Azure Storage: Azure Storage Documentation Link
!!!!  General restrictions:  Azure Storage is not a traditional file system but an object storage service. What appears to be a folder is actually just a prefix in the object’s name. As a result, renaming folders is not supported. To move a folder, you must copy all the objects to the new location and then delete them from the original one.
!!! Proxy Configuration: If your server accesses the internet through a proxy, make sure to whitelist the following domains to allow Azure API access:
• file.core.windows.net or file.privatelink.core.windows.net
• blob.core.windows.net, blob.core.chinacloudapi.cn or blob.privatelink.core.windows.net
• dfs.core.windows.net,dfs.core.chinacloudapi.cn (This applies only to the delete action when working with Data Lake Storage 2)
1. Azure File Share
#
CrushFTP supports Microsoft Azure Shares as a VFS item, it requires a Storage Account: Storage account overview Link
 .
.More Info: Azure File Share Link

The URL should follow this structure (replace the placeholders with your actual values):
azure://<<STORAGE_ACCOUNT_NAME>>:<<ACCESSKEY>>@file.core.windows.net/<<SHARE_NAME>>/ or azure://<<STORAGE_ACCOUNT_NAME>>:<<ACCESSKEY>>@file.privatelink.core.windows.net/<<SHARE_NAME>>/
You can find the required details in the Azure Portal. Navigate to your Storage Account, then select Access keys from the left-hand menu to view the credentials.

In the VFS item’s Properties section, provide the Storage Account name as the Username and the Access key as the Password. The Share Name corresponds to the first folder in the URL.

When using the Browse… option in the Jobs interface or plugin interfaces, the user interface differs slightly:
There is an input field specifically for the file service share, labeled Share Name.

2. Azure Blob Container
#
CrushFTP supports Azure Blobs (Introduction to Azure Blob Storage Link
 ) as VFS item, it requires a Storage Account: Storage account overview Link
) as VFS item, it requires a Storage Account: Storage account overview Link .
.The URL should follow this structure (replace the placeholders with your actual values):
azure://<<STORAGE_ACCOUNT_NAME>>:<<ACCESSKEY>>@blob.core.windows.net/<<BLOB_CONTAINER_NAME>>/ or azure://<<STORAGE_ACCOUNT_NAME>>:<<ACCESSKEY>>@blob.core.chinacloudapi.cn/<<BLOB_CONTAINER_NAME>>/ or azure://<<STORAGE_ACCOUNT_NAME>>:<<ACCESSKEY>>@blob.privatelink.core.windows.net/<<BLOB_CONTAINER_NAME>>/
In the VFS item’s Properties section, provide the Storage Account name as the Username and the Access key as the Password. The Blob Container Name corresponds to the first folder in the URL.
!!! Note : You need to select the appropriate blob type—Append Blob or Block Blob—as specified when the blob was created in Azure. Page Blobs are not supported.

Data Lake storage Gen2: More info on the official website: Data Lake Storage Introduction Link
 .
.Turn on the flag if the storage type is the data lake. It connects using the Azure Blob Storage REST API ( More info: Blob Service REST API Link
 ), but does not support the Azure Data Lake Storage Gen2 REST API. (More info: Azure Data Lake Storage Gen2 REST API Link
), but does not support the Azure Data Lake Storage Gen2 REST API. (More info: Azure Data Lake Storage Gen2 REST API Link )
)When using the Browse… option in the Jobs interface or plugin interfaces, the user interface differs slightly:
To specify the Blob Container Name, use the Share Name input field.

3. SAS token
#
Azure also can delegate access with a shared access signature (SAS) Storage SAS Overview Link
 .
.In this case, the URL should look like:
azure://<<STORAGE_ACCOUNT_NAME>>:@blob.core.windows.net/<<BLOB_CONTAINER_NAME>>/ or azure://<<STORAGE_ACCOUNT_NAME>>:@file.core.windows.net/<<SHARE_NAME>>/
Please note that the URL does not include the password section.

Provide the Storage Account name as the Username.
The Password field should be left empty, and the SAS token should be entered in the Shared access signature token input field.
The Share Name or Blob Container Name corresponds to the first folder in the URL.
Block Blob: !!! Note -> You need to select the appropriate blob type—Append Blob or Block Blob—as specified when the blob was created in Azure. Page Blobs are not supported.

When using the Browse… option in the Jobs interface or plugin interfaces, the user interface differs slightly. See at 1.Azure File Share Link
 or at 2. Azure Blob Container Link
 or at 2. Azure Blob Container Link .
.4. Authorize access to blobs using Microsoft Entra ID
#
Azure Storage supports using Microsoft Entra ID to authorize requests to blob data. (More info : Authorize Access Azure Active Directory Link
 )
)!!! Proxy Configuration: If your server accesses the internet through a proxy, make sure to whitelist the following domains to allow authentication and Microsoft Graph API access:
• login.microsoftonline.com
• graph.microsoft.com
Open the Microsoft Azure Portal: Link

Application registration: Navigate to App registrations in the Azure Portal. Click on New registration to create a new application.

The Redirect URL must end with register_microsoft_graph_api/.
    http://localhost:9090/register_microsoft_graph_api/
    or
    https://your.crushftp.domain.com/register_microsoft_graph_api/
    
Secret key: A new client secret must be created. Go to Certificates & secrets, and generate a new client secret by clicking on New client secret. Ensure you copy over the value immediately!


Configure the API permissions:


In your Storage Account, navigate to Access Control (IAM) and assign the roles Storage Account Contributor and Storage Blob Data Contributor to the specified user.
Note: This applies only to Blob Storage.

Access the user’s VFS settings and configure the Refresh Token for the remote Azure connection.
• Provide the Storage Account Name in the Username input field.
• Under User Delegation Settings, click the Get Refresh Token button.

!!! Note: To obtain the Refresh Token, the CrushFTP WebInterface’s host and port must match the Redirect URL specified in the Azure App Registration. In our example, it was: http://localhost:9090 or https://your.crushftp.domain.com/
Client id : See at App Registration -> Overview -> Application (client) ID
Secret key: See at App Registration -> Manage -> Certificates & secrets) make sure to copy the value field, not the ID.
Tenant: See at App Registration -> Overview -> Directory (tenant) ID.
Scope:
    https://storage.azure.com/user_impersonation offline_access
Click OK. Sign in with the specified Microsoft account to grant access and obtain the refresh token. !!! Note: Be sure to sign in with the Microsoft Account that has the necessary permissions, as configured in the Azure App Registration mentioned above. This will automatically configure the User Delegation Settings.

To generate a new SAS token for your storage account, run the following job example: Renew Azure SAS token via Azure User impersonation
Add new attachment
List of attachments
| Kind | Attachment Name | Size | Version | Date Modified | Author | Change note | 
|---|---|---|---|---|---|---|
| png | AzureConfiguration.png | 78.7 kB | 3 | 05-Dec-2023 05:32 | krivacsz | |
| png | AzureConfiguration2.png | 77.5 kB | 3 | 05-Dec-2023 05:32 | krivacsz | |
| png | AzureConfiguration3.png | 27.4 kB | 3 | 05-Dec-2023 05:32 | Sandor | new UI elements | 
| png | AzurePortalAccessKey.png | 57.7 kB | 2 | 05-Dec-2023 05:32 | Sandor | blurred more | 
| png | SAS.png | 97.0 kB | 1 | 05-Dec-2023 05:32 | Sandor | |
| png | Screen Shot 2017-08-09 at 9.08... | 113.4 kB | 1 | 05-Dec-2023 05:32 | krivacsz | Azure configuration | 
| png | azureRemoteItem.png | 57.5 kB | 2 | 05-Dec-2023 05:32 | krivacsz | |
| png | azureRemoteItem2.png | 53.5 kB | 2 | 05-Dec-2023 05:32 | krivacsz | |
| png | azureRemoteItem3.png | 20.3 kB | 2 | 05-Dec-2023 05:32 | Sandor | new UI elements | 
| png | azure_VFS_SAS.png | 26.4 kB | 1 | 05-Dec-2023 05:32 | Sandor | |
| png | azure_access_control_roles.png | 132.8 kB | 1 | 07-Oct-2024 04:38 | krivacsz | |
| png | azure_api_permission_blob.png | 130.2 kB | 1 | 07-Oct-2024 04:17 | krivacsz | |
| png | azure_blob.png | 74.0 kB | 3 | 05-Dec-2023 05:32 | krivacsz | |
| png | azure_blob3.png | 29.6 kB | 4 | 05-Dec-2023 05:32 | Sandor | new UI elements | 
| png | azure_blobRemoteItem.png | 21.5 kB | 4 | 05-Dec-2023 05:32 | Sandor | new UI elements | 
| png | azure_refresh_token_form.png | 48.4 kB | 1 | 07-Oct-2024 04:50 | krivacsz | |
| png | azure_user_impersonation.png | 152.5 kB | 1 | 07-Oct-2024 04:17 | krivacsz | |
| png | user_delegation_settings.png | 94.4 kB | 2 | 07-Oct-2024 04:49 | krivacsz |