How to use managed identity and role-based access control to provide security and storage for a new company app .

To complete the skilling tasks, start by creating a storage account and a managed identity. In the Azure portal, search for Storage accounts, select Create, and provide a unique name for the storage account. Ensure infrastructure encryption is enabled and select Review + Create to deploy the resource. Next, create a managed identity by searching for Managed identities, selecting Create, and assigning the correct permissions, specifically the Storage Blob Data Reader role. To secure access to the storage account, create a key vault and key by searching for Key vaults, selecting Create, and providing a unique name for the key vault. Ensure Azure role-based access control is selected and review the deployment. After deployment, create a customer-managed key in the key vault by selecting the Keys blade, generating or importing a key, and naming the key. Configure the storage account to use the customer-managed key by assigning the Key Vault Crypto Service Encryption User role to the managed identity. Then, return to the storage account, select the Encryption blade, and select Customer-managed keys. Choose the key vault and key, confirm the choices, and select the managed identity. Finally, configure a time-based retention policy and an encryption scope. Create a container called hold, upload a file, and add a time-based retention policy with a retention period of 5 days. Verify that the file cannot be deleted due to the policy. Then, create an encryption scope that enables infrastructure encryption, give it a name, and set Infrastructure encryption to Enable. Apply the encryption scope to a new container to enable infrastructure encryption for all blobs in the container.