Hi, I have come across these 2 pages encouraging the move to Microsoft Entra ID for authentication to Azure Event Hub, deprecating SAS: Receive change notifications through Azure Event Hubs Authenticate access to Event Hubs resources using shared access signatures (SAS) I have multiple services currently accessing Azure Event Hubs via SAS, hence would like to know if there is a timeline for SAS deprecation so that I could plan out and prepare for it? Thank you!

@Ivan Tioh - Thanks for the question and using MS Q&A platform. Here is the response from internal team: The deprecation applies to the specific scenario: "Receiving change notifications through Event Hubs", but I am not sure. This one is part of the Microsoft Graph API documentation. Receive change notifications through Azure Event Hubs Note in the first article: Authenticating Event Hubs by using shared access signatures (SAS) will be deprecated in the future. We recommend authenticating Event Hubs by using Microsoft Entra ID role-based access control (RBAC) instead. In the Azure Event Hubs article, we don't say that the SAS access will be deprecated. Authenticate access to Event Hubs resources using shared access signatures (SAS) Note in the second article We recommend that you use Microsoft Entra credentials when possible as a security best practice, rather than using the shared access signatures, which can be more easily compromised. While you can continue to use shared access signatures (SAS) to grant fine-grained access to your Event Hubs resources, Microsoft Entra ID offers similar capabilities without the need to manage SAS tokens or worry about revoking a compromised SAS. For more information about Microsoft Entra integration in Azure Event Hubs, see Authorize access to Event Hubs using Microsoft Entra ID . Hope this helps. Do let us know if you have any further queries. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Deprecation ETA on SAS Authentication for Azure Event Hub

Accepted answer

PRADEEPCHEEKATLA 90,241 Reputation points

2024-10-11T03:54:23.5933333+00:00

@Ivan Tioh - Thanks for the question and using MS Q&A platform.

Here is the response from internal team:

The deprecation applies to the specific scenario: "Receiving change notifications through Event Hubs", but I am not sure. This one is part of the Microsoft Graph API documentation.

Receive change notifications through Azure Event Hubs

Note in the first article:

Authenticating Event Hubs by using shared access signatures (SAS) will be deprecated in the future. We recommend authenticating Event Hubs by using Microsoft Entra ID role-based access control (RBAC) instead.

In the Azure Event Hubs article, we don't say that the SAS access will be deprecated.

Authenticate access to Event Hubs resources using shared access signatures (SAS)

Note in the second article

We recommend that you use Microsoft Entra credentials when possible as a security best practice, rather than using the shared access signatures, which can be more easily compromised. While you can continue to use shared access signatures (SAS) to grant fine-grained access to your Event Hubs resources, Microsoft Entra ID offers similar capabilities without the need to manage SAS tokens or worry about revoking a compromised SAS.

For more information about Microsoft Entra integration in Azure Event Hubs, see Authorize access to Event Hubs using Microsoft Entra ID.

Hope this helps. Do let us know if you have any further queries.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Please sign in to rate this answer.
Ivan Tioh 116 Reputation points

2024-10-11T05:27:16.13+00:00

Hi @PRADEEPCHEEKATLA ,

Thank you for looking into this.

Referring to the following extract from the first article:

Authenticating Event Hubs by using shared access signatures (SAS) will be deprecated in the future. We recommend authenticating Event Hubs by using Microsoft Entra ID role-based access control (RBAC) instead.

Understand that the response from the internal team is 'but I am not sure. This one is part of the Microsoft Graph API documentation.', could you assist to engage with relevant internal team, e.g. Microsoft Graph API, to understand the rationale of the deprecation statement?

Just want to be safe and confirm whether there is actions required from our side, as we are relying heavily on Azure Event Hubs for our system.

Thank you!

Regards,

Ivan

Ivan Tioh 116 Reputation points

2024-10-11T05:29:24.08+00:00

Hi @PRADEEPCHEEKATLA ,

Thank you for looking into this.

Referring to the following extract from the first article:

Authenticating Event Hubs by using shared access signatures (SAS) will be deprecated in the future. We recommend authenticating Event Hubs by using Microsoft Entra ID role-based access control (RBAC) instead.

Understand that the response from the internal team is 'but I am not sure. This one is part of the Microsoft Graph API documentation.', could you assist to engage with relevant internal team, e.g. Microsoft Graph API, to understand the rationale of the deprecation statement?

Just want to be safe and confirm whether there is actions required from our side, as we are relying heavily on Azure Event Hubs for our system.

Thank you!

Regards,

Ivan

Ivan Tioh 116 Reputation points

2024-10-11T05:29:42.9566667+00:00

Hi @PRADEEPCHEEKATLA ,

Thank you for looking into this.

Referring to the following extract from the first article:

Authenticating Event Hubs by using shared access signatures (SAS) will be deprecated in the future. We recommend authenticating Event Hubs by using Microsoft Entra ID role-based access control (RBAC) instead.

Understand that the response from the internal team is 'but I am not sure. This one is part of the Microsoft Graph API documentation.', could you assist to engage with relevant internal team, e.g. Microsoft Graph API, to understand the rationale of the deprecation statement?

Just want to be safe and confirm whether there is actions required from our side, as we are relying heavily on Azure Event Hubs for our system.

Thank you!

Regards,

Ivan

Ivan Tioh 116 Reputation points

2024-10-11T05:30:07.7566667+00:00

Hi @PRADEEPCHEEKATLA ,

Thank you for looking into this.

Referring to the following extract from the first article:

Authenticating Event Hubs by using shared access signatures (SAS) will be deprecated in the future. We recommend authenticating Event Hubs by using Microsoft Entra ID role-based access control (RBAC) instead.

Understand that the response from the internal team is 'but I am not sure. This one is part of the Microsoft Graph API documentation.', could you assist to engage with relevant internal team, e.g. Microsoft Graph API, to understand the rationale of the deprecation statement?

Just want to be safe and confirm whether there is actions required from our side, as we are relying heavily on Azure Event Hubs for our system.

Thank you!

Regards,

Ivan

Ivan Tioh 116 Reputation points

2024-10-11T06:17:19.6833333+00:00

Hi @PRADEEPCHEEKATLA ,

Thank you for looking into this.

Referring to the following extract from the first article:

Authenticating Event Hubs by using shared access signatures (SAS) will be deprecated in the future. We recommend authenticating Event Hubs by using Microsoft Entra ID role-based access control (RBAC) instead.

Could you assist to engage with relevant internal team, e.g. Microsoft Graph API, to understand the rationale of the deprecation statement?

Just want to be safe and confirm whether there is actions required from our side, as we are relying heavily on Azure Event Hubs for our system.

Thank you!

Regards,

Ivan

Ivan Tioh 116 Reputation points

2024-10-11T06:33:59.31+00:00

Hi @PRADEEPCHEEKATLA ,

Thank you for looking into this.

Referring to the following extract from the first article:

Authenticating Event Hubs by using shared access signatures (SAS) will be deprecated in the future. We recommend authenticating Event Hubs by using Microsoft Entra ID role-based access control (RBAC) instead.

Could you assist to engage with relevant internal team, e.g. Microsoft Graph API, to understand the rationale of the deprecation statement?

Just want to be safe and confirm whether there is actions required from our side, as we are relying heavily on Azure Event Hubs for our system.

Thank you!

Regards,

Ivan

Ivan Tioh 116 Reputation points

2024-10-11T06:39:01.6333333+00:00

Hi @PRADEEPCHEEKATLA ,

Thank you for looking into this.

Referring to the following extract from the first article:

Authenticating Event Hubs by using shared access signatures (SAS) will be deprecated in the future. We recommend authenticating Event Hubs by using Microsoft Entra ID role-based access control (RBAC) instead.

Could you assist to engage with relevant internal team, e.g. Microsoft Graph API, to understand the rationale of the deprecation statement?

Just want to be safe and confirm whether there is actions required from our side, as we are relying heavily on Azure Event Hubs for our system.

Thank you!

Regards,

Ivan

Ivan Tioh 116 Reputation points

2024-10-11T07:17:15.8866667+00:00

Testing

Ivan Tioh 116 Reputation points

2024-10-11T07:18:05.8433333+00:00

Hi @PRADEEPCHEEKATLA ,

Thank you for looking into this.

Could you assist to engage with relevant internal team, e.g. Microsoft Graph API, to understand the rationale of the deprecation statement?

Just want to be safe and confirm whether there is actions required from our side, as we are relying heavily on Azure Event Hubs for our system.

Thank you!

Regards,

Ivan

Ivan Tioh 116 Reputation points

2024-10-11T07:18:37.9466667+00:00

Hi @PRADEEPCHEEKATLA ,

Thank you for looking into this.

Could you assist to engage with relevant internal team, e.g. Microsoft Graph API, to understand the rationale of the deprecation statement?

Thank you!

Regards,

Ivan

Ivan Tioh 116 Reputation points

2024-10-11T07:19:10.92+00:00

Hi @PRADEEPCHEEKATLA ,

Thank you for looking into this.

Could you assist to engage with relevant internal team, e.g. Microsoft Graph API, to understand the rationale of the deprecation statement?

Just want to be safe and confirm whether there is actions required from our side, as we are relying heavily on Azure Event Hubs for our system.

Thank you!

Regards,

Ivan

Ivan Tioh 116 Reputation points

2024-10-11T07:19:40.3833333+00:00

Hi Pradeep,

Thank you for looking into this.

Could you assist to engage with relevant internal team, e.g. Microsoft Graph API, to understand the rationale of the deprecation statement?

Just want to be safe and confirm whether there is actions required from our side, as we are relying heavily on Azure Event Hubs for our system.

Thank you!

Regards,

Ivan

Ivan Tioh 116 Reputation points

2024-10-11T07:20:08.14+00:00

Thank you for looking into this.

Could you assist to engage with relevant internal team, e.g. Microsoft Graph API, to understand the rationale of the deprecation statement?

Just want to be safe and confirm whether there is actions required from our side, as we are relying heavily on Azure Event Hubs for our system.

Thank you!

Regards,

Ivan

Ivan Tioh 116 Reputation points

2024-10-11T07:20:17.0066667+00:00

Testing

Ivan Tioh 116 Reputation points

2024-10-11T07:20:45.7966667+00:00

Just want to be safe and confirm whether there is actions required from our side, as we are relying heavily on Azure Event Hubs for our system.

Ivan Tioh 116 Reputation points

2024-10-11T07:20:51.32+00:00

Testing

Ivan Tioh 116 Reputation points

2024-10-11T07:23:06.06+00:00

Sorry for the spam. I did not intend to do so. For some reason, the comment just not submitted and I have to trial and error to get through the flag. Somehow the attached string is flagged.

Ivan Tioh 116 Reputation points

2024-10-11T07:23:16.0233333+00:00

Testing

PRADEEPCHEEKATLA 90,241 Reputation points

2024-10-14T06:01:52.8733333+00:00

@Ivan Tioh - Regarding the deprecation of SAS authentication for Azure Event Hubs, I can confirm that Microsoft has announced that SAS authentication will be deprecated in the future. The exact timeline for this deprecation has not been announced yet.

The reason for this deprecation is to encourage customers to use Microsoft Azure Active Directory (Azure AD) for authentication and authorization. Azure AD provides a more secure and scalable way to manage access to Azure resources, including Azure Event Hubs.

I would recommend that you start planning to migrate to Azure AD for authentication and authorization. This will ensure that your system remains secure and compliant with the latest security standards.

If you have any further questions or concerns, please let me know.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Deprecation ETA on SAS Authentication for Azure Event Hub

0 additional answers

Your answer