You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/stream-analytics/data-protection.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -28,20 +28,20 @@ Azure Stream Analytics persists the following metadata and data in order to run:
28
28
29
29
## In-Region Data Residency
30
30
31
-
Azure Stream Analytics stores customer data and other metadata described above. Customer data is stored by Azure Stream Analytics in a single region by default, so this service automatically satisfies in region data residency requirements including those specified in the [Trust Center](https://azuredatacentermap.azurewebsites.net/).
31
+
Azure Stream Analytics stores customer data and other metadata described earlier. Azure Stream Analytics stores customer data in a single region by default, so this service automatically satisfies region data residency requirements including the ones specified in the [Trust Center](https://azuredatacentermap.azurewebsites.net/).
32
32
Additionally, you can choose to store all data assets (customer data and other metadata) related to your stream analytics job in a single region by encrypting them in a storage account of your choice.
33
33
34
34
## Encrypt your data
35
35
36
-
Stream Analytics automatically employs best-in-class encryption standards across its infrastructure to encrypt and secure your data. You can simply trust Stream Analytics to securely store all your data so that you don't have to worry about managing the infrastructure.
36
+
Stream Analytics automatically employs best-in-class encryption standards across its infrastructure to encrypt and secure your data. You can trust Stream Analytics to securely store all your data so that you don't have to worry about managing the infrastructure.
37
37
38
38
If you want to use customer-managed keys to encrypt your data, you can use your own storage account (general purpose V1 or V2) to store any private data assets that are required by the Stream Analytics runtime. Your storage account can be encrypted as needed. None of your private data assets are stored permanently by the Stream Analytics infrastructure.
39
39
40
-
This setting must be configured at the time of Stream Analytics job creation, and it can't be modified throughout the job's life cycle. Modification or deletion of storage that is being used by your Stream Analytics is not recommended. If you delete your storage account, you will permanently delete all private data assets, which will cause your job to fail.
40
+
This setting must be configured at the time of Stream Analytics job creation, and it can't be modified throughout the job's life cycle. Modification or deletion of storage that is being used by your Stream Analytics isn't recommended. If you delete your storage account, you permanently delete all private data assets, and it causes your job to fail.
41
41
42
-
Updating or rotating keys to your storage account is not possible using the Stream Analytics portal. You can update the keys using the REST APIs. You can also connect to your job storage account using managed identity authentication with allow trusted services.
42
+
Updating or rotating keys to your storage account isn't possible using the Stream Analytics portal. You can update the keys using the REST APIs. You can also connect to your job storage account using managed identity authentication with allow trusted services.
43
43
44
-
If the storage account you want to use is in an Azure Virtual Network, you must use managed identity authentication mode with **Allow trusted services**. For more information, visit: [Connect Stream Analytics jobs to resources in an Azure Virtual Network (VNet)](connect-job-to-vnet.md).
44
+
If the storage account you want to use is in an Azure Virtual Network, you must use managed identity authentication mode with **Allow trusted services**. For more information, visit: [Connect Stream Analytics jobs to resources in an Azure virtual network](connect-job-to-vnet.md).
45
45
46
46
47
47
### Configure storage account for private data
@@ -60,13 +60,13 @@ Use the following steps to configure your storage account for private data asset
60
60
61
61
1. Select the check box that says *Secure all private data assets needed by this job in my Storage account*.
62
62
63
-
1. Select a storage account from your subscription. Note that this setting cannot be modified throughout the life cycle of the job. You also cannot add this option once the job is created.
63
+
1. Select a storage account from your subscription. This setting can't be modified throughout the life cycle of the job. You also can't add this option once the job is created.
64
64
65
65
1. To authenticate with a connection string, select **Connection string** from the Authentication mode dropdown. The storage account key is automatically populated from your subscription.
66
66
67
67
68
68
69
-
1. To authenticate with Managed Identity, select **Managed Identity** from the Authentication mode dropdown. If you choose Managed Identity, you need to add your Stream Analytics job to the storage account's access control list with the *Storage Blob Data Contributor* role. If you do not give your job access, the job will not be able to perform any operations. For more information on how to grant access, see [Assign an Azure role for access to blob data](../storage/blobs/assign-azure-role-data-access.md).
69
+
1. To authenticate with Managed Identity, select **Managed Identity** from the Authentication mode dropdown. If you choose Managed Identity, you need to add your Stream Analytics job to the storage account's access control list with the *Storage Blob Data Contributor* role. If you don't give your job access, the job can't perform any operations. For more information on how to grant access, see [Assign an Azure role for access to blob data](../storage/blobs/assign-azure-role-data-access.md).
70
70
71
71
:::image type="content" source="media/data-protection/storage-account-create-msi.png" alt-text="Private data storage account settings with managed identity authentication":::
72
72
@@ -85,7 +85,7 @@ Any private data that is required to be persisted by Stream Analytics is stored
85
85
Connection details of your resources, which are used by your Stream Analytics job, are also stored. Encrypt your storage account to secure all of your data.
86
86
87
87
## Enables Data Residency
88
-
You may use this feature to enforce any data residency requirements you may have by providing a storage account accordingly.
88
+
You can use this feature to enforce any data residency requirements you have by providing a storage account accordingly.
0 commit comments