Hello @Pavankumar-3526 ,
Welcome to the MS Q&A platform.
Every secure request to an Azure Storage account must be authorized. By default, requests can be authorized with either Azure Active Directory (Azure AD) credentials, or by using the account access key for Shared Key authorization. Of these two types of authorization, Azure AD provides superior security and ease of use over Shared Key, and is recommended by Microsoft. To require clients to use Azure AD to authorize requests, you can disallow requests to the storage account that are authorized with Shared Key.
When you disable storage account key access, Azure Storage rejects all subsequent requests to that account that are authorized with the account access keys. Only secured requests that are authorized with Azure AD will succeed.
The default setting on the storage account is
Enabled- Allow storage account key access
Disabled- Default to Azure Active Directory authorization in the Azure portal
When you disable Allow storage account key access, You should enable AAD. Then the Synapse link for DV automatically authorizes the Storage account using AAD.
It seems like when you disable the storage account key access, AAD is also disabled(default behavior).
When you link your environment to the lake/synapse, you will need to grant service access to the storage account. After the first time, the service takes over. The synapse link for Dataverse uses its SP to write to the lake. It doesn't use user credentials or storage keys. However, it needs App's SP permission to write the data. This is a one-time setup.
I believe this is the reason for the failure when the storage account key is disabled. Make sure to enable AAD if you disable the storage account access key.
I hope this clarifies you. Please let me know if you have any further questions.
Reference document: https://learn.microsoft.com/en-us/azure/storage/common/shared-key-authorization-prevent?tabs=portal#remediate-authorization-via-shared-key
- Please don't forget to click on and upvote button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
- Want a reminder to come back and check responses? Here is how to subscribe to a notification
- If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators