

<pre>
\\
__Azure Files:__ [Link| https://learn.microsoft.com/en-us/azure/storage/files/]\\
\\
__!!!! '' General restrictions''__:  Azure Storage is not a traditional file system but an object storage service. What appears to be a __folder__ is actually just a prefix in the object’s name. As a result, renaming folders is not supported. To __move__ a folder, you must copy all the objects to the new location and then delete them from the original one.\\

__!!! Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domains to allow Azure API access:\\
• __file.core.windows.net__ or __file.privatelink.core.windows.net__\\
• __blob.core.windows.net__, __blob.core.chinacloudapi.cn__ or __blob.privatelink.core.windows.net__\\
• __dfs.core.windows.net__,__dfs.core.chinacloudapi.cn__ (This applies only to the delete action when working with Data Lake Storage 2)\\
\\
!1. Azure File Share\\
\\
CrushFTP supports Microsoft Azure Shares as a [VFS] item, it requires a __Storage Account:__ [Storage account overview Link| https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview].\\
More Info: [Azure File Share Link|https://learn.microsoft.com/en-us/azure/storage/files/storage-how-to-create-file-share?tabs=azure-portal]\\
\\
The URL should follow this structure (replace the placeholders with your actual values):\\
\\
{{{
azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@file.core.windows.net/SHARE_NAME/}}}
\\
{{{
azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@file.privatelink.core.windows.net/SHARE_NAME/}}}
\\
You can find the required details in the __Azure Portal__. Navigate to your __Storage Account__, then select __Access keys__ from the left-hand menu to view the credentials.\\
\\
[attachments|AzurePortalAccessKey.png]\\
\\
Provide the __Storage Account__ name as the __Username__, and the __Access key__ as the __Password__ in the VFS item’s Properties section.\\
\\
[attachments|AzureConfiguration3.png]\\
\\
When using the __Browse…__ option in the Jobs interface or plugin interfaces, the user interface differs slightly:\\
\\
There is an input field specifically for the file service share, labeled __Share Name__.\\
[attachments|azureRemoteItem3.png]\\
\\
!2. Azure Blob Container\\
\\
CrushFTP supports __Azure Blobs__ ([Introduction to Azure Blob Storage Link|https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction]) as VFS item, it requires a __Storage Account:__ [Storage account overview Link|https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview].\\
\\
The URL should follow this structure (replace the placeholders with your actual values):\\
{{{
azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@blob.core.windows.net/BLOB_CONTAINER_NAME/
}}}\\
{{{
azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@blob.core.chinacloudapi.cn/BLOB_CONTAINER_NAME/
}}}\\
{{{
azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@blob.privatelink.core.windows.net/BLOB_CONTAINER_NAME/
}}}\\
[attachments|azure_blob3.png]\\
\\
__Data Lake storage Gen2__: More info on the official website: [Data Lake Storage Introduction Link|https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-introduction].\\
Turn on the flag if the storage type is the data lake. It connects using the __Azure Blob Storage REST API__ ( More info: [Blob Service REST API Link|https://learn.microsoft.com/en-us/rest/api/storageservices/blob-service-rest-api]), but does not support the Azure Data Lake Storage Gen2 REST API. (More info: [Azure Data Lake Storage Gen2 REST API Link|https://learn.microsoft.com/en-us/rest/api/storageservices/data-lake-storage-gen2])\\
\\
When using the __Browse…__ option in the Jobs interface or plugin interfaces, the user interface differs slightly:\\
\\
To specify the __Blob Container__, use the __Share Name__ input field.\\
[attachments|azure_blobRemoteItem.png]\\
\\
__!!! Note__ : You need to select the appropriate blob type—__Append Blob__ or __Block Blob__—as specified when the blob was created in Azure. Page Blobs are not supported.\\
\\
!3. SAS token\\
\\
Azure also can delegate access with a shared access signature (SAS) [Storage SAS Overview Link|https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview].\\
In this case, the URL should look like:
{{{
azure://STORAGE_ACCOUNT_NAME:@blob.core.windows.net/BLOB_CONTAINER_NAME/}}}\\
Or
{{{
azure://STORAGE_ACCOUNT_NAME:@file.core.windows.net/SHARE_NAME/}}}\\
\\
Please note that the URL does not include the password section.\\
\\
[attachments|SAS.png]\\
\\
The __Password__ field should be left empty, and the __SAS token__ should be entered in the __Shared access signature token__ input field.\\
\\
[attachments|azure_VFS_SAS.png]\\
\\
!4. Authorize access to blobs using Microsoft Entra ID\\
\\
Azure Storage supports using Microsoft Entra ID to authorize requests to blob data. (see more info : [https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory])\\
\\
You will start at the Microsoft Azure portal:\\
[https://azure.microsoft.com/en-us/features/azure-portal/]\\
\\
__Application registration: __Go to the App registrations and click on New registration:\\
\\
[attachments|SMTP Microsoft Graph XOAUTH 2 Integration/new_registration.png]\\
\\
Name it. Select the Microsoft account types. The redirect URL must end with &quot;__register_microsoft_graph_api/__&quot;. Then click on register.\\
\\
{{{
http://localhost:9090/register_microsoft_graph_api/
}}}
\\
[attachments|SMTP Microsoft Graph XOAUTH 2 Integration/register_app.png]\\
\\
Under the redirect URL configuration enable the __Access Token__ to be issued by the authorization endpoint:\\
\\
[attachments|SMTP Microsoft Graph XOAUTH 2 Integration/enable_access_token.png]\\
\\
Configure the API permissions:\\
\\
[attachments|azure_api_permission_blob.png]\\
\\
[attachments|azure_user_impersonation.png]\\
\\
On your __Storage Account__ at __Access Control (IAM)__ assign the role &quot;__Storage Account Contributor__&quot; and &quot;__Storage Blob Data Contributor__&quot; to the specified user.\\ 
\\
__Restriction:__ It only works with blob storage.\\
\\
[attachments|azure_access_control_roles.png]\\
\\
Access the user's VFS settings and configure the Refresh Token for the remote Azure connection. At __User Delegation Settings__ click the &quot;__Get Refresh Token__&quot; button.\\
\\
[attachments|azure_refresh_token_form.png]\\
\\
\\
__Client id : __ You can find it at Azure portal -&gt; App Registration -&gt; Overview:\\  
\\
[attachments|SharePoint Integration/client_id.png]\\
\\
__Secret key:__ A new client secret also needs to be created. Go to the &quot;__Certificate &amp; secrets__&quot; and generate a new secret key. Click on New client secret.\\
\\
[attachments|SharePoint Integration/new_secret.png]\\
\\
[attachments|SharePoint Integration/secret_value.png]\\
\\
Sign in as the specified Microsoft user grant access, and obtain the refresh token.\\
\\ 
[attachments|user_delegation_settings.png]\\
\\
__!!!__Provide the storage account name as the &quot;User name&quot; input field.\\
\\
To get a newly created SAS token for your storage, you need to run the following job example: [CrushTaskExample18]\\
\\

</pre>