Share via

Azure Front Door with Azure Storage Blobs

Artem Shaturskyi 135 Reputation points
2025-02-06T16:30:05.2733333+00:00

Hello!
We have an Azure Blob Storage account containing a large number of media files (.MP4). These files are manually organized into categorized folders under a single container. Our goal is to allow all corporate users to access the container and watch the media files directly in their browsers - no streaming or additional services, just simple playback.

I initially tried using Static Website Hosting with a pre-generated index.html, but generating SAS tokens for every file is not a feasible solution due to the large number of files.

I decided to implement Azure Front Door for the storage account, and it seems to work for file access, but I can't configure it to require user authentication.
How can I configure Azure Front Door to enforce Microsoft Entra ID authentication for accessing storage resources?

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
749 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,362 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Udayashankar K.N 235 Reputation points Microsoft Employee
    2025-02-10T11:37:25.06+00:00

    Considering that Front door configuration being a complex one as an alternate you can even use Private Endpoint + Application Gateway

    Use Azure Storage Private Endpoint to block direct internet access.

    Deploy an Azure Application Gateway with Microsoft Entra authentication.

    Route traffic through Azure Front Door → App Gateway → Storage.

    0 comments
  2. Suwarna S Kale 546 Reputation points
    2025-02-10T19:02:52.01+00:00

    Hello Artem Shaturskyi,

    Thank you for posting your question in the Microsoft Q&A forum.

    Using Microsoft Entra ID authentication for direct blob access. Instead, it is designed for internet-facing scenarios and is optimized for publicly accessible blobs. To authenticate blob access you may try SAS (Shared Access Signature) with FrontDoor. Refer Microsoft doc link - https://learn.microsoft.com/en-us/azure/frontdoor/scenario-storage-blobs

    For direct blob access with Microsoft Entra ID authentication, you can use Azure Storage, which supports Microsoft Entra ID to authorize requests to blob data. Refer Microsoft doc link - https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory

    Please let me know if this helped to resolve the issue on your side. Please remember "Accept Answer" if above reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.