Document Details
Authorize Oauth Rest
❌
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Bias Types:
⚠️
powershell_heavy
⚠️
windows_tools
⚠️
windows_first
⚠️
missing_linux_example
Summary:
The documentation demonstrates a Windows bias by providing detailed PowerShell examples and instructions, referencing Windows-centric tools (PowerShell, AzCopy), and presenting PowerShell before CLI. There are no explicit Linux shell (bash) or cross-platform scripting examples, and the CLI section, while present, is less detailed and still assumes familiarity with Azure CLI rather than native Linux tools or workflows. No Linux-specific guidance or troubleshooting is provided.
Recommendations:
- Add Linux shell (bash) examples for common operations, such as using curl or wget with REST APIs, or scripting with bash.
- Include parity in example depth and detail for Azure CLI and bash scripts, matching the PowerShell sections.
- Reference cross-platform tools (e.g., AzCopy, Storage Explorer) with explicit Linux usage instructions and installation steps.
- Reorder sections to present Azure CLI and bash examples before or alongside PowerShell to avoid a 'Windows-first' impression.
- Provide troubleshooting tips or notes for Linux users, such as file path conventions, authentication caveats, or package dependencies.
- Explicitly state that all examples are cross-platform where applicable, and clarify any OS-specific limitations.
Create pull request
Scan History
| Date | Scan ID | Status | Bias Status |
|---|---|---|---|
| 2025-08-19 00:01 | #85 | completed | ✅ Clean |
| 2025-07-13 21:37 | #48 | completed | ✅ Clean |
| 2025-07-12 23:44 | #41 | in_progress | ❌ Biased |
Flagged Code Snippets
## Authorize access to file data
To authorize access to file data, follow these steps.
1. Sign in to your Azure account using the `Connect-AzAccount` cmdlet.
2. Get the storage account context using the storage account key by calling the `Get-AzStorageAccount` cmdlet (management service). Replace `<ResourceGroupName>` and `<StorageAccountName>` with your values.
3. Create a file share by calling `New-AzStorageShare`. Because you're using the storage account context from step 2, the file share is created using your storage account key.
## Authorize access using FileREST data plane API
You can also authorize access to file data using the Azure portal, Azure PowerShell, or Azure CLI.
# [Azure portal](#tab/portal)
The [Azure portal](https://portal.azure.com?azure-portal=true) can use either your Microsoft Entra account or the storage account access key to access file data in an Azure storage account. Which authorization scheme the Azure portal uses depends on the Azure roles that are assigned to you.
When you attempt to access file data, the Azure portal first checks whether you've been assigned an Azure role with `Microsoft.Storage/storageAccounts/listkeys/action`. If you've been assigned a role with this action, then the Azure portal uses the account key for accessing file data via shared key authorization. If you haven't been assigned a role with this action, then the Azure portal attempts to access data using your Microsoft Entra account.
To access file data from the Azure portal using your Microsoft Entra account, you need permissions to access file data, and you also need permissions to navigate through the storage account resources in the Azure portal. The built-in roles provided by Azure grant access to file resources, but they don't grant permissions to storage account resources. For this reason, access to the portal also requires assigning an Azure Resource Manager (ARM) role such as the **Reader** role, scoped to the level of the storage account or higher. The **Reader** role grants the most restrictive permissions, but any ARM role that grants access to storage account management resources is acceptable.
The Azure portal indicates which authorization scheme is in use when you navigate to a container. For more information about data access in the portal, see [Choose how to authorize access to file data in the Azure portal](authorize-data-operations-portal.md).
# [Azure PowerShell](#tab/powershell)
Azure provides extensions for PowerShell that enable you to sign in and call PowerShell cmdlets using Microsoft Entra credentials. When you sign into PowerShell with Microsoft Entra credentials, an OAuth 2.0 access token is returned. PowerShell automatically uses that token to authorize subsequent data operations against file storage. For supported operations, you no longer need to pass an account key or SAS token with the command.
You can assign permissions to file data to a Microsoft Entra security principal via Azure RBAC.
## Supported operations
The extensions only support operations on file data. Which operations you may call depends on the permissions granted to the Microsoft Entra security principal with which you signed into PowerShell.
The storage context with OAuth will only work if it's called with the `-EnableFileBackupRequestIntent` parameter. This is to specify the explicit intent to use the additional permissions that this feature provides.
The storage context with OAuth will only work for operations on files and directories, and Get/Set permissions on Azure file shares. For all other operations on storage account and file shares, you must use the storage account key or SAS token.
## Prerequisites
You'll need an Azure resource group and a storage account within that resource group. The storage account must be assigned an appropriate role that grants explicit permissions to perform data operations against file shares. Make sure that you have the required roles and permissions to access both the management services and data services. For details on the permissions required to call specific File service operations, see [Permissions for calling data operations](/rest/api/storageservices/authorize-with-azure-active-directory#permissions-for-calling-data-operations).
## Install Az.Storage module
This feature is available in the latest Az.Storage module. Install the module using this command:
To get the storage account context with OAuth, you must explicitly pass the `-EnableFileBackupRequestIntent` parameter to the `New-AzStorageContext` cmdlet. If you don't pass the intent parameter, subsequent file share data operation requests using the context will fail.
5. Create a test directory and file in the file share using `New-AzStorageDirectory` and `Set-AzStorageFileContent` cmdlets. Remember to specify a local source file path.