DEV Community: Chinua Ifeanyi

Implementing Secure File Access in Azure Blob Storage Using Shared Access Signatures (SAS)

Chinua Ifeanyi — Thu, 28 May 2026 22:19:29 +0000

Cloud security is one of the most critical aspects of modern infrastructure management, especially when dealing with file storage and resource accessibility.

In this hands-on implementation, I worked with Microsoft Azure Blob Storage to configure secure storage resources, manage container access levels, upload files, and generate Shared Access Signatures (SAS) for controlled resource sharing.

This guide walks through the complete process step-by-step.

What We’ll Cover

In this implementation, we will:

Create an Azure Storage Account
Create a Blob Storage Container
Upload files to the container
Configure container access levels
Generate a Shared Access Signature (SAS)
Securely share resources without exposing storage account keys

Why Shared Access Signatures (SAS) Matter

One of the biggest security risks in cloud environments is overexposing storage credentials.

Instead of granting full access to an entire storage account, Azure SAS allows organizations to provide:

Temporary access
Permission-specific access
Traceable access
Restricted resource-level authorization

This creates a more secure and scalable way to manage cloud storage access.

Prerequisites

Before starting, ensure you have:

A Microsoft Azure account
Access to the Azure Portal
Basic understanding of cloud storage concepts

Azure Portal:

https://portal.azure.com

Step 1 — Create a Storage Account

Sign in to the Azure Portal
Click Create a Resource
Search for Storage Account
Click Create

Fill in the required details:

Subscription
Resource Group
Storage Account Name
Region
Performance Type
Redundancy Option

Click Review + Create and deploy the resource.

Once deployment is complete, open the Storage Account.

📸 Insert Image Here
(Screenshot showing successful Storage Account deployment)

Step 2 — Create a Blob Storage Container

Inside the Storage Account:

Navigate to Data Storage
Click Containers
Select + Container
Enter a container name
Configure the access level

Access levels include:

Private

Only authorized users can access resources.

Blob

Allows public read access for blobs only.

Container

Allows public read access for the entire container.

For secure implementations, Private access is recommended.

Click Create.

Step 3 — Upload Files to the Container

After creating the container:

Open the container
Click Upload
Select your file
Upload the resource

Azure stores the file securely inside Blob Storage.

Step 4 — Modify Container Access Levels

One important part of storage security is understanding how visibility changes based on access configurations.

To modify access:

Open the container
Click Change Access Level
Select the preferred access setting
Save changes

This directly affects:

Resource visibility
Authorization requirements
Public accessibility
Security posture

In enterprise environments, proper access governance is essential for maintaining secure infrastructure.

Step 5 — Generate a Shared Access Signature (SAS)

To securely share a file without exposing account credentials:

Select the uploaded file
Click Generate SAS
Configure the SAS settings

You can define:

Permissions (Read, Write, Delete)
Start and Expiry Time
Allowed IP Addresses
Allowed Protocols (HTTPS Recommended)

After configuration:

Click Generate SAS Token and URL
Copy the generated SAS URL

The generated URL provides temporary and controlled access to the resource.

Step 6 — Understand the Security Benefits

What stands out about SAS in Azure is the level of granular security it provides.

Rather than granting full access to storage accounts, organizations can enforce limited, traceable, and temporary access to specific resources — a critical practice in secure cloud environments.

Key benefits include:

Reduced credential exposure
Better access governance
Time-limited authorization
Permission-based access control
Secure collaboration and file sharing

Final Thoughts

Working with Azure Blob Storage and SAS tokens highlights how modern cloud platforms balance accessibility with enterprise-grade security.

Understanding how to configure storage resources, manage access levels, and implement delegated authorization is an essential skill for cloud engineers, security professionals, and infrastructure administrators.

As cloud adoption continues to grow, secure resource management becomes increasingly important in designing scalable and protected environments.

Azure #CloudComputing #CloudSecurity #AzureStorage #BlobStorage #CyberSecurity #DevOps #SASToken #CloudInfrastructure

Hands-on Azure Entra ID Lab: User Creation, Role Assignment & Privilege Revocation

Chinua Ifeanyi — Thu, 28 May 2026 22:11:37 +0000

Introduction

In this assignment, I performed user and role management tasks in Azure Entra ID. The tasks included:

Creating a new user
Signing in with the new user account
Assigning Global Administrator privileges
Creating another user using the promoted account
Revoking administrative privileges

This practical helped me understand identity and access management in Microsoft Azure.

Requirements

Before starting, ensure you have:

An active Microsoft Azure account
Access to Azure Portal
Permission to manage users and roles

Azure Portal:
Microsoft Azure Portal

Step 1: Sign in to Azure Portal
Open the Azure Portal.
Sign in with your administrator account.

(https://dev-to-uploads.s3.amazonaws.com/uploads/articles/i15gzk5ay2rhjogxihlj.png)

Azure Portal dashboard after login
Step 2: Open Azure Entra ID
In the search bar, type Entra ID
Click on Microsoft Entra ID

Azure Entra ID homepage/dashboard
Step 3: Create a New User
Navigate to:
Users → All Users
Click + New User
Select Create new user
Fill in:
Username
Name
Password settings
Click Review + Create
Click Create

New user creation page
Successfully created user
Explanation

This step creates a new identity within Azure Entra ID that can access Azure resources depending on assigned permissions.

Step 4: Sign In with the Newly Created User
Open an incognito/private browser
Go to Azure Portal
Sign in using:
Newly created username
Temporary password
Change the password if prompted

This confirms the user account was successfully created and can authenticate into Azure.

Step 5: Assign Global Administrator Role
Return to the main administrator account
Go to:
Entra ID → Users
Select the newly created user
Navigate to:
Assigned Roles
Click:
Add assignments
Search for:
Global Administrator
Select it and assign the role

Role assignment page
Global Administrator role selected
Confirmation of assigned role
Explanation

The Global Administrator role provides full administrative access to Azure Entra ID resources and settings.

Step 6: Sign In Using the Promoted Account
Open another incognito/private browser
Sign in using the promoted account

Successful login as Global Administrator
Step 7: Create Another User with the Promoted Account
Using the promoted account:
Go to Entra ID → Users
Click:
New User
Fill in the required information
Create the second user

Second user creation form
Successful creation message
Explanation

This demonstrates that the newly promoted Global Administrator account has sufficient privileges to manage users.

Step 8: Revoke Global Administrator Access
Return to:
Entra ID → Users
Select the first user
Open:
Assigned Roles
Remove:
Global Administrator role

Assigned roles page before removal
Confirmation after removing role
Explanation

Revoking privileged access is an important security practice that follows the principle of least privilege.

Conclusion

Through this assignment, I learned how to:

Create users in Azure Entra ID
Manage administrative privileges
Assign and revoke roles
Test user authentication and access management

This exercise improved my practical understanding of identity and access control in Azure.

Hands-on Azure Entra ID Lab: User Creation, Role Assignment & Privilege Revocation

Chinua Ifeanyi — Wed, 27 May 2026 22:34:41 +0000

Azure Entra ID User and Role Management Assignment

Introduction

In this assignment, I performed user and role management tasks in Azure Entra ID. The tasks included:

Creating a new user
Signing in with the new user account
Assigning Global Administrator privileges
Creating another user using the promoted account
Revoking administrative privileges

This practical helped me understand identity and access management in Microsoft Azure.

Requirements

Before starting, ensure you have:

An active Microsoft Azure account
Access to Azure Portal
Permission to manage users and roles

Azure Portal: https://portal.azure.com

Step 1: Sign in to Azure Portal

Open the Azure Portal and sign in with your administrator account.

Step 2: Open Azure Entra ID

In the search bar, type Entra ID and click on Microsoft Entra ID.

Step 3: Create a New User

Navigate to:

Users → All Users → + New User → Create new user

Fill in:

Username
Name
Password settings

Click:

Review + Create
Create

Explanation

This step creates a new identity within Azure Entra ID that can later be assigned permissions and roles.

Step 4: Sign In with the Newly Created User

Open an incognito/private browser and sign in using the new account credentials.

Explanation

This confirms the user account was successfully created and can authenticate into Azure.

Step 5: Assign Global Administrator Role

Return to the administrator account and navigate:

Entra ID → Users → Select user → Assigned Roles → Add assignments

Select:

Global Administrator

Explanation

The Global Administrator role provides full control over Azure Entra ID resources and identity management.

Step 6: Sign In Using the Promoted Account

Open another incognito window and sign in using the promoted account.

Step 7: Create Another User with the Promoted Account

Using the promoted Global Administrator account:

Go to Entra ID → Users → New User

Create a second user account.

Explanation

This confirms that the elevated account has permission to manage users.

Step 8: Revoke Global Administrator Access

Return to:

Entra ID → Users → Select first user → Assigned Roles

Remove:

Global Administrator

Explanation

Revoking admin access enforces the principle of least privilege and improves security.

Observation

During this exercise, I observed that newly created users did not receive email notifications automatically. However, the accounts were still successfully created and accessible using the provided credentials.

Conclusion

This assignment demonstrated:

User creation in Azure Entra ID
Role assignment and privilege management
Administrative access control
Role revocation and security enforcement

Overall, it strengthened my practical understanding of identity and access management in Microsoft Azure.