Prevent Shared Key authorization for an Azure Storage account
Published date: May 07, 2021
Every secure request to an Azure Storage account must be authorized. By default, requests can be authorized with either Azure Active Directory (Azure AD) credentials, or by using the account access key for Shared Key authorization. Of these two types of authorization, Azure AD provides superior security and ease of use over Shared Key and is recommended by Microsoft. To require clients to use Azure AD to authorize requests, you can disallow requests to the storage account that are authorized with Shared Key.
We're announcing the general availability of the ability to disable Shared Key authorization for Azure Storage. Before you disable Shared Key authorization on existing storage accounts, we suggest checking existing access patterns via monitoring.