Share via

Third party access to Azure storage

VSHAH804 41 Reputation points
2020-06-03T19:40:36.283+00:00

Hello Team,

We need to give access to 3rd party users to our Azure storage account so that they can download the file. Since file share only supports shared access signature, I'm planning to use blobs since It does support AAD authentication. We are planning to provision 3rd party users as guest users in our AAD.

Question is, is the right approach to go with blobs since we want to use AAD authentication and NOT SAS?
If yes, can someone please guide me how to configure storage account blobs so that 3rd party users can get to it.

Thanks.

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,871 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Manu Philip 17,186 Reputation points MVP
    2020-06-03T19:56:39.38+00:00

    Hello,

    I wrote an article in my blog on the topic, "Use an Azure file share with Windows" here: http://cloudcompute.info/use-an-azure-file-share-with-windows/

    Please check if it helps

    Please mark as "Accept the answer" if the above steps helps you. Others with similar issues can also follow the solution as per your suggestion

    Regards,

    Manu

    0 comments
  2. Sumarigo-MSFT 44,906 Reputation points Microsoft Employee
    2020-06-04T16:41:58.353+00:00

    @VSHAH804 If you are willing to provision an account for third parties,

    So the options I see are:

    • SAS to a specific file share
    • AD domain join of your Storage Account and give 3rd party an AD account (caution: review if this is really a best-practice for your company as built-in roles like "all domain users" and others can include this account and give unintentded access to 3rd party users)
    • You can still use an Azure file share for your day-to-day work and then copy the files you want to share to a blob with AAD auth. ( verify this really works I haven't tried it) The file is likely to lose the metadata like ACLs timestamps and attributes but that might be fine in your scenarios.

    I think that would be a good way to round it out.

    Additional information: The caution should also apply to a 3rd party account in AAD if their AAD instance is connected to O365

    Kindly let us know if the above helps or you need further assistance on this issue.

    -----------------------------------------------------------------------------------------------------------------------------------------

    Please do not forget to "Accept the answer" wherever the information provided helps you. This will help others in the community as well.