https://azure.microsoft.com/en-us/features/storage-explorer/ Managing and viewing the storage accounts within an Azure tenant can be a time-consuming process via the portal, especially if you manage multiple subscriptions and need to log in with different credentials to each. Azure Storage Explorer eliminates this issue, and provides a host of additional tools and benefits to simplify data management. In this blog I will provide a very brief overview of the main features. Below is a full view of the main console window.

1

The initial connection to provides three options, add an Azure subscription with associated permissions, connect via a connection string, or specify a storage account name with primary or secondary access key. Initially I’m just logging in with my corporate account, which is linked to our Azure subscription.

2

You can add additional subscriptions from the Account Management page, and un-tick those that you don’t need to see. This simplifies the GUI, allowing you to focus just on the items you are working with.

3

Once connected, you can see and manage all the storage accounts that you have access to within that subscription, including both managed and un-managed disks.

4

After selecting a storage account, the files and folders within the child file share or blob container can be accessed. You have the option to copy, delete or download the files, this includes the .VHD files for you leased VM’s. You can also upload .VHD files directly to a blob container and connect them to an Azure VM using the URI. This is listed in the properties of the file once uploaded.

5 In the lower left-hand pane, we can see the actions available to us, as well as limited properties for the selected item. Usefully, the primary or secondary key for a specific storage account can be seen and copied. This can be used to access or provide access to a storage account, without the need for access to the subscriptions. 6

For example, I could provide the storage account name and secondary key to a contractor who is uploading a VHD to my subscription. This will allow them to connect to the Storage account from Azure Storage Explorer and make changes to the specific storage account without the need to log directly into the subscription. When complete, the secondary key can simply be regenerated to revoke access. The process for connecting directly to a storage account is shown below. It’s very straight forward, remember however that providing access to a storage account in this way will grant the user with full control over the storage account they have been given access to. The specified account will be listed under storage accounts, and will be suffixed with ‘External’. Note the ‘Full’ permission:7&8Due to the security issues involved, a better approach is to generate a ‘Shared Access Signature’ (SAS), which provides us with granular control over what a user can do and when they can do it. However, to achieve this we need to log into the Azure portal. Within the portal, select the desired storage account, and then select ‘Shared Access Signatures’ under ‘Settings’. From here you can specify exactly what access you want your user to have, define a start and expiry time, and even lock access down to specific external IP addresses.

9

Once you have configured the settings to your requirements, you can generate the SAS, and then provide the access URL to the user. The example below only contains a Blob service SAS URL because this is all I have allowed in my settings.

10

Back in storage explorer, selecting ‘Use connection string or Shared Access Signature URI’ prompts us to enter the Blob Service SAS URI (URL) that we generated in the previous step. By entering a valid URI, the boxes below are auto-populated. The Connection Summary screen lists the permissions that have been assigned.

11

To validate this, I attempted to delete a file from the Blob container. As you can see below, my restricted permissions prevented the delete operation.

12

Summary I went a bit further into the management of permissions than I was planning to for this blog, but I think the distraction has been worth it and has provided a decent summary of the benefits of Azure Storage Explorer.  There are quite a few other third-party products out there that provide this functionality, perhaps the most popular being CloudBerry Explorer. I’ve seen great reviews for this, but I havn’t felt restricted by the Microsoft version, so haven’t felt the need to investigate these. Hopefully this tool or one like it help make the management and navigation of Azure storage accounts a simpler task for you and your team.

Mike Starnes

Mike has worked in the IT Industry for over 20 years. If he's not talking technology, he'll be reading, playing football or trying to embarrass his daughters.