![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 85%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWH%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,276 questions
Thank you for your post and I apologize for the delayed response!
I understand that you're trying to create a Service Principal to upload files to an Azure Storage Account from on-prem using azcopy and would like to know if it's required for the Service Principal to belong to the same Subscription as the Storage Account. To hopefully help point you in the right direction or resolve your issue, I'll share my findings below.
Findings:
Yes - when it comes to your Service Principal needing to belong to the same Subscription as the Storage Account, this is needed because the service principal needs to have the necessary permissions to access your storage account. If the service principal were to belong to a different subscription, it won't have the required permissions to access your storage account.
For more info:
- Create an Azure Active Directory application and service principal that can access resources
- Get started with AzCopy - Authorize a service principal
Additional Links:
- Authorize access to blobs with AzCopy and Azure Active Directory (Azure AD)
- Service principal object
I hope this helps!
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
