Share via

SAS Token Management and Security Features in Multi-Region Blob Storage with Azure Front Door

송대건 0 Reputation points
2025-11-20T05:50:43.4866667+00:00

We currently operate Blob Storage in the Korea region and plan to add replication in the US and Europe regions.

1. Current Situation and Requirements

  • We run a single server instance responsible for user authentication and authorization logic.

Users should only have access to their permitted private Blob assets.

SAS tokens must be generated per Storage Account, and our server needs to efficiently manage SAS token generation for multiple regions.

We want Azure Front Door (AFD) to handle traffic routing, while the server is only responsible for SAS token issuance.

We would like to know if the URL signing key management and token validation features are currently supported in AFD Premium SKU and how to configure them if available.

Guidance on best practices for securely accessing private Blob Storage using AFD combined with Private Link would be appreciated.

Recommendations or architectural patterns for efficiently managing multiple Storage Accounts and SAS tokens within a single server instance would be very helpful.

2. Additional Information

We upgraded from Standard SKU to Premium SKU due to lack of UI and features in Standard, but still do not see SAS-related URL signing or key management UI.

We have not found consistent solutions in official documentation or community forums, so we seek your guidance.

We look forward to your prompt response. Please let us know if you need any further information. Thank you.

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ravi Varma Mudduluru 3,550 Reputation points Microsoft External Staff Moderator
    2025-11-20T12:38:48.46+00:00

    Hello @송대건.

    Thanks for reaching out to Microsoft Q&A.

    I understand that you’re working on a setup involving Azure Blob Storage across multiple regions and using Azure Front Door, and you have some specific questions about SAS token management and security features.

    According to the Microsoft documentation, SAS authentication applies to both SKUs (Standard and Premium). Please refer to the document below and set up the requirements based on your configuration.

     Follow the steps in the document to complete the configuration.

    https://learn.microsoft.com/en-us/azure/frontdoor/integrate-storage-account

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.