This chapter covers Azure Storage account types, a core topic for AZ-900 objective 2.4. Understanding storage accounts is critical because data storage is fundamental to nearly every cloud solution. This objective area carries approximately 15-20% of the exam weight. You'll learn the different storage account kinds, their performance tiers, replication options, and how to choose the right type for your workload.
Jump to a section
Think of Azure Storage as a city's water and storage infrastructure. The city has different types of storage for different needs: a reservoir for bulk water (Azure Blob Storage), a water tower for quick pressure and delivery (Azure Files with SMB shares), a post office for sending letters and packages between districts (Azure Queue Storage), and a public bulletin board for non-editable announcements (Azure Table Storage). Each storage type has its own access method, cost, and performance characteristics. The city planner (you) decides which type to use based on what needs to be stored, how often it's accessed, and who needs it. For example, the reservoir (Blob) is cheap for storing large amounts of water but slow to retrieve small amounts; the water tower (Files) is great for shared access by multiple buildings (VMs) but costs more per gallon. The post office (Queue) ensures reliable message delivery between services even if one is temporarily down, while the bulletin board (Table) allows quick lookups of structured data without needing a full database. Just as a city wouldn't use the reservoir to send a letter, Azure storage types are optimized for specific workloads.
What is an Azure Storage Account?
An Azure Storage account is a container that groups all of your Azure Storage data services together. It provides a unique namespace for your storage data that is accessible from anywhere in the world over HTTP or HTTPS. The storage account contains all of your Azure Storage data objects: blobs, files, queues, tables, and disks. The account itself has settings that apply globally, such as replication, encryption, and access tier.
Why Do You Need Different Storage Account Types?
Not all data is the same. Some data needs high performance for virtual machine disks, other data is archived for years with low access frequency, and some data is shared among many users. Azure provides different storage account types to optimize cost and performance for various workloads. Choosing the wrong type can lead to high costs or poor performance.
The Two Main Categories: General-purpose vs. Blob-only
Azure offers two main categories of storage accounts: general-purpose accounts and Blob-only accounts (called BlobStorage accounts). General-purpose accounts (GPv2) support all storage services (blobs, files, queues, tables, and disks) and are the recommended choice for most scenarios. BlobStorage accounts are specialized for blob data only and offer unique features like hot, cool, and archive access tiers.
Performance Tiers: Standard vs. Premium
Within storage accounts, you can choose between Standard and Premium performance tiers. Standard is based on magnetic disk drives and offers lower cost but higher latency. Premium is based on solid-state drives (SSDs) and offers low latency and high throughput. Premium is further divided into four sub-types: Premium block blobs, Premium page blobs, Premium file shares, and Premium block blob for high transaction rates.
Replication Options: LRS, ZRS, GRS, RA-GRS, GZRS, RA-GZRS
Replication ensures data durability and availability. Locally redundant storage (LRS) replicates data three times within a single datacenter. Zone-redundant storage (ZRS) replicates across three availability zones in the same region. Geo-redundant storage (GRS) replicates to a secondary region hundreds of miles away. Read-access geo-redundant storage (RA-GRS) adds read access to the secondary region. Geo-zone-redundant storage (GZRS) combines zone and geo redundancy. Read-access geo-zone-redundant storage (RA-GZRS) adds read access. Each has different cost and durability implications.
Access Tiers: Hot, Cool, Cold, and Archive
For blob storage, you can set an access tier to optimize cost based on how frequently data is accessed. Hot tier is for data accessed frequently, with higher storage cost but lower access cost. Cool tier is for data accessed infrequently (at least 30 days), with lower storage cost but higher access cost. Cold tier is for data accessed rarely (at least 90 days), with even lower storage cost. Archive tier is for data that can tolerate hours of retrieval latency, with the lowest storage cost but highest access cost.
How to Create a Storage Account
You can create a storage account via the Azure portal, Azure CLI, PowerShell, or ARM templates. In the portal, you specify the subscription, resource group, storage account name (globally unique), region, performance tier, replication, access tier (for BlobStorage), and advanced networking settings like virtual network service endpoints or private endpoints.
Comparing to On-Premises Storage
On-premises, you might have a SAN for block storage, a NAS for file shares, and tape for archival. Azure Storage combines these into a single service with pay-as-you-go pricing and global accessibility. However, you lose the ability to control the physical hardware and must trust Azure's security and compliance certifications.
Azure Portal and CLI Touchpoints
In the Azure portal, you manage storage accounts under 'Storage accounts' in the left menu. You can view metrics, configure networking, set custom domain names, and manage access keys. Using Azure CLI, you can create a storage account with:
az storage account create \
--name mystorageaccount \
--resource-group myResourceGroup \
--location eastus \
--sku Standard_GRS \
--kind StorageV2This creates a general-purpose v2 account with geo-redundant storage. The 'kind' parameter specifies the account type: StorageV2 (general-purpose v2), BlobStorage, BlockBlobStorage, FileStorage, or Storage (legacy v1).
Key Components and Limits
Storage account name must be 3-24 characters, lowercase letters and numbers only.
Each storage account can hold up to 500 TB total capacity (for standard accounts).
Maximum ingress/egress rates vary by replication and performance tier.
You can have up to 250 storage accounts per subscription (with quota increase possible).
Access keys provide full access; shared access signatures (SAS) provide delegated access.
Pricing Models
Storage costs are based on: amount of data stored (GB/month), data transfer (egress), number of transactions (read/write operations), and replication type. Premium storage costs more per GB but offers lower latency. Archive tier has the lowest storage cost but charges for data retrieval and early deletion penalties.
Business Scenarios
A media company stores video files in Blob Storage with cool access tier, using CDN for delivery.
A financial application uses Premium page blobs for low-latency database disks.
A logistics company uses Queue Storage to decouple order processing from inventory updates.
A retail chain uses Azure Files for shared configuration files across branch office servers.
Summary
Choosing the right storage account type is crucial for cost and performance. General-purpose v2 is the default for most workloads. For blob-heavy workloads with tiering needs, BlobStorage is better. For high-performance workloads, use Premium. Always consider replication and access tier based on your data availability and access patterns.
Identify your data requirements
Start by analyzing your data: what type of data (blobs, files, queues, tables, or disks), how often it is accessed (frequently, infrequently, archived), required latency (milliseconds or seconds), and durability needs (single region, multi-region, or read access in secondary region). This step determines the storage account kind, performance tier, replication, and access tier. For example, if you need to store VM disks, you need a general-purpose account with Premium page blobs. If you need to archive logs, you need BlobStorage with Archive tier.
Choose the storage account kind
Based on requirements, select the account kind: StorageV2 (general-purpose v2) is the most flexible and supports all services. BlobStorage is for blob-only with tiering. BlockBlobStorage is for premium block blobs with high transaction rates. FileStorage is for premium file shares. Storage (v1) is legacy and not recommended. For AZ-900, know that StorageV2 is the default and recommended for most scenarios. The kind is set at creation and cannot be changed later.
Select performance tier and replication
Choose Standard or Premium. Standard is cost-effective for most workloads; Premium is for low-latency requirements. Then choose replication: LRS for lowest cost but single datacenter; ZRS for zone resilience; GRS for geo-redundancy; RA-GRS for read access in secondary region; GZRS for zone+geo; RA-GZRS for read access. The exam tests that GRS provides six copies (3 primary, 3 secondary) and that RA-GRS allows read access in the secondary region but not write. Note: changing replication after creation may cause a one-time data transfer cost.
Create the storage account in Azure
In the Azure portal, navigate to 'Storage accounts' and click 'Create'. Fill in subscription, resource group, storage account name (must be globally unique), region, performance tier, replication, access tier (if BlobStorage), and networking options. For advanced networking, you can restrict access to specific virtual networks or use private endpoints. You can also enable hierarchical namespace for Azure Data Lake Storage Gen2. After creation, you can start using the storage services.
Configure data services and access
Once the account is created, you can create containers (for blobs), file shares, queues, and tables. Configure access using access keys (full access), shared access signatures (SAS) for delegated access with permissions and expiry, or Azure AD authentication (for blobs and queues). For security, regenerate keys periodically and use SAS tokens for limited access. For exam, know that SAS tokens can be service-level or account-level and can specify allowed IP addresses and protocols.
Scenario 1: E-commerce Website with Product Images
An e-commerce company stores millions of product images in Azure Blob Storage. They choose a general-purpose v2 account with Standard performance and geo-redundant storage (GRS) for disaster recovery. They set the access tier to Cool because images are not accessed after initial upload except for occasional updates. They use a CDN to serve images to users for low latency. Cost is optimized by using Cool tier and GRS. If they had chosen Hot tier, storage costs would be higher. If they had chosen LRS, they risk data loss in a regional disaster.
Scenario 2: Shared File Access for Remote Offices
A multinational corporation needs to share configuration files and scripts across 50 branch offices. They use Azure Files with a premium file share (FileStorage account) for low-latency access. They enable Azure File Sync to cache files on local Windows Server file servers for offline access. The storage account uses zone-redundant storage (ZRS) to survive a zone outage. If they had used standard file shares, latency would be higher. If they had chosen LRS, a zone failure would take down access.
Scenario 3: Archived Compliance Data
A healthcare organization must retain patient records for 7 years. They use BlobStorage with Archive tier for data older than 90 days. Data is accessed less than once a year. They use read-access geo-redundant storage (RA-GRS) to ensure data is available even if the primary region fails, and they can read from the secondary region if needed. The low storage cost of Archive tier saves significant money. However, they must plan for rehydration time (up to 15 hours) if data is needed. A common mistake is to use Cool tier instead, which costs more for long-term archival.
Objective 2.4: Describe storage account types and replication. The exam expects you to differentiate between StorageV2, BlobStorage, BlockBlobStorage, FileStorage, and legacy Storage (v1). You must know the supported services and performance tiers for each. For replication, memorize the durability percentages: LRS (99.999999999% or 11 nines), ZRS (99.9999999999%), GRS/RA-GRS (99.99999999999999% or 16 nines). The exam loves to ask: 'Which replication provides the highest durability?' Answer: GRS/RA-GRS/GZRS/RA-GZRS. Also: 'Which replication provides read access to the secondary region?' Answer: RA-GRS and RA-GZRS.
Common wrong answers: 1. 'StorageV1 is the default' – No, StorageV2 is the default and recommended. 2. 'Premium performance is available for all storage account kinds' – No, Premium is only for block blobs, page blobs, and file shares, not for queues or tables. 3. 'GRS provides read access to the secondary region' – No, that is RA-GRS. GRS only allows failover, not read. 4. 'Archive tier is available for all storage account kinds' – No, only BlobStorage and StorageV2 (for blobs) support Archive tier.
Terms that appear verbatim: 'Locally redundant storage (LRS)', 'Geo-redundant storage (GRS)', 'Read-access geo-redundant storage (RA-GRS)', 'Zone-redundant storage (ZRS)', 'Geo-zone-redundant storage (GZRS)', 'Hot, Cool, Cold, Archive', 'General-purpose v2 (StorageV2)', 'Premium block blobs', 'Premium page blobs', 'Premium file shares'.
Edge case: If a question says 'You need to store VM disks with low latency' – the answer is Premium page blobs (not Premium block blobs). VM disks use page blobs.
Memory trick: For replication durability, remember 'LRS has 11 nines, GRS has 16 nines'. For access tiers, think 'Hot is hot (frequent), Cool is cool (infrequent), Archive is frozen (archived)'.
Decision tree: Ask: Do you need multiple storage services? -> StorageV2. Only blobs with tiering? -> BlobStorage. High-throughput block blobs? -> BlockBlobStorage. Premium file shares? -> FileStorage. Need low latency for disks? -> Premium page blobs (via StorageV2).
General-purpose v2 (StorageV2) is the default and recommended storage account type for most workloads.
BlobStorage accounts are for blob-only scenarios with access tiering (Hot, Cool, Cold, Archive).
Premium performance is available for block blobs (BlockBlobStorage), page blobs (via StorageV2), and file shares (FileStorage).
Replication options: LRS (11 nines), ZRS (12 nines), GRS/RA-GRS (16 nines), GZRS/RA-GZRS (16 nines).
RA-GRS and RA-GZRS allow read access to the secondary region; GRS and GZRS do not.
Archive tier requires rehydration (up to 15 hours) before data can be read.
Storage account names must be 3-24 characters, lowercase letters and numbers, globally unique.
You cannot change the storage account kind after creation.
Azure CLI command to create a StorageV2 account: az storage account create --kind StorageV2 --sku Standard_GRS
The maximum number of storage accounts per subscription is 250 (default).
These come up on the exam all the time. Here's how to tell them apart.
General-purpose v2 (StorageV2)
Supports blobs, files, queues, tables, and disks
Recommended for most scenarios
Access tiers available for blobs (Hot, Cool, Cold, Archive)
Can be Standard or Premium (for block blobs, page blobs, files)
Default storage account type
BlobStorage
Supports blobs and disks (page blobs) only
Optimized for blob-heavy workloads
Access tiers available (Hot, Cool, Cold, Archive) – same as StorageV2
Only Standard performance; Premium not available
Cannot be used for file shares, queues, or tables
Mistake
All storage accounts support all storage services (blobs, files, queues, tables, disks).
Correct
Only general-purpose v2 (StorageV2) supports all services. BlobStorage only supports blobs and disks (page blobs) but not files, queues, or tables. FileStorage only supports file shares. BlockBlobStorage only supports block blobs. Legacy Storage (v1) supports all but is outdated.
Mistake
Premium performance tier is available for all data types within a storage account.
Correct
Premium is only for block blobs, page blobs, and file shares. Queues and tables do not have a Premium tier. You must choose a specialized account kind (e.g., BlockBlobStorage) to get Premium for block blobs.
Mistake
Geo-redundant storage (GRS) allows you to read data from the secondary region at any time.
Correct
GRS does not allow read access to the secondary region unless a failover occurs. Only RA-GRS and RA-GZRS provide read access to the secondary region. GRS replicates data to the secondary region but keeps it offline for failover only.
Mistake
Archive storage tier allows immediate read access to data.
Correct
Archive tier requires rehydration to Hot or Cool tier before reading. Rehydration can take up to 15 hours. Data in Archive is offline and cannot be read directly. This is a key exam point.
Mistake
You can change the storage account kind after creation without data loss.
Correct
You cannot change the account kind (e.g., from StorageV2 to BlobStorage) after creation. You must migrate data to a new account. However, you can change performance tier (Standard to Premium) only if the account supports it, but this may require downtime.
A storage account is the top-level namespace in Azure that contains all your storage services (blobs, files, queues, tables). A container is a folder-like structure within a storage account that holds blobs. You have one storage account, and within it you can have many containers. The storage account defines the global settings (region, replication, performance), while containers organize blobs. For example, you might have a storage account named 'mystorage' and a container named 'images'.
Yes, you can change the replication type after creation, but there may be a one-time data transfer cost if you change from LRS to GRS (since data is copied to the secondary region). Some changes, like converting to ZRS, may require downtime. You can change in the Azure portal under 'Configuration'. The exam expects you to know that replication can be changed but with potential costs and downtime.
Standard storage uses magnetic HDDs and is cost-effective for most workloads with higher latency. Premium storage uses SSDs and provides low latency and high throughput, suitable for I/O-intensive workloads like databases and VMs. Premium is available only for block blobs, page blobs, and file shares. Standard supports all data types. Cost per GB is higher for Premium, but transaction costs are lower. Choose Premium when you need consistent low latency.
For Azure Files, you can use a general-purpose v2 (StorageV2) account with standard file shares, or a FileStorage account for premium file shares. FileStorage is optimized for high-performance file shares with low latency. If you need standard performance (e.g., for general file sharing), use StorageV2. If you need high IOPS and throughput (e.g., for SQL Server or SAP), use FileStorage with premium shares.
LRS replicates data three times within a single datacenter in the primary region. ZRS replicates across three availability zones within the primary region. GRS replicates to a secondary region (paired region) and keeps data offline for failover. GZRS combines ZRS in the primary region with geo-replication to a secondary region. LRS is cheapest but least durable; ZRS offers zone resilience; GRS offers region resilience; GZRS offers both zone and region resilience. For exam, remember the durability numbers: LRS 11 nines, ZRS 12 nines, GRS/GZRS 16 nines.
Yes, Azure Storage supports Azure AD for authentication and authorization for blobs and queues (but not for files, tables, or queues in some scenarios). This allows you to use role-based access control (RBAC) to grant permissions to users, groups, or service principals. It is more secure than using storage account keys. For exam, know that Azure AD integration is available for blobs and queues, and that you can assign roles like 'Storage Blob Data Reader'.
A SAS is a token that provides delegated access to resources in a storage account. You can specify permissions (read, write, delete), start/expiry time, allowed IP addresses, and protocol (HTTPS). SAS can be service-level (for a specific container, queue, table, or file share) or account-level (for multiple services). SAS is used to grant limited access without sharing the account key. For exam, know that SAS tokens can be generated via the portal or programmatically, and that you can revoke them by regenerating the account key.
You've just covered Azure Storage Account Types — now see how well it sticks with free AZ-900 practice questions. Full explanations included, no account needed.
Done with this chapter?