@Joe H Welcome to Microsoft Q&A Forum, Thank you for posting your query here!
When they say they have enabled azure AD auth, what do they mean? Do they mean they have disabled access key auth disabled?
If they want to just browse the blob directly by entering the URL of the blob, having Azure AD auth is not possible. because when it’s Azure AD, the auth details are passed as request header and not as URI parameter - which we cannot do in a browser. The only option is using SAS in that case Or else you have to change the access level of the blob as Blob or container and then access the blob directly, but that would compromise the security
Firstly, Let me explain How RBAC works in Azure.
When a security principal (a user, group, or application) attempts to access a blob resource, the request must be authorized, unless it is a blob available for anonymous access. With Azure AD, access to a resource is a two-step process. First, the security principal's identity is authenticated and an OAuth 2.0 token is returned. Next, the token is passed as part of a request to the Blob service and used by the service to authorize access to the specified resource.
The authentication step requires that an application request an OAuth 2.0 access token at runtime. If an application is running from within an Azure entity such as an Azure VM, a virtual machine scale set, or an Azure Functions app, it can use a managed identity to access blob data. To learn how to authorize requests made by a managed identity to the Azure Blob service, see Authorize access to blob data with managed identities for Azure resources.
The authorization step requires that one or more Azure RBAC roles be assigned to the security principal making the request. For more information, see Assign Azure roles for access rights.
Please let us know if you have any further queries. I’m happy to assist you further.
----------
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.