holgerApr 12, 2023

So, here is a #PowerShell #ResourceGraph query to list all storage accounts and their #allowSharedKeyAccess settings:

Search-AzGraph -Query "resources | where type =~ 'Microsoft.Storage/storageAccounts' | extend allowSharedKeyAccess = parse_json(properties).allowSharedKeyAccess | project subscriptionId, resourceGroup, name, allowSharedKeyAccess"

#Azure #StorageAccount #SharedKeyAccess

Ref: https://learn.microsoft.com/en-gb/azure/storage/common/shared-key-authorization-prevent

Prevent authorization with Shared Key - Azure Storage

To require clients to use Azure AD to authorize requests, you can disallow requests to the storage account that are authorized with Shared Key.