Prevent Shared Key authorisation for an Azure Storage account
Published date: 07 May, 2021
Every secure request to an Azure Storage account must be authorised. By default, requests can be authorised with either Azure Active Directory (Azure AD) credentials or by using the account access key for Shared Key authorisation. Of these two types of authorisation, Azure AD provides superior security and ease of use over Shared Key and is recommended by Microsoft. To require clients to use Azure AD to authorise requests, you can disallow requests to the storage account that are authorised with Shared Key.
We are announcing the general availability of the ability to disable Shared Key authorisation for Azure Storage. Before you disable Shared Key authorisation on existing storage accounts, we suggest checking existing access patterns via monitoring.