\\
__Azure Files:__ [Link| https://learn.microsoft.com/en-us/azure/storage/files/]\\
\\
__!!!! '' General restrictions''__:  Azure Storage is not a traditional file system but an object storage service. What appears to be a __folder__ is actually just a prefix in the object’s name. As a result, renaming folders is not supported. To __move__ a folder, you must copy all the objects to the new location and then delete them from the original one.\\

__!!! Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domains to allow Azure API access:\\
• __file.core.windows.net__ or __file.privatelink.core.windows.net__\\
• __blob.core.windows.net__, __blob.core.chinacloudapi.cn__ or __blob.privatelink.core.windows.net__\\
\\

!1. Azure File Share\\
\\
CrushFTP supports Microsoft Azure Shares as a [VFS] item, it requires a __Storage Account:__ [Storage account overview Link| https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview].\\
More Info: [Azure File Share Link|https://learn.microsoft.com/en-us/azure/storage/files/storage-how-to-create-file-share?tabs=azure-portal]\\
\\
The URL should follow this structure (replace the placeholders with your actual values):\\
\\
{{{
azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@file.core.windows.net/SHARE_NAME/}}}
\\
{{{
azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@file.privatelink.core.windows.net/SHARE_NAME/}}}
\\
You can find the required details in the __Azure Portal__. Navigate to your __Storage Account__, then select __Access keys__ from the left-hand menu to view the credentials.\\
\\
[attachments|AzurePortalAccessKey.png]\\
\\
Provide the __Storage Account__ name as the __Username__, and the __Access key__ as the __Password__ in the VFS item’s Properties section.\\
\\
[attachments|AzureConfiguration3.png]\\
\\
When using the __Browse…__ option in the Jobs interface or plugin interfaces, the user interface differs slightly:\\
\\
There is an input field specifically for the file service share, labeled __Share Name__.\\
[attachments|azureRemoteItem3.png]\\
\\
!2. Azure Blob Container\\
\\
CrushFTP supports __Azure Blobs__ ([Introduction to Azure Blob Storage Link|https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction]) as VFS item, it requires a __Storage Account:__ [Storage account overview Link|https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview].\\
\\
The URL should follow this structure (replace the placeholders with your actual values):\\
{{{
azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@blob.core.windows.net/BLOB_CONTAINER_NAME/
}}}\\
{{{
azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@blob.core.chinacloudapi.cn/BLOB_CONTAINER_NAME/
}}}\\
{{{
azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@blob.privatelink.core.windows.net/BLOB_CONTAINER_NAME/
}}}\\
[attachments|azure_blob3.png]\\
\\
__Data Lake storage Gen2__: More info on the official website: [Data Lake Storage Introduction Link|https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-introduction].\\
Turn on the flag if the storage type is the data lake. It connects through __Azure Blob Storage REST API__ [Blob Service REST API Link|https://learn.microsoft.com/en-us/rest/api/storageservices/blob-service-rest-api].\\
(This is not Azure Data Lake Storage Gen2 REST API: [https://learn.microsoft.com/en-us/rest/api/storageservices/data-lake-storage-gen2])\\
\\
When using “Browse…” in the Jobs interface, or plugin interfaces, the UI is slightly different:\\
\\
To specify the blob container use the input field: Share Name \\
[attachments|azure_blobRemoteItem.png]\\
\\

You need to select the blob type (append blob or block blobs - page blobs are not supported) specified when creating the blob on Azure.

!3. SAS token\\
\\
Azure also can delegate access with a shared access signature (SAS) [https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview].\\
In this case, the URL should look like:
{{{
azure://STORAGE_ACCOUNT_NAME:@blob.core.windows.net/BLOB_CONTAINER_NAME/}}}\\
Or
{{{
azure://STORAGE_ACCOUNT_NAME:@file.core.windows.net/SHARE_NAME/}}}\\
\\
[attachments|SAS.png]\\
\\
The __password field should be empty__ and put the SAS token to the "__Shared access signature token__" input field.\\
\\
[attachments|azure_VFS_SAS.png]\\
\\
!4. Authorize access to blobs using Microsoft Entra ID\\
\\
Azure Storage supports using Microsoft Entra ID to authorize requests to blob data. (see more info : [https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory])\\
\\
You will start at the Microsoft Azure portal:\\
[https://azure.microsoft.com/en-us/features/azure-portal/]\\
\\
__Application registration: __Go to the App registrations and click on New registration:\\
\\
[attachments|SMTP Microsoft Graph XOAUTH 2 Integration/new_registration.png]\\
\\
Name it. Select the Microsoft account types. The redirect URL must end with "__register_microsoft_graph_api/__". Then click on register.\\
\\
{{{
http://localhost:9090/register_microsoft_graph_api/
}}}
\\
[attachments|SMTP Microsoft Graph XOAUTH 2 Integration/register_app.png]\\
\\
Under the redirect URL configuration enable the __Access Token__ to be issued by the authorization endpoint:\\
\\
[attachments|SMTP Microsoft Graph XOAUTH 2 Integration/enable_access_token.png]\\
\\
Configure the API permissions:\\
\\
[attachments|azure_api_permission_blob.png]\\
\\
[attachments|azure_user_impersonation.png]\\
\\
On your __Storage Account__ at __Access Control (IAM)__ assign the role "__Storage Account Contributor__" and "__Storage Blob Data Contributor__" to the specified user.\\ 
\\
__Restriction:__ It only works with blob storage.\\
\\
[attachments|azure_access_control_roles.png]\\
\\
Access the user's VFS settings and configure the Refresh Token for the remote Azure connection. At __User Delegation Settings__ click the "__Get Refresh Token__" button.\\
\\
[attachments|azure_refresh_token_form.png]\\
\\
\\
__Client id : __ You can find it at Azure portal -> App Registration -> Overview:\\  
\\
[attachments|SharePoint Integration/client_id.png]\\
\\
__Secret key:__ A new client secret also needs to be created. Go to the "__Certificate & secrets__" and generate a new secret key. Click on New client secret.\\
\\
[attachments|SharePoint Integration/new_secret.png]\\
\\
[attachments|SharePoint Integration/secret_value.png]\\
\\
Sign in as the specified Microsoft user grant access, and obtain the refresh token.\\
\\ 
[attachments|user_delegation_settings.png]\\
\\
__!!!__Provide the storage account name as the "User name" input field.\\
\\
To get a newly created SAS token for your storage, you need to run the following job example: [CrushTaskExample18]\\
\\