{"id":1504,"date":"2019-03-28T00:00:00","date_gmt":"2019-03-28T00:00:00","guid":{"rendered":"https:\/\/azure.microsoft.com\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available"},"modified":"2025-06-19T07:23:55","modified_gmt":"2025-06-19T14:23:55","slug":"azure-storage-support-for-azure-ad-based-access-control-now-generally-available","status":"publish","type":"post","link":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/","title":{"rendered":"Azure Storage support for Azure Active Directory based access control generally available"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">We are pleased to share the general availability of <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/storage\/common\/storage-auth-aad\" target=\"_blank\" rel=\"noreferrer noopener\">Azure Active Directory (AD) based access control<\/a> for Azure Storage Blobs and Queues. Enterprises can now grant specific data access permissions to users and service identities from their Azure AD tenant using <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/storage\/common\/storage-auth-aad-rbac\" target=\"_blank\" rel=\"noreferrer noopener\">Azure\u2019s Role-based access control (RBAC)<\/a>.&nbsp; Administrators can then track individual user and service access to data using <a href=\"https:\/\/docs.microsoft.com\/en-us\/rest\/api\/storageservices\/storage-analytics-log-format\" target=\"_blank\" rel=\"noreferrer noopener\">Storage Analytics logs<\/a>. Storage accounts can be configured to be more secure by removing the need for most users to have access to powerful storage account access keys.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">By leveraging Azure AD to authenticate users and services, enterprises gain access to the full array of <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/\" target=\"_blank\" rel=\"noreferrer noopener\">capabilities that Azure AD provides<\/a>, including features like two-factor authentication, conditional access, identity protection, and more. Azure AD <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/privileged-identity-management\/pim-configure\" target=\"_blank\" rel=\"noreferrer noopener\">Privileged Identity Management (PIM)<\/a> can also be used to assign roles \u201cjust-in-time\u201d and reduce the security risk of standing administrative access.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In addition, developers can use <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/managed-identities-azure-resources\/overview\" target=\"_blank\" rel=\"noreferrer noopener\">Managed identities for Azure resources<\/a> to deploy <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/storage\/common\/storage-auth-aad-msi\" target=\"_blank\" rel=\"noreferrer noopener\">secure Azure Storage applications<\/a> without having to manage application secrets.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">When Azure AD authentication is combined with the new Azure Data Lake Storage Gen 2 capabilities, users can also take advantage of granular file and folder access control using <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/storage\/blobs\/data-lake-storage-access-control#access-control-lists-on-files-and-directories\" target=\"_blank\" rel=\"noreferrer noopener\">POSIX-style access permissions and access control lists<\/a> (ACL\u2019s).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/role-based-access-control\/overview\" target=\"_blank\" rel=\"noreferrer noopener\">RBAC for Azure Resources<\/a> can be used to grant access to broad sets of resources across a subscription, a resource group, or to individual resources like a storage account and blob container. Role assignments can be made through the Azure portal or through tools like Azure PowerShell, Azure CLI, or Azure Resource Manager templates.<\/p>\n\n\n\n<figure class=\"wp-block-image has-custom-border\"><img decoding=\"async\" src=\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2019\/03\/storageportalroleassignment.webp\" alt=\"Assign a role to a user\" style=\"border-radius:0px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Azure AD authentication is available from the standard Azure Storage tools including the Azure portal, Azure CLI, Azure PowerShell, Azure Storage Explorer, and AzCopy.<\/p>\n\n\n\n<figure class=\"wp-block-image has-custom-border\"><img decoding=\"async\" src=\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2019\/03\/storageportalblobbrowse.webp\" alt=\"Browse Azure Storage blobs using the Azure portal\" style=\"border-radius:0px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">$ az login Note, <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">we have launched a browser for you to login. For old experience with device code, use &#8220;az login &#8211;use-device-code&#8221; You have logged in. Now let us find all the subscriptions to which you have access\u2026<\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; auto-links: false; gutter: false; title: ; quick-code: false; notranslate\" title=\"\">\n[\n  {\n    \"cloudName\": \"AzureCloud\",\n    \"id\": \"XXXXXXXX-YYYY-ZZZZ-AAAA-BBBBBBBBBBBB\",\n    \"isDefault\": true,\n    \"name\": \"My Subscription\",\n    \"state\": \"Enabled\",\n    \"tenantId\": \"00000000-0000-0000-0000-000000000000\",\n    \"user\": {\n      \"name\": \"cbrooks@microsoft.com\",\n      \"type\": \"user\"\n    }\n  }\n]\n$ export AZURE_STORAGE_AUTH_MODE=\"login\"\n$ az storage blob list --account-name mysalesdata --container-name mycontainer --query [].name\n[\n  \"salesdata.csv\"\n]\n<\/pre><\/div>\n\n\n<p class=\"wp-block-paragraph\">We encourage you to use Azure AD to grant users access to data, and to limit user access to the storage account access keys. A typical pattern for this would be to grant users the &#8220;Reader&#8221; role make the storage account visible to them in the portal along with the &#8220;Storage Blob Data Reader&#8221; role to grant read access to blob data. Users who need to create or modify blobs can be granted the &#8220;Storage Blob Data Contributor&#8221; role instead.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Developers are encouraged to evaluate <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/managed-identities-azure-resources\/overview\" target=\"_blank\" rel=\"noreferrer noopener\">Managed Identities for Azure resources<\/a> to authenticate applications in Azure or <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/develop\/howto-create-service-principal-portal\" target=\"_blank\" rel=\"noreferrer noopener\">Azure AD service principals<\/a> for apps running outside Azure.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Azure AD access control for Azure Storage is available now for production use in all Azure cloud environments<\/p>\n\n\n<p>\u00a0<\/p>\n<pre>\n<\/pre>\n<p>\u00a0<\/p>","protected":false},"excerpt":{"rendered":"<p>We are pleased to announce the general availability of Azure AD based access control for Azure Storage Blobs and Queues.  Enterprises can now grant specific data access permissions to users and service identities from Azure AD using Azure\u2019s Role-based access control (RBAC).<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ms_queue_id":[],"ep_exclude_from_search":false,"_classifai_error":"","_classifai_text_to_speech_error":"","_alt_title":"","footnotes":"","msx_community_cta_settings":[]},"categories":[1506],"tags":[],"audience":[3053,3056],"content-type":[],"product":[1569],"tech-community":[],"topic":[],"coauthors":[436],"class_list":["post-1504","post","type-post","status-publish","format-standard","hentry","category-identity","audience-it-decision-makers","audience-it-implementors","product-microsoft-entra-id","review-flag-1680286584-658","review-flag-2-1680286581-601","review-flag-gener-1680286584-335","review-flag-new-1680286579-546"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Azure Storage support for Azure Active Directory based access control generally available | Microsoft Azure Blog<\/title>\n<meta name=\"description\" content=\"We are pleased to announce the general availability of Azure AD based access control for Azure Storage Blobs and Queues. Enterprises can now grant specific data access permissions to users and service identities from Azure AD using Azure\u2019s Role-based access control (RBAC).\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Azure Storage support for Azure Active Directory based access control generally available | Microsoft Azure Blog\" \/>\n<meta property=\"og:description\" content=\"We are pleased to announce the general availability of Azure AD based access control for Azure Storage Blobs and Queues. Enterprises can now grant specific data access permissions to users and service identities from Azure AD using Azure\u2019s Role-based access control (RBAC).\" \/>\n<meta property=\"og:url\" content=\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Azure Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/microsoftazure\" \/>\n<meta property=\"article:published_time\" content=\"2019-03-28T00:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-19T14:23:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2019\/03\/storageportalroleassignment.webp\" \/>\n<meta name=\"author\" content=\"Chris Brooks\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@azure\" \/>\n<meta name=\"twitter:site\" content=\"@azure\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chris Brooks\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/\"},\"author\":[{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/author\/chris-brooks\/\",\"@type\":\"Person\",\"@name\":\"Chris Brooks\"}],\"headline\":\"Azure Storage support for Azure Active Directory based access control generally available\",\"datePublished\":\"2019-03-28T00:00:00+00:00\",\"dateModified\":\"2025-06-19T14:23:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/\"},\"wordCount\":454,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2019\/03\/storageportalroleassignment.webp\",\"articleSection\":[\"Identity\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/\",\"name\":\"Azure Storage support for Azure Active Directory based access control generally available | Microsoft Azure Blog\",\"isPartOf\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2019\/03\/storageportalroleassignment.webp\",\"datePublished\":\"2019-03-28T00:00:00+00:00\",\"dateModified\":\"2025-06-19T14:23:55+00:00\",\"description\":\"We are pleased to announce the general availability of Azure AD based access control for Azure Storage Blobs and Queues. Enterprises can now grant specific data access permissions to users and service identities from Azure AD using Azure\u2019s Role-based access control (RBAC).\",\"breadcrumb\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/#primaryimage\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2019\/03\/storageportalroleassignment.webp\",\"contentUrl\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2019\/03\/storageportalroleassignment.webp\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog home\",\"item\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Hybrid + multicloud\",\"item\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/category\/hybrid-multicloud\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Azure Storage support for Azure Active Directory based access control generally available\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#website\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/\",\"name\":\"Microsoft Azure Blog\",\"description\":\"Get the latest Azure news, updates, and announcements from the Azure blog. From product updates to hot topics, hear from the Azure experts.\",\"publisher\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization\",\"name\":\"Microsoft Azure Blog\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2024\/06\/microsoft_logo.webp\",\"contentUrl\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2024\/06\/microsoft_logo.webp\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Azure Blog\"},\"image\":{\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/microsoftazure\",\"https:\/\/x.com\/azure\",\"https:\/\/www.instagram.com\/microsoftdeveloper\/\",\"https:\/\/www.linkedin.com\/company\/16188386\",\"https:\/\/www.youtube.com\/user\/windowsazure\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/person\/c702e5edd662b328b49b7e1180cab117\",\"name\":\"shakir\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g7664e653ea371ce16eaf75e9fa8952c4\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g\",\"caption\":\"shakir\"},\"sameAs\":[\"https:\/\/azure.microsoft.com\"],\"url\":\"https:\/\/azure.microsoft.com\/en-us\/blog\/author\/shakir\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Azure Storage support for Azure Active Directory based access control generally available | Microsoft Azure Blog","description":"We are pleased to announce the general availability of Azure AD based access control for Azure Storage Blobs and Queues. Enterprises can now grant specific data access permissions to users and service identities from Azure AD using Azure\u2019s Role-based access control (RBAC).","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/","og_locale":"en_US","og_type":"article","og_title":"Azure Storage support for Azure Active Directory based access control generally available | Microsoft Azure Blog","og_description":"We are pleased to announce the general availability of Azure AD based access control for Azure Storage Blobs and Queues. Enterprises can now grant specific data access permissions to users and service identities from Azure AD using Azure\u2019s Role-based access control (RBAC).","og_url":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/","og_site_name":"Microsoft Azure Blog","article_publisher":"https:\/\/www.facebook.com\/microsoftazure","article_published_time":"2019-03-28T00:00:00+00:00","article_modified_time":"2025-06-19T14:23:55+00:00","og_image":[{"url":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2019\/03\/storageportalroleassignment.webp","type":"","width":"","height":""}],"author":"Chris Brooks","twitter_card":"summary_large_image","twitter_creator":"@azure","twitter_site":"@azure","twitter_misc":{"Written by":"Chris Brooks","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/#article","isPartOf":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/"},"author":[{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/author\/chris-brooks\/","@type":"Person","@name":"Chris Brooks"}],"headline":"Azure Storage support for Azure Active Directory based access control generally available","datePublished":"2019-03-28T00:00:00+00:00","dateModified":"2025-06-19T14:23:55+00:00","mainEntityOfPage":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/"},"wordCount":454,"commentCount":0,"publisher":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization"},"image":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/#primaryimage"},"thumbnailUrl":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2019\/03\/storageportalroleassignment.webp","articleSection":["Identity"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/","name":"Azure Storage support for Azure Active Directory based access control generally available | Microsoft Azure Blog","isPartOf":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/#primaryimage"},"image":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/#primaryimage"},"thumbnailUrl":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2019\/03\/storageportalroleassignment.webp","datePublished":"2019-03-28T00:00:00+00:00","dateModified":"2025-06-19T14:23:55+00:00","description":"We are pleased to announce the general availability of Azure AD based access control for Azure Storage Blobs and Queues. Enterprises can now grant specific data access permissions to users and service identities from Azure AD using Azure\u2019s Role-based access control (RBAC).","breadcrumb":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/#primaryimage","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2019\/03\/storageportalroleassignment.webp","contentUrl":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2019\/03\/storageportalroleassignment.webp"},{"@type":"BreadcrumbList","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/azure-storage-support-for-azure-ad-based-access-control-now-generally-available\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog home","item":"https:\/\/azure.microsoft.com\/en-us\/blog\/"},{"@type":"ListItem","position":2,"name":"Hybrid + multicloud","item":"https:\/\/azure.microsoft.com\/en-us\/blog\/category\/hybrid-multicloud\/"},{"@type":"ListItem","position":3,"name":"Azure Storage support for Azure Active Directory based access control generally available"}]},{"@type":"WebSite","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#website","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/","name":"Microsoft Azure Blog","description":"Get the latest Azure news, updates, and announcements from the Azure blog. From product updates to hot topics, hear from the Azure experts.","publisher":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/azure.microsoft.com\/en-us\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#organization","name":"Microsoft Azure Blog","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2024\/06\/microsoft_logo.webp","contentUrl":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-content\/uploads\/2024\/06\/microsoft_logo.webp","width":512,"height":512,"caption":"Microsoft Azure Blog"},"image":{"@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/microsoftazure","https:\/\/x.com\/azure","https:\/\/www.instagram.com\/microsoftdeveloper\/","https:\/\/www.linkedin.com\/company\/16188386","https:\/\/www.youtube.com\/user\/windowsazure"]},{"@type":"Person","@id":"https:\/\/azure.microsoft.com\/en-us\/blog\/#\/schema\/person\/c702e5edd662b328b49b7e1180cab117","name":"shakir","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g7664e653ea371ce16eaf75e9fa8952c4","url":"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9342c7c05bb16548741bc5cd3a3e3b7ee0c8e746844ad2cc582db5beb5514c6f?s=96&d=mm&r=g","caption":"shakir"},"sameAs":["https:\/\/azure.microsoft.com"],"url":"https:\/\/azure.microsoft.com\/en-us\/blog\/author\/shakir\/"}]}},"msxcm_display_generated_audio":false,"msxcm_animated_featured_image":null,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Azure Blog","distributor_original_site_url":"https:\/\/azure.microsoft.com\/en-us\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/posts\/1504","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/comments?post=1504"}],"version-history":[{"count":1,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/posts\/1504\/revisions"}],"predecessor-version":[{"id":42476,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/posts\/1504\/revisions\/42476"}],"wp:attachment":[{"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/media?parent=1504"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/categories?post=1504"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/tags?post=1504"},{"taxonomy":"audience","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/audience?post=1504"},{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/content-type?post=1504"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/product?post=1504"},{"taxonomy":"tech-community","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/tech-community?post=1504"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/topic?post=1504"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/azure.microsoft.com\/en-us\/blog\/wp-json\/wp\/v2\/coauthors?post=1504"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}