction is key to selecting the correct answer.

Quick Reference Summary:
• What: Object storage for unstructured data (binary/text)
• Blob Types: Block (files), Append (logs), Page (VM disks)
• Tiers: Hot, Cool, Cold, Archive
• Hierarchy: Storage Account → Container → Blob
• Encryption: Enabled by default at rest (SSE) and in transit (HTTPS)
• Key differentiator: REST-based object storage vs. Azure Files (SMB/NFS) vs. Table Storage (key-value)