Disable Password Regeneration on Azure Storage Account SFTP Endpoint Users

Dominik Frey 0 Reputation points
2024-04-29T14:16:07.68+00:00

I have an Azure storage account with an SFTP endpoint, and I’ve set up local users with usernames and passwords. These passwords are used on remote devices and thus can only be changed once.

Now I'm afraid, that if a script or a developer regenerates the password by accident, that I have to initiate a trip to all remote devices. Is there a solution to prevent that password reset?

I got a couple of ideas but am not sure if they work:

  1. Can I set IAM permissions that would restrict users to do so?
  2. Can I set a lock on the password?
  3. Can I set the password manually, so in case someone resets it, I just simply set it by myself again?

Is any of my ideas possible or are there others?

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,765 questions
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
1,002 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Amrinder Singh 3,260 Reputation points Microsoft Employee
    2024-04-29T17:21:42.4033333+00:00

    Hi Dominik Frey - Thanks for reaching out over Q&A Forum

    To answer for your suggested options:

    1. Can I set IAM permissions that would restrict users to do so? - No, these permissions aren't controlled via Access Control IAM.
    2. Can I set a lock on the password? - Unfortunately, this isn't possible as well
    3. Can I set the password manually, so in case someone resets it, I just simply set it by myself again? - Sorry, you can't have custom password set from your side.

    Overall, there doesn't appear to be any option to control reset options other than exercising caution. Let me review it once again and shall update if there is any feasibility of the same.

    In the meantime, please let us know if you have any further queries. I’m happy to assist you further.    


    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.