Share via

Azure Blob Storage - Join Domain

Andrea Longhitano 100 Reputation points
2024-07-08T07:38:53.3133333+00:00

Is it possible to join an Azure Blob Storage to a domain and assign permissions like it can be done in an Azure File Share?

I'm searching something similar to this one

https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-enable

but related to blob storage!

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,673 questions
0 comments
Accepted answer
  1. Sumarigo-MSFT 45,421 Reputation points Microsoft Employee
    2024-07-08T13:45:57.75+00:00

    @Andrea Longhitano Welcome to Microsoft Q&A Forum, Thank you for posting your query here

    Azure Blob Storage does not support domain joining in the same way that Azure File Share does. Azure Blob Storage is designed to be accessed over HTTP/HTTPS and does not support SMB protocol, which is required for domain joining. However, you can control access to Blob Storage using Azure Role-Based Access Control (RBAC) and Shared Access Signatures (SAS).

    Here are some key points regarding Azure Blob Storage permissions:

    Azure RBAC: You can assign Azure RBAC roles to users, groups, or service principals at the scope of the storage account or a specific container to grant them access to Blob Storage

    Shared Access Signatures (SAS): SAS tokens provide a way to grant limited access to objects in your storage account to other clients, without exposing your account key

    User's image Detailed information: Authorize access to blobs using Microsoft Entra ID

    Authorize requests to Azure Storage

    User's image For managing access to Azure Blob Storage, you typically use Azure Active Directory (Azure AD) for authentication and Azure RBAC for authorization. While Azure Blob Storage does not support joining to a domain, you can assign permissions to Azure AD identities using Azure RBAC, which allows for a similar level of access control.

    If you're looking for domain join capabilities specifically for file shares, Azure Files supports integration with Azure AD Domain Services for SMB access, which allows you to use NTFS permissions and Active Directory credentials to secure your file shares

    References

    Quickstart: Azure Blob Storage client module for Go - Azure Storage | Microsoft Learn

    @azure/storage-blob package | Microsoft Learn

    Please let us know if you have any further queries. I’m happy to assist you further.    

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Amrinder Singh 4,995 Reputation points Microsoft Employee
    2024-07-08T07:52:13.6333333+00:00

    Hi Andrea Longhitano - Thanks for reaching out.

    Azure Blob Storage and Azure File Shares are 2 different services under Azure Storage offerings.

    With blob storage, you get different options of authorization such as Access Keys, SAS, RBAC, ABAC and ACLs (If HNS Account). This can help you controlling the access and managing the permissions.

    You can start with below link to explore different options available.

    https://learn.microsoft.com/en-us/azure/storage/common/authorize-data-access?toc=%2Fazure%2Fstorage%2Fblobs%2Ftoc.json&bc=%2Fazure%2Fstorage%2Fblobs%2Fbreadcrumb%2Ftoc.json&tabs=blobs

    Hope that helps!

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments