Hello Mahdi,
Greetings! Welcome to Microsoft Q&A Platform.
Yes, you are correct AzCopy now supports both SAS (Shared Access Signature) and Entra ID authorization methods for Azure Files and for Azure Blobs. SAS tokens have been the primary method for authorizing operations with AzCopy for both Azure Files and Azure Blobs. SAS tokens provide time-limited and permission-specific access to Azure Storage resources. You can append a SAS token to each source or destination URL that use in your AzCopy commands.
AzCopy now supports Azure AD authentication is now as Entra ID for both Azure Files and Azure Blobs. Entra ID authorization allows you to use role-based access control (RBAC) to grant granular permissions. This method is more secure and easier to manage, especially in large environments where managing SAS tokens might be little difficult. You can provide AzCopy with authorization credentials by using Microsoft Entra ID. That way, you won't have to append a shared access signature (SAS) token to each command.
For Azure Files with Entra ID, you can authenticate using your Azure AD credentials or a service principal, and AzCopy will use these credentials to authorize operations. For RBAC process you can assign roles like Storage File Data SMB Share Contributor or Storage File Data SMB Share Reader to control access to Azure Files.
For Azure Blobs with Entra ID support allows similar RBAC-based access control, providing an alternative to using SAS tokens.
reference: https://learn.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-authorize-azure-active-directory, https://learn.microsoft.com/en-us/azure/storage/common/storage-use-azcopy-v10?tabs=dnf
Hope this answer helps! please let us know if you have any further queries. I’m happy to assist you further.
Please "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members