tim-allen-ck
commented
2 months ago It isn't possible currently, this issue here #1148 could help if this was to become a feature.
Open jonnyry opened 2 months ago
tim-allen-ck
commented
2 months ago It isn't possible currently, this issue here #1148 could help if this was to become a feature.
jonnyry
commented
2 months ago Ah, I'm not suggesting that the user is logged into the Windows VM using their Azure credetials (although that would be great)... Just that within a VM, signing into Storage Explorer using Azure credentials.
I've got as far as signing in the browser but then Storage Explorer returns an a sign in error:
I presume the firewall is blocking outbound connections however not sure of the implications of opening the firewall for this endpoint, and was wondering whether you'd considered this in the past?
tim-allen-ck
commented
2 months ago Yes you're right, currently the firewall is blocking the signin url. We could have this as configuration option? Some users may not want to open the firewall up.
jonnyry
commented
2 months ago So the blocked FQDN I can see in the firewall is for management.azure.com, which is also listed here:
https://learn.microsoft.com/en-us/azure/storage/common/storage-explorer-network
I'm just wondering what implications (security or otherwise) there would be of opening this to TRE users?
Using Storage Explorer running on a VM within the TRE, is it possible (/should it be possible) to connect to a storage account (such as the workspace's storage account) using Azure Entra ID credentials, rather than using SAS keys?