Could not access resources - Azure Storage Explorer

SCCMAdmin 111 Reputation points
2024-11-29T22:38:13.4+00:00

Hi,

Can´t access subscriptions at Azure Storage Explorer (using the latest version: 1.36.2 )

Logged successfully.

User's image

At Error details:

{

"name": null,

"message": "{"source":{"accountId":"0000","tenantId":"00000"},"resourceId":"https://management.core.windows.net/","code":"0000","message":"Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003'. Trace ID: 000000 Correlation ID: 0000 Timestamp: 2024-11-29 22:04:28Z"}"

}

The reauthentication is OK, but the problem persists.

I need to connect to storage account to upload files using Azure Storage Explorer.

Thanks in advance!

Azure Storage Explorer
Azure Storage Explorer
An Azure tool that is used to manage cloud storage resources on Windows, macOS, and Linux.
268 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,269 questions
{count} votes

Accepted answer
  1. Luis Arias 7,686 Reputation points
    2024-11-30T00:45:04.43+00:00

    Hi SCCMAdmin, The Global Administrator role does not grant data plane access to Azure Storage resources. For accessing Azure File Shares or Blobs, you need specific Azure RBAC roles:

    • Storage Blob Data Contributor: Grants full access to blob data (read, write, delete).
    • Storage Blob Data Reader: Grants read-only access to blob data.
    • Storage File Data SMB Share Contributor: Grants full access to file shares.
    • Storage File Data SMB Share Reader: Grants read-only access to file shares.

    Steps to Resolve

    • Assign the appropriate role via Azure Portal:
      • Go to Storage Account > Access Control (IAM) > Add Role Assignment.
      • Assign the relevant role (e.g., Storage Blob Data Contributor) to your user.
    • Alternatively, assign via Azure CLI:
          az role assignment create \
            --role "Storage Blob Data Contributor" \
            --assignee <YourUserPrincipalName> \
            --scope /subscriptions/<SubscriptionId>/resourceGroups/<ResourceGroup>/providers/Microsoft.Storage/storageAccounts/<StorageAccountName>
      

    Reauthenticate in Azure Storage Explorer after role assignment to ensure access.

    References

    If this resolves your issue, please accept the answer.

    Luis

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Keshavulu Dasari 2,010 Reputation points Microsoft Vendor
    2024-11-30T00:42:56.6466667+00:00

    Hi SCCMAdmin,
    Welcome to Microsoft Q&A. Thanks for posting your query,
    Based on the error messages and details you've provided the issue is consistently related to authorization failures. Error Message: it is an "AuthorizationFailure" with a 403 status code. This means your account doesn't have the necessary permissions to perform the requested operation.

    Common Error Details: This request is not authorized to perform this operation "AuthorizationFailure" error code.
    403 status code indicating forbidden access.

    Possible Solutions:
    Check Permissions: Ensure your account has the required roles, such as "Storage Account Contributor" or "Storage File Data SMB Share Contributor."
    Role Assignment: If you lack permissions, ask an administrator to assign the appropriate role.
    Re-authenticate: Sign out and back into Azure Storage Explorer.
    Check Azure Policies: Ensure no policies are restricting access.

    These steps should be able to resolve the authorization issue and gain access to your Azure File Shares


    Glad to know that your issue has resolved. And thanks for sharing the solution Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members. 
    User's image

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.