| At line 2 changed 5 lines |
| __Azure Files:__ [Link| https://learn.microsoft.com/en-us/azure/storage/files/]\\ |
| \\ |
| __!!!! '' General restrictions''__: Azure Storage is not a traditional file system but an object storage service. What appears to be a __folder__ is actually just a prefix in the object’s name. As a result, renaming folders is not supported. To __move__ a folder, you must copy all the objects to the new location and then delete them from the original one.\\ |
|
| __!!! Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domains to allow Azure API access:\\ |
| __Azure Storage:__ [Azure Storage Documentation Link| https://learn.microsoft.com/en-us/azure/storage/]\\ |
| ---- |
| __⚠️ General restrictions__: Azure Storage is not a traditional file system but an object storage service. What appears to be a __folder__ is actually just a prefix in the object’s name. As a result, renaming folders is not supported. To __move__ a folder, you must copy all the objects to the new location and then delete them from the original one.\\ |
| ---- |
| __⚠️ Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domains to allow Azure API access:\\ |
| At line 10 changed one line |
| \\ |
| ---- |
| At line 19 changed one line |
| azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@file.core.windows.net/SHARE_NAME/}}} |
|
| azure://<<STORAGE_ACCOUNT_NAME>>:<<ACCESSKEY>>@file.core.windows.net/<<SHARE_NAME>>/ |
| or |
| azure://<<STORAGE_ACCOUNT_NAME>>:<<ACCESSKEY>>@file.privatelink.core.windows.net/<<SHARE_NAME>>/ |
|
| }}}\\ |
| At line 21 removed 3 lines |
| {{{ |
| azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@file.privatelink.core.windows.net/SHARE_NAME/}}} |
| \\ |
| At line 28 changed one line |
| Provide the __Storage Account__ name as the __Username__, and the __Access key__ as the __Password__ in the VFS item’s Properties section.\\ |
| In the VFS item’s Properties section, provide the __Storage Account__ name as the __Username__ and the __Access key__ as the __Password__. The __Share Name__ corresponds to the first folder in the URL.\\ |
| At line 43 changed one line |
| azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@blob.core.windows.net/BLOB_CONTAINER_NAME/ |
|
| azure://<<STORAGE_ACCOUNT_NAME>>:<<ACCESSKEY>>@blob.core.windows.net/<<BLOB_CONTAINER_NAME>>/ |
| or |
| azure://<<STORAGE_ACCOUNT_NAME>>:<<ACCESSKEY>>@blob.core.chinacloudapi.cn/<<BLOB_CONTAINER_NAME>>/ |
| or |
| azure://<<STORAGE_ACCOUNT_NAME>>:<<ACCESSKEY>>@blob.privatelink.core.windows.net/<<BLOB_CONTAINER_NAME>>/ |
| At line 45 removed 6 lines |
| {{{ |
| azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@blob.core.chinacloudapi.cn/BLOB_CONTAINER_NAME/ |
| }}}\\ |
| {{{ |
| azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@blob.privatelink.core.windows.net/BLOB_CONTAINER_NAME/ |
| }}}\\ |
| At line 52 changed one line |
| Provide the __Storage Account__ name as the __Username__, and the __Access key__ as the __Password__ in the VFS item’s Properties section.\\ |
| In the VFS item’s Properties section, provide the __Storage Account__ name as the __Username__ and the __Access key__ as the __Password__. The __Blob Container Name__ corresponds to the first folder in the URL.\\ |
| At line 54 changed one line |
| __!!! Note__ : You need to select the appropriate blob type—__Append Blob__ or __Block Blob__—as specified when the blob was created in Azure. Page Blobs are not supported.\\ |
| __⚠️ Important__ : You need to select the appropriate blob type—__Append Blob__ or __Block Blob__—as specified when the blob was created in Azure. Page Blobs are not supported.\\ |
| At line 63 changed one line |
| To specify the __Blob Container__, use the __Share Name__ input field.\\ |
| To specify the __Blob Container Name__, use the __Share Name__ input field.\\ |
| At line 72 changed 4 lines |
| azure://STORAGE_ACCOUNT_NAME:@blob.core.windows.net/BLOB_CONTAINER_NAME/}}}\\ |
| Or |
| {{{ |
| azure://STORAGE_ACCOUNT_NAME:@file.core.windows.net/SHARE_NAME/}}}\\ |
|
| azure://<<STORAGE_ACCOUNT_NAME>>:@blob.core.windows.net/<<BLOB_CONTAINER_NAME>>/ |
| or |
| azure://<<STORAGE_ACCOUNT_NAME>>:@file.core.windows.net/<<SHARE_NAME>>/ |
|
| }}}\\ |
| At line 77 changed one line |
| Please note that the URL does not include the password section.\\ |
| __⚠️ Note:__ that the URL does not include the password section.\\ |
| At line 84 added one line |
| Provide the Storage Account name as the Username.\\ |
| At line 83 changed one line |
| __Block Blob__: __!!! Note__ -> You need to select the appropriate blob type—__Append Blob__ or __Block Blob__—as specified when the blob was created in Azure. Page Blobs are not supported.\\ |
| The __Share Name__ or __Blob Container Name__ corresponds to the first folder in the URL.\\ |
| At line 89 added 2 lines |
| __Block Blob__: __⚠️ Important__ -> You need to select the appropriate blob type—__Append Blob__ or __Block Blob__—as specified when the blob was created in Azure. Page Blobs are not supported.\\ |
| \\ |
| At line 93 added 2 lines |
| When using the Browse… option in the Jobs interface or plugin interfaces, the user interface differs slightly. See at [1.Azure File Share Link|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Azure%20Integration#section-Azure+Integration-1.AzureFileShare] or at [2. Azure Blob Container Link|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Azure%20Integration#section-Azure+Integration-2.AzureBlobContainer].\\ |
| \\ |
| At line 89 changed one line |
| Azure Storage supports using Microsoft Entra ID to authorize requests to blob data. (see more info : [https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory])\\ |
| Azure Storage supports using Microsoft Entra ID to authorize requests to blob data. (More info : [Authorize Access Azure Active Directory Link|https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory])\\ |
| At line 91 changed 2 lines |
| You will start at the Microsoft Azure portal:\\ |
| [https://azure.microsoft.com/en-us/features/azure-portal/]\\ |
| __⚠️ Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domains to allow authentication and Microsoft Graph API access:\\ |
| • login.microsoftonline.com\\ |
| • graph.microsoft.com\\ |
| At line 94 changed one line |
| __Application registration: __Go to the App registrations and click on New registration:\\ |
| Open the __Microsoft Azure Portal__: [Link|https://azure.microsoft.com/en-us/features/azure-portal]\\ |
| At line 96 changed one line |
| [attachments|SMTP Microsoft Graph XOAUTH 2 Integration/new_registration.png]\\ |
| __Application registration:__ Navigate to App registrations in the Azure Portal. Click on __New registration__ to create a new application.\\ |
| At line 98 changed one line |
| Name it. Select the Microsoft account types. The redirect URL must end with "__register_microsoft_graph_api/__". Then click on register.\\ |
| [SharePoint Integration/new_registration.png]\\ |
| At line 109 added 2 lines |
| In the Redirect URI section, for Platform configuration, select __Web__. The Redirect URL must end with __register_microsoft_graph_api/__.\\ |
| \\ |
| At line 101 changed 2 lines |
| http://localhost:9090/register_microsoft_graph_api/ |
| }}} |
|
| http://localhost:9090/register_microsoft_graph_api/ |
| or |
| https://your.crushftp.domain.com/register_microsoft_graph_api/ |
| |
| }}}\\ |
| At line 104 changed one line |
| [attachments|SMTP Microsoft Graph XOAUTH 2 Integration/register_app.png]\\ |
| __Secret key__: A new client secret must be created. Go to Certificates & secrets, and generate a new client secret by clicking on New client secret. ⚠️ Ensure you copy over the __value__ immediately!\\ |
| At line 106 changed one line |
| Under the redirect URL configuration enable the __Access Token__ to be issued by the authorization endpoint:\\ |
| [SharePoint Integration/new_secret.png]\\ |
| At line 108 changed one line |
| [attachments|SMTP Microsoft Graph XOAUTH 2 Integration/enable_access_token.png]\\ |
| [SharePoint Integration/secret_value.png]\\ |
| At line 110 changed one line |
| Configure the API permissions:\\ |
| Configure the __API permissions__:\\ |
| At line 116 changed one line |
| On your __Storage Account__ at __Access Control (IAM)__ assign the role "__Storage Account Contributor__" and "__Storage Blob Data Contributor__" to the specified user.\\ |
| In your __Storage Account__, navigate to __Access Control (IAM)__ and assign the roles __Storage Account Contributor__ and __Storage Blob Data Contributor__ to the specified user.\\ |
| At line 118 changed one line |
| __Restriction:__ It only works with blob storage.\\ |
| __⚠️ Important__: This applies only to __Blob Storage__.\\ |
| At line 122 changed one line |
| Access the user's VFS settings and configure the Refresh Token for the remote Azure connection. At __User Delegation Settings__ click the "__Get Refresh Token__" button.\\ |
| Access the user’s __VFS settings__ and configure the __Refresh Token__ for the remote Azure connection.\\ |
| • Provide the __Storage Account Name__ in the __Username__ input field.\\ |
| • Under __User Delegation Settings__, click the __Get Refresh Token__ button.\\ |
| At line 124 changed one line |
| [attachments|azure_refresh_token_form.png]\\ |
| [attachments|user_delegation_settings.png]\\ |
| At line 143 added one line |
| __⚠️ Important__: To obtain the __Refresh Token__, the CrushFTP WebInterface’s host and port must match the __Redirect URL__ specified in the __Azure App Registration__. In our example, it was: http://localhost:9090 or https://your.crushftp.domain.com/\\ |
| At line 127 changed one line |
| __Client id : __ You can find it at Azure portal -> App Registration -> Overview:\\ |
| __Client id : __ See at App Registration -> Overview -> Application (client) ID\\ |
| At line 129 changed 9 lines |
| [attachments|SharePoint Integration/client_id.png]\\ |
| \\ |
| __Secret key:__ A new client secret also needs to be created. Go to the "__Certificate & secrets__" and generate a new secret key. Click on New client secret.\\ |
| \\ |
| [attachments|SharePoint Integration/new_secret.png]\\ |
| \\ |
| [attachments|SharePoint Integration/secret_value.png]\\ |
| \\ |
| Sign in as the specified Microsoft user grant access, and obtain the refresh token.\\ |
| __Secret key:__ See at App Registration -> Manage -> Certificates & secrets) make sure to copy the __value__ field, not the ID.\\ |
| At line 139 changed one line |
| [attachments|user_delegation_settings.png]\\ |
| __Tenant:__ See at App Registration -> Overview -> Directory (tenant) ID.\\ |
| At line 141 changed one line |
| __!!!__Provide the storage account name as the "User name" input field.\\ |
| __Scope:__\\ |
| {{{ |
| https://storage.azure.com/user_impersonation offline_access |
| }}} |
|
|
| At line 143 changed one line |
| To get a newly created SAS token for your storage, you need to run the following job example: [CrushTaskExample18]\\ |
| Click OK. Sign in with the specified Microsoft account to grant access and obtain the refresh token. __⚠️ Note__: Be sure to sign in with the Microsoft Account that has the necessary permissions, as configured in the Azure App Registration mentioned above. This will automatically configure the __User Delegation Settings__.\\ |
| [attachments|azure_refresh_token_form.png]\\ |
| At line 161 added 2 lines |
| To generate a new SAS token for your storage account, run the following job example: [Renew Azure SAS token via Azure User impersonation|CrushTaskExample18]\\ |
| \\ |
