Explanation:
Managed Identity is the optimal authentication mechanism for this scenario because:
Virtual Network Integration: When an Azure Storage account is configured to be accessible only from a virtual network, managed identities provide seamless authentication without requiring explicit credentials to be stored or managed.
Security Benefits: Managed identities eliminate the need to handle storage account keys or connection strings, reducing security risks associated with credential management. The identity is automatically managed by Azure and can be granted specific RBAC permissions on the storage account.
Azure Synapse Integration: Azure Synapse Analytics supports managed identities natively. You can assign a system-assigned or user-assigned managed identity to the Synapse workspace, then grant this identity the necessary permissions (such as Storage Blob Data Reader or Contributor) on the storage account.
Network Security Alignment: Managed identities work seamlessly with virtual network restrictions since the authentication occurs through Azure's internal security infrastructure, which respects the network boundaries.
B. Anonymous Public Read Access: This is completely unsuitable because:
C. Shared Key: While technically possible, this approach is suboptimal because:
To implement this solution:
This approach provides secure, credential-free authentication that respects the virtual network boundaries while maintaining ease of management and strong security posture.
Ultimate access to all questions.
You are designing an Azure Synapse solution that will provide a query interface for data stored in an Azure Storage account. The storage account is configured to be accessible only from a virtual network.
What authentication mechanism should you recommend to ensure the solution can access the source data?
A
a managed identity
B
anonymous public read access
C
a shared key
No comments yet.