question

SheilaRojas-3121 avatar image
0 Votes"
SheilaRojas-3121 asked SheilaRojas-3121 commented

Connect Azure Storage Explorer to Power Bi Desktop without Access Keys

I'm trying to create a POC using Power Bi Desktop, creating a report that uses Azure Blob Storage as a datasource. In order to validate the access it asks for account key. We want to see if we can use a service account or vnet gateway to authenticate since Access Keys can be recreated and destroyed.

I had created another POC connecting to Azure SQL through a VNET Gateway using service account credentials. I'm trying to see if there is a solution similar to this for Storage explorer.

azure-storage-explorer
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

deherman-MSFT avatar image
0 Votes"
deherman-MSFT answered SheilaRojas-3121 commented

@SheilaRojas-3121
When connecting to a blob container from Storage Explorer it allows you to authenticate with SAS or via Azure Active Directory. If you assign the proper role to you Azure AD user they should be able to access the container or storage account.

136310-connectstorageexplorer.png

Hope this helps! Let me know if you still have questions or need further assistance.



Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I am attempting to connect to Storage Explorer via Power Bi Desktop and when I select the blob, it asks for an Account Key.

Last week we had an issue where all Account Access Keys had to be recreated. Which means if I went this route I would have to go into all reports and update the key. If we use the access keys, each time we destroy/create the storage accounts the access keys will change and we will need to coordinate these updates.

So, I am trying to see if there is another way to authenticate. If we use a service account with non-expiring password, we would not have to update the connections, just re-apply the AAD group to the contributor permission. But I don't see this as an option.

Can anyone provide any guidance?

136690-image.png
136745-image.png


0 Votes 0 ·
image.png (27.0 KiB)
image.png (24.4 KiB)