Azure Storage Previews Entra ID-Scoped User Delegation SAS Controls -- Redmondmag.com

Redmond Dispatch

Azure Storage Previews Entra ID-Scoped User Delegation SAS Controls

Microsoft has introduced a public preview feature in Azure Storage that allows organizations to restrict the use of user delegation Shared Access Signatures (SAS) to a specific Microsoft Entra ID identity. The update is designed to strengthen access controls by ensuring that delegated SAS tokens can only be exercised by the intended Entra ID principal. This reduces the risk of unintended access while preserving the flexibility of SAS.

User delegation SAS tokens are commonly used to grant time-limited access to Azure Storage resources without exposing account keys. However, managing delegated access across distributed applications can create governance challenges. By binding user delegation SAS usage to a specific Entra ID identity, Azure Storage adds an additional layer of enforcement beyond traditional time and permission constraints. For security and platform teams, the preview signals continued alignment between Azure Storage access mechanisms and Microsoft’s broader identity-centric security strategy.

Posted by Redmondmag.com Editors on 02/26/2026

Featured

Where Air Gapped Backups Actually Fail, Part 2

Air gapped backups can still fail when configuration drift, lost encryption keys and routine human mistakes go unnoticed until recovery is needed.
Nadella Says Enterprise AI's Future May Depend Less on Frontier Models Than Learning Systems

Satya Nadella is making the case that the next phase of enterprise AI will not be won by the company with the highest-scoring model on a public leaderboard.
AI Agents Could Put Enterprise GenAI Budgets Under Pressure

Enterprises moving generative AI from pilots into production may be underestimating the cost of running those systems at scale, particularly as inference workloads and AI agents become more common, according to a new Gartner report.
Banks Targeted by Fileless Phantom Stealer Phishing Campaign

A new phishing campaign is targeting banks and other high-value organizations with Phantom Stealer, a commercially available infostealer that runs in memory to avoid traditional detection, according to new research from Fortra.
Where Air Gapped Backups Actually Fail, Part 1

Air gapped backups can provide critical ransomware resilience, but restore testing gaps, documentation drift and media rotation mistakes can leave organizations unsure whether they can actually recover.