\\
__Azure Files:__ [Link| https://learn.microsoft.com/en-us/azure/storage/files/]\\
\\
__!!!! '' General restrictions''__:  Azure Storage is not a traditional file system but an object storage service. What appears to be a __folder__ is actually just a prefix in the object’s name. As a result, renaming folders is not supported. To __move__ a folder, you must copy all the objects to the new location and then delete them from the original one.\\

__!!! Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domains to allow Azure API access:\\
• __file.core.windows.net__ or __file.privatelink.core.windows.net__\\
• __blob.core.windows.net__, __blob.core.chinacloudapi.cn__ or __blob.privatelink.core.windows.net__\\
• __dfs.core.windows.net__,__dfs.core.chinacloudapi.cn__ (This applies only to the delete action when working with Data Lake Storage 2)\\
\\
!1. Azure File Share\\
\\
CrushFTP supports Microsoft Azure Shares as a [VFS] item, it requires a __Storage Account:__ [Storage account overview Link| https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview].\\
More Info: [Azure File Share Link|https://learn.microsoft.com/en-us/azure/storage/files/storage-how-to-create-file-share?tabs=azure-portal]\\
\\
The URL should follow this structure (replace the placeholders with your actual values):\\
\\
{{{
azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@file.core.windows.net/SHARE_NAME/}}}
\\
{{{
azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@file.privatelink.core.windows.net/SHARE_NAME/}}}
\\
You can find the required details in the __Azure Portal__. Navigate to your __Storage Account__, then select __Access keys__ from the left-hand menu to view the credentials.\\
\\
[attachments|AzurePortalAccessKey.png]\\
\\
In the VFS item’s Properties section, provide the __Storage Account__ name as the __Username__ and the __Access key__ as the __Password__. The __Share Name__ corresponds to the first folder in the URL.\\
\\
[attachments|AzureConfiguration3.png]\\
\\
When using the __Browse…__ option in the Jobs interface or plugin interfaces, the user interface differs slightly:\\
\\
There is an input field specifically for the file service share, labeled __Share Name__.\\
[attachments|azureRemoteItem3.png]\\
\\
!2. Azure Blob Container\\
\\
CrushFTP supports __Azure Blobs__ ([Introduction to Azure Blob Storage Link|https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction]) as VFS item, it requires a __Storage Account:__ [Storage account overview Link|https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview].\\
\\
The URL should follow this structure (replace the placeholders with your actual values):\\
{{{
azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@blob.core.windows.net/BLOB_CONTAINER_NAME/
}}}\\
{{{
azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@blob.core.chinacloudapi.cn/BLOB_CONTAINER_NAME/
}}}\\
{{{
azure://STORAGE_ACCOUNT_NAME:ACCESSKEY@blob.privatelink.core.windows.net/BLOB_CONTAINER_NAME/
}}}\\
\\
In the VFS item’s Properties section, provide the __Storage Account__ name as the __Username__ and the __Access key__ as the __Password__. The __Blob Container Name__ corresponds to the first folder in the URL.\\
\\
__!!! Note__ : You need to select the appropriate blob type—__Append Blob__ or __Block Blob__—as specified when the blob was created in Azure. Page Blobs are not supported.\\
\\
[attachments|azure_blob3.png]\\
\\
__Data Lake storage Gen2__: More info on the official website: [Data Lake Storage Introduction Link|https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-introduction].\\
Turn on the flag if the storage type is the data lake. It connects using the __Azure Blob Storage REST API__ ( More info: [Blob Service REST API Link|https://learn.microsoft.com/en-us/rest/api/storageservices/blob-service-rest-api]), but does not support the Azure Data Lake Storage Gen2 REST API. (More info: [Azure Data Lake Storage Gen2 REST API Link|https://learn.microsoft.com/en-us/rest/api/storageservices/data-lake-storage-gen2])\\
\\
When using the __Browse…__ option in the Jobs interface or plugin interfaces, the user interface differs slightly:\\
\\
To specify the __Blob Container Name__, use the __Share Name__ input field.\\
\\
[attachments|azure_blobRemoteItem.png]\\
\\
!3. SAS token\\
\\
Azure also can delegate access with a shared access signature (SAS) [Storage SAS Overview Link|https://learn.microsoft.com/en-us/azure/storage/common/storage-sas-overview].\\
In this case, the URL should look like:
{{{
azure://STORAGE_ACCOUNT_NAME:@blob.core.windows.net/BLOB_CONTAINER_NAME/}}}\\
Or
{{{
azure://STORAGE_ACCOUNT_NAME:@file.core.windows.net/SHARE_NAME/}}}\\
\\
Please note that the URL does not include the password section.\\
\\
[attachments|SAS.png]\\
\\
Provide the Storage Account name as the Username.\\
The __Password__ field should be left empty, and the __SAS token__ should be entered in the __Shared access signature token__ input field.\\
\\
The __Share Name__ or __Blob Container Name__ corresponds to the first folder in the URL.\\
\\
__Block Blob__: __!!! Note__ -> You need to select the appropriate blob type—__Append Blob__ or __Block Blob__—as specified when the blob was created in Azure. Page Blobs are not supported.\\
\\
[attachments|azure_VFS_SAS.png]\\
\\
When using the Browse… option in the Jobs interface or plugin interfaces, the user interface differs slightly. See \\
\\
!4. Authorize access to blobs using Microsoft Entra ID\\
\\
Azure Storage supports using Microsoft Entra ID to authorize requests to blob data. (see more info : [https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory])\\
\\
You will start at the Microsoft Azure portal:\\
[https://azure.microsoft.com/en-us/features/azure-portal/]\\
\\
__Application registration: __Go to the App registrations and click on New registration:\\
\\
[attachments|SMTP Microsoft Graph XOAUTH 2 Integration/new_registration.png]\\
\\
Name it. Select the Microsoft account types. The redirect URL must end with "__register_microsoft_graph_api/__". Then click on register.\\
\\
{{{
http://localhost:9090/register_microsoft_graph_api/
}}}
\\
[attachments|SMTP Microsoft Graph XOAUTH 2 Integration/register_app.png]\\
\\
Under the redirect URL configuration enable the __Access Token__ to be issued by the authorization endpoint:\\
\\
[attachments|SMTP Microsoft Graph XOAUTH 2 Integration/enable_access_token.png]\\
\\
Configure the API permissions:\\
\\
[attachments|azure_api_permission_blob.png]\\
\\
[attachments|azure_user_impersonation.png]\\
\\
On your __Storage Account__ at __Access Control (IAM)__ assign the role "__Storage Account Contributor__" and "__Storage Blob Data Contributor__" to the specified user.\\ 
\\
__Restriction:__ It only works with blob storage.\\
\\
[attachments|azure_access_control_roles.png]\\
\\
Access the user's VFS settings and configure the Refresh Token for the remote Azure connection. At __User Delegation Settings__ click the "__Get Refresh Token__" button.\\
\\
[attachments|azure_refresh_token_form.png]\\
\\
\\
__Client id : __ You can find it at Azure portal -> App Registration -> Overview:\\  
\\
[attachments|SharePoint Integration/client_id.png]\\
\\
__Secret key:__ A new client secret also needs to be created. Go to the "__Certificate & secrets__" and generate a new secret key. Click on New client secret.\\
\\
[attachments|SharePoint Integration/new_secret.png]\\
\\
[attachments|SharePoint Integration/secret_value.png]\\
\\
Sign in as the specified Microsoft user grant access, and obtain the refresh token.\\
\\ 
[attachments|user_delegation_settings.png]\\
\\
__!!!__Provide the storage account name as the "User name" input field.\\
\\
To get a newly created SAS token for your storage, you need to run the following job example: [CrushTaskExample18]\\
\\