![]() Some features don't support Azure RBAC, such as working with Classic storage accounts. You can disable this feature in Settings ( Services > Storage Accounts > Disable Usage of Keys). Storage Explorer will attempt to use storage account keys, if available, to authenticate requests. We recommend not granting this permission unless it's necessary. Individuals with these roles can effectively circumvent permissions granted or denied by Azure RBAC. Some Azure roles grant permission to retrieve storage account keys. Use Azure RBAC features or SAS to provide access instead. For this reason, we recommend limiting the use of keys to access resources in Storage Explorer. Storage account keys grant unrestricted access to the services and resources within a storage account. When sharing SAS tokens and URIs for troubleshooting purposes, such as in service requests or bug reports, always redact at least the signature portion of the SAS. A short lifespan is especially important for bare SAS, because there's no way to revoke them once generated. Generate tokens that are only valid for as long as necessary.Minimal permissions limit the potential damage that could be done if a SAS is misused. Generate tokens with minimal resource access and permissions.A SAS based on a shared access policy is more secure than a bare SAS, because the SAS can be revoked by deleting the SAP. Use shared access policies (SAP) when generating SAS tokens and URIs if possible.Only use SAS tokens and URIs from entities you trust.Limiting SAS distribution reduces the chance a SAS could be misused. Only distribute SAS tokens and URIs to trusted individuals. Limit the distribution of SAS tokens and URIs.When using SAS in Storage Explorer, we recommend the following guidelines: Revoke a SAS if not generated from a shared access policy (SAP).A valid SAS can be used by anyone who has it. However, with shared access signatures, you can't: Revoke a SAS immediately if generated from a shared access policy (SAP).Provide anonymous limited access to secure resources.If you can't use Azure AD authentication, we recommend using shared access signatures. You can manage your ACLs using Storage Explorer. Access control lists (ACLs)Īccess control lists (ACLs) let you control file and folder level access in ADLS Gen2 blob containers. If you need access to File Shares or Tables, you'll need to assign Azure roles that grant permission to list storage account keys. Storage Explorer supports Azure RBAC access to Storage Accounts, Blobs, and Queues. Azure roles and permissions can be managed from the Azure portal. Azure role-based access control (Azure RBAC)Īzure role-based access control (Azure RBAC) give you fine-grained access control over your Azure resources. This section describes the two Azure AD-based technologies that can be used to secure your storage resources. We recommend using Azure AD authentication whenever possible. Enforce access conditions, such as requiring multi-factor authentication.Revoke access to specific users and groups at any time.Give access to specific users and groups.Signing in uses Azure AD authentication, which allows you to: The easiest and most secure way to access your Azure Storage resources is to sign in with your Azure account. Whatever method you choose, here are our recommendations. Storage Explorer provides various ways to access your Azure Storage resources. Make sure you're working with the correct resources before executing these operations. Certain operations, such as delete and overwrite, are irreversible and may cause data loss. Use caution when executing critical operations.Avoid being overly permissive when granting anyone access to your resources. Ensure only the needed permissions are given to the people who need them.Some scenarios allow you to use HTTP, but HTTP should be used only as a last resort. MICROSOFT AZURE STORAGE EXPLORER FREE DOWNLOAD DOWNLOADData that you download from untrusted sources could be malicious, and uploading data to an untrusted source may result in lost or stolen data. Staying up to date helps ensure general security. Storage Explorer releases may contain security updates. Always use the latest version of Storage Explorer.By following these guidelines, you can ensure your data stays protected. Microsoft Azure Storage Explorer enables you to easily work with Azure Storage data safely and securely on Windows, macOS, and Linux. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |