• You are here:
  • Home »
  • Azure News »

AZURE NEWS: “Prevent Shared Key authorization for an Azure Storage account”

Microsoft has recently released a new feature that allows you to prevent Shared Key authentication for Azure Storage Accounts: https://azure.microsoft.com/en-us/updates/prevent-shared-key-authorization-for-an-azure-storage-account/

Here are some key takeaways from the announcement:

  • When you disallow Shared Key authorization for a storage account, requests from clients that are using the ‘account access keys’ for Shared Key authorization will fail
  • Use metrics to determine how many requests the storage account is receiving that are authorized with Shared Key or a shared access signature (SAS)
  • Azure Storage logs in Azure Monitor include the type of authorization that was used to make a request to a storage account
  • When Shared Key access is disallowed for the storage account, Azure Storage handles SAS tokens based on the type of SAS and the service that is targeted by the request
  • Different types of shared access signatures are authorized differently, and behave differently when Shared Key access is disallowed: A service SAS token or an account SAS token is authorized with Shared Key and will not be permitted on a request to Blob storage when the AllowSharedKeyAccess property is set to false

 

NOTE

This feature is generally available (ready for production use).

8