Microsoft Storage Azure Explorer

Posted on by admin



Azure Storage Explorer is an app that allows you to view storage resources such as blobs, tables, queues and files in different Azure storage. To install it, first go to storageexplorer.com to download the app and click to download: This will download. Run the file: Accept the terms and click Install: Click Next: Click Next: Click Next to launch the explorer: This will open below. To conclude, Microsoft Azure Storage Explorer is a practical app that provides a streamlined environment for managing your Azure Storage data and cloud-hosted projects. Microsoft Azure Storage Explorer is a standalone app that makes it easy to work with Azure Storage data on Windows, macOS, and Linux. In this article, you'll learn several ways of connecting to and managing your Azure storage accounts.

  1. Unformatted text preview: Microsoft Azure Outline Overview Competition Effects Azure Data Explorer Summary Overview Replaces physical hardware Azure is a collection of various cloud computing services.Provides services such as infrastructure services, cloud storage, data management and querying, and machine learning Competition Competes with Amazon Web Services and Google Cloud.
  2. Optimize your Azure storage management Upload, download, and manage Azure blobs, files, queues, and tables, as well as Azure Cosmos DB and Azure Data Lake Storage entities. Easily access virtual machine disks, and work with either Azure Resource Manager or classic storage accounts. Manage and configure cross-origin resource sharing rules.
-->Microsoft Storage Azure Explorer

Sign-in is the recommended way to access your Azure storage resources with Storage Explorer. By signing in you take advantage of Azure AD backed permissions, such as RBAC and Gen2 POSIX ACLs.

How to sign in

To sign in to Storage Explorer, open the Connect dialog. You can open the Connect dialog either from the left-hand vertical toolbar, or by clicking on Add account... on the Account Panel.

Once you have the dialog open, choose Subscription as the type of resource you want to connect to and click Next.

You now need to choose what Azure environment you want to sign into. You can pick from any of the known environments, such as Azure or Azure China, or you can add your own environment. Once you have your environment selected, click Next.

At this point, your OS' default web browser will launch and a sign-in page will be opened. For best results, leave this browser window open as long as you're using Storage Explorer or at least until you've performed all expected MFA. When you have finished signing in, you can return to Storage Explorer.

Managing accounts

You can manage and remove Azure accounts that you've signed into from the Account Panel. You can open the Account Panel by clicking on the Manage Accounts button on the left-hand vertical toolbar.

In the Account Panel you'll see any accounts that you have signed into. Under each account will be:

  • The tenants the account belongs to
  • For each tenant, the subscriptions you have access to

By default, Storage Explorer only signs you into your home tenant. If you want to view subscriptions and resources from another tenant, you'll need to activate that tenant. To activate a tenant, check the checkbox next to it. Once you're done working with a tenant, you can uncheck its checkbox to deactivate it. You cannot deactivate your home tenant.

After activating a tenant, you may need to reenter your credentials before Storage Explorer can load subscriptions or access resources from the tenant. Having to reenter your credentials usually happens because of a conditional access (CA) policy such as multi-factor authentication (MFA). And even though you may have already performed MFA for another tenant, you might still have to do it again. To reenter your credentials, simply click on Reenter credentials.... You can also click on Error details... to see exactly why subscriptions failed to load.

Once your subscriptions have loaded, you can choose which ones you want to filter in/out by checking or unchecking their checkboxes.

If you want to remove your entire Azure account, then click on the Remove next to the account.

Changing where sign-in happens

Microsoft Azure Storage Explorer Unable To Retrieve Child Resources

By default sign-in will happen in your OS' default web browser. Signing-in with your default web browser streamlines how you access resources secured via CA policies, such as MFA. If for some reason signing in with your OS' default web browser isn't working, you can change where or how Storage Explorer performs sign-in.

Under Settings (gear icon on the left) > Application > Sign-in, look for the Sign in with setting. There are three options:

  • Default Web Browser: sign-in will happen in your OS' default web browser. This option is recommended.
  • Integrated Sign-In: sign-in will happen in a Storage Explorer window. This option may be useful if you're trying to log in with multiple Microsoft accounts (MSAs) at once. You may have issues with some CA policies if you choose this option.
  • Device Code Flow: Storage Explorer will give you a code to enter into a browser window. This option isn't recommended. Device code flow isn't compatible with many CA policies.

Troubleshooting sign-in issues

Microsoft Storage Azure Explorer App

If you're having trouble signing in, or are having issues with an Azure account after signing in, refer to the sign in section of the Storage Explorer troubleshooting guide.

Next steps

-->

Microsoft Azure Storage Explorer enables you to easily work with Azure Storage data safely and securely on Windows, macOS, and Linux. By following these guidelines, you can ensure your data stays protected.

General

  • Always use the latest version of Storage Explorer. Storage Explorer releases may contain security updates. Staying up to date helps ensure general security.
  • Only connect to resources you trust. Data that you download from untrusted sources could be malicious, and uploading data to an untrusted source may result in lost or stolen data.
  • Use HTTPS whenever possible. Storage Explorer uses HTTPS by default. Some scenarios allow you to use HTTP, but HTTP should be used only as a last resort.
  • Ensure only the needed permissions are given to the people who need them. Avoid being overly permissive when granting anyone access to your resources.
  • Use caution when executing critical operations. Certain operations, such as delete and overwrite, are irreversible and may cause data loss. Make sure you're working with the correct resources before executing these operations.

Choosing the right authentication method

Storage Explorer provides various ways to access your Azure Storage resources. Whatever method you choose, here are our recommendations.

Azure AD authentication

The easiest and most secure way to access your Azure Storage resources is to sign in with your Azure account. Signing in uses Azure AD authentication, which allows you to:

  • Give access to specific users and groups.
  • Revoke access to specific users and groups at any time.
  • Enforce access conditions, such as requiring multi-factor authentication.

We recommend using Azure AD authentication whenever possible.

This section describes the two Azure AD-based technologies that can be used to secure your storage resources.

Azure role-based access control (Azure RBAC)

Azure role-based access control (Azure RBAC) give you fine-grained access control over your Azure resources. Azure roles and permissions can be managed from the Azure portal.

Storage Explorer supports Azure RBAC access to Storage Accounts, Blobs, and Queues. If you need access to File Shares or Tables, you'll need to assign Azure roles that grant permission to list storage account keys.

Access control lists (ACLs)

Access control lists (ACLs) let you control file and folder level access in ADLS Gen2 blob containers. You can manage your ACLs using Storage Explorer.

Shared access signatures (SAS)

If you can't use Azure AD authentication, we recommend using shared access signatures. With shared access signatures, you can:

  • Provide anonymous limited access to secure resources.
  • Revoke a SAS immediately if generated from a shared access policy (SAP).

However, with shared access signatures, you can't:

  • Restrict who can use a SAS. A valid SAS can be used by anyone who has it.
  • Revoke a SAS if not generated from a shared access policy (SAP).

When using SAS in Storage Explorer, we recommend the following guidelines:

  • Limit the distribution of SAS tokens and URIs. Only distribute SAS tokens and URIs to trusted individuals. Limiting SAS distribution reduces the chance a SAS could be misused.
  • Only use SAS tokens and URIs from entities you trust.
  • Use shared access policies (SAP) when generating SAS tokens and URIs if possible. A SAS based on a shared access policy is more secure than a bare SAS, because the SAS can be revoked by deleting the SAP.
  • Generate tokens with minimal resource access and permissions. Minimal permissions limit the potential damage that could be done if a SAS is misused.
  • Generate tokens that are only valid for as long as necessary. A short lifespan is especially important for bare SAS, because there's no way to revoke them once generated.

Azure File Explorer Download

Important

When sharing SAS tokens and URIs for troubleshooting purposes, such as in service requests or bug reports, always redact at least the signature portion of the SAS.

Storage account keys

Storage account keys grant unrestricted access to the services and resources within a storage account. For this reason, we recommend limiting the use of keys to access resources in Storage Explorer. Use Azure RBAC features or SAS to provide access instead.

Some Azure roles grant permission to retrieve storage account keys. Individuals with these roles can effectively circumvent permissions granted or denied by Azure RBAC. We recommend not granting this permission unless it's necessary.

Storage Explorer will attempt to use storage account keys, if available, to authenticate requests. You can disable this feature in Settings (Services > Storage Accounts > Disable Usage of Keys). Some features don't support Azure RBAC, such as working with Classic storage accounts. Such features still require keys and are not affected by this setting.

If you must use keys to access your storage resources, we recommend the following guidelines:

  • Don't share your account keys with anyone.
  • Treat your storage account keys like passwords. If you must make your keys accessible, use secure storage solutions such as Azure Key Vault.

Note

If you believe a storage account key has been shared or distributed by mistake, you can generate new keys for your storage account from the Azure portal.

Public access to blob containers

Azure Storage Explorer Client Download

Storage Explorer allows you to modify the access level of your Azure Blob Storage containers. Non-private blob containers allow anyone anonymous read access to data in those containers.

When enabling public access for a blob container, we recommend the following guidelines:

Azure Blob Storage Explorer

  • Don't enable public access to a blob container that may contain any potentially sensitive data. Make sure your blob container is free of all private data.
  • Don't upload any potentially sensitive data to a blob container with Blob or Container access.

Configure Microsoft Azure Storage Explorer

Next steps