As you know Azure Storage is providing storage capabilities on Azure (either for files, blobs, queues or tables).

Until then, when you needed to grant access to a storage space on Azure you had to use shared keys or SAS tokens.

Now you can also use your Azure AD to grant access to Azure storage, making things simpler when you have to provide access to your organization users using the Role Based Access Control capability.

As the service is currently in preview, the capability is limited to Azure Storage Blob and Queue Service.

To start using the feature, you can either use Azure ARM portal, Azure PowerShell, Azure Cli or Azure Authorization Resource Provider API.

 

image

  • Then access the Access control (IAM) blade and Add a permission

image

  • Grant the permission – either Storage Blob Data Contributor (Preview), Storage Blob Data Reader (Preview), Storage Queue Data Contributor (Preview) or Storage Queue Data Reader (Preview)

image 

If you want to use Azure PowerShell or Azure Cli, see the documentation here https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-script