Hi Steven , Welcome to MS Q&A
To securely exchange files with a third-party using Azure Storage Account, you can follow these best practices:
- Shared Access Signatures (SAS): Generate SAS tokens with specific permissions (read, write) and provide them to the third party. However, you will need to regenerate tokens when they expire.
- Azure Role-Based Access Control (RBAC): Use Azure RBAC to grant the third party access to the storage account. This method provides more control and can be managed through Azure Active Directory (AAD).
- Managed Identities: Use managed identities for Azure resources to securely access Azure Storage without needing to manage credentials. This can be combined with Azure RBAC to provide secure access to the storage account.
For more detailed information, you can refer to the following resources:
- Best practices for securing PaaS web and mobile applications using Azure Storage
- Security management in Azure - Best practices
- Third-party solutions integrated with Managed HSM
By following these best practices, you can securely exchange files with a third-party while minimizing the need to regenerate tokens frequently.
Please let me know if you have further questions
Kindly accept answer if it helps
Thanks
Deepanshu