Create and Manage Shared Access Signatures (SAS)

Learn On Demand Pro Series

A Shared Access Signature (SAS) is a tool for restricting access to Azure storage assets to a set of users for a set amount of time. Using SASs is a key part of understanding an Azure storage strategy for hosting datacenters on the Azure cloud. This IT Pro Challenge virtual lab will teach how to create and manage SASs for accessing Azure storage.

45 minutes
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »


Azure is a public cloud computing platform. Azure can be used for many purposes, such as analytics, virtual computing, and networking. In particular, Azure provides a powerful tool for hosting a company’s data. Azure can be used to migrate datacenters off of an on-premises datacenter by moving all of a company’s data to the cloud. Because Azure provides so many options for data hosting and data security, it is prudent for modern IT workers to be comfortable working with Azure.

In particular, Azure allows for Shared Access Signatures (SAS). A SAS is a URI that gives restricted access to Azure Storage resources to a given set of users. One of the benefits of SASs is that they can be distributed to a set of clients who can then only access the Azure storage resources specific to their application. Another reason to use SASs is that they can be set to give clients access to storage assets for a specified period, and with a specified set of permissions, making them a more secure option for sharing data. Understanding how and when to implement SASs is a critical skill for managing datacenters hosted on the Azure cloud.

This hands-on lab will give you real-world experience in how to design and implement an Azure storage strategy. This strategy will involve SASs, and this lab will teach you how to create and manage a Shared Access Signature for your data hosted on the Azure cloud.

Understand the scenario: You are an Azure administrator for a company that is migrating its primary web app from its on-premises datacenter to Azure. You need to allow developers and users to access Azure storage accounts by assigning appropriate Shared Access Signature (SAS) keys, as a proof of concept.

Understand the environment: You are using a pre-configured Azure resource group.

Create a storage account and container:

For the first step of this hands-on lab, you will create an Azure storage account. You will:

  • Sign in to the Azure portal.
  • Use the Azure portal to create a storage account with default settings.
  • Create a Blob Container within the storage account.
  • Upload images from your on-premise computer to the Blob Container.

Generate a SAS key and verify access:

Once you have created your storage account and Blob Container, you will create a SAS key. You will:

  • Open the blade for one of the blob files (images) you uploaded earlier.
  • Use the Generate SAS option to generate a Blob SAS URL with a given set of properties.
  • Use the Blob SAS URL to view the blob file (image).

Create an Access Policy and verify revocation:

For the final step of this virtual challenge, you will create an Access Policy for your storage container and validate that the policy is working. You will:

  • Create a Stored Access Policy with certain permissions.
  • Download and install the Azure Storage Explorer.
  • Verify the account used by the Azure Storage Explorer.
  • Retrieve the SAS for your blob (image).
  • Use the SAS URL to view your blob (image).
  • Use the Azure Storage Explorer to remove the Access Policy.
  • Verify the blob (image) is no longer viewable.


The Azure cloud is quickly becoming the top choice for hosting data and virtual machines on the cloud. SASs are a versatile tool for securing data and storage assets in Azure. They give customizable access permissions to a unique group of users for a specified amount of time. As a modern IT worker, you need to be comfortable storing, securing, and sharing data on the Azure cloud.

In the “Create and Manage Shared Access Signatures (SAS)” virtual lab, you will accomplish the following:

  • Log in to Azure and create a storage account.
  • Create an Azure storage container.
  • Generate a SAS key.
  • Verify access using the SAS key.
  • Create an Access Policy.
  • Validate the Access Policy using the Azure Storage Explorer.

Other Challenges in this series:

  • GUIDED CHALLENGE: Configure Security for Cosmos DB
  • ADVANCED CHALLENGE: Implement Microsoft Azure SQL Database Always Encrypted


Connect the pieces

Completing a Learn On Demand Pro Series is one thing, mastering the skill is another.

Master the skill and take this learn on demand pro series in an expertly designed Course.

Learning Partner
Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.