From f1f8e1d27ef61f7cb40cd26fe9f0af2dc2928ff9 Mon Sep 17 00:00:00 2001
From: jolauMSFT <50600298+jolauMSFT@users.noreply.github.com>
Date: Fri, 5 Jul 2024 10:14:49 +1000
Subject: [PATCH 1/2] Update storage-account-key-note-include.md

Correcting the permissions that storage account keys give you as tested with Storage Explorer v1.34. Accessing a Storage account with the key gives you full access to the data, but not to the configuration or other keys.
This include is causing confusion and contradicts other parts of the parent Learn doc: https://learn.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage?tabs=azure-portal#protect-your-access-keys.
---
 includes/storage-account-key-note-include.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/storage-account-key-note-include.md b/includes/storage-account-key-note-include.md
index ebf8b3b134b18..1dc65d037b8c2 100644
--- a/includes/storage-account-key-note-include.md
+++ b/includes/storage-account-key-note-include.md
@@ -12,7 +12,7 @@ ms.custom: "include file", engagement-fy23
 
 ## Protect your access keys
 
-Storage account access keys provide full access to the configuration of a storage account, as well as the data. Always be careful to protect your access keys. Use Azure Key Vault to manage and rotate your keys securely. Access to the shared key grants a user full access to a storage account’s configuration and its data. Access to shared keys should be carefully limited and monitored. Use user delegation SAS tokens with limited scope of access in scenarios where Microsoft Entra ID based authorization can't be used. Avoid hard-coding access keys or saving them anywhere in plain text that is accessible to others. Rotate your keys if you believe they might have been compromised.
+Storage account access keys provide full access to the storage account data, and the ability to generate SAS tokens. Always be careful to protect your access keys. Use Azure Key Vault to manage and rotate your keys securely. Access to the shared key grants a user full access to a storage account’s data. Access to shared keys should be carefully limited and monitored. Use user delegation SAS tokens with limited scope of access in scenarios where Microsoft Entra ID based authorization can't be used. Avoid hard-coding access keys or saving them anywhere in plain text that is accessible to others. Rotate your keys if you believe they might have been compromised.
 
 > [!IMPORTANT]
 > To prevent users from accessing data in your storage account with Shared Key, you can disallow Shared Key authorization for the storage account. Granular access to data with least privileges necessary is recommended as a security best practice. Microsoft Entra ID based authorization using managed identities should be used for scenarios that support OAuth. Kerberos or SMTP should be used for Azure Files over SMB. For Azure Files over REST, SAS tokens can be used. Shared key access should be disabled if not required to prevent its inadvertent use. For more information, see [Prevent Shared Key authorization for an Azure Storage account](../articles/storage/common/shared-key-authorization-prevent.md).

From ef11418a99a681785dd4da8945ccfb30091b51ca Mon Sep 17 00:00:00 2001
From: Courtney Wales <62625502+Court72@users.noreply.github.com>
Date: Mon, 8 Jul 2024 09:32:17 -0600
Subject: [PATCH 2/2] apply suggestions from PR review

---
 includes/storage-account-key-note-include.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/storage-account-key-note-include.md b/includes/storage-account-key-note-include.md
index 1dc65d037b8c2..80d5932525afe 100644
--- a/includes/storage-account-key-note-include.md
+++ b/includes/storage-account-key-note-include.md
@@ -12,7 +12,7 @@ ms.custom: "include file", engagement-fy23
 
 ## Protect your access keys
 
-Storage account access keys provide full access to the storage account data, and the ability to generate SAS tokens. Always be careful to protect your access keys. Use Azure Key Vault to manage and rotate your keys securely. Access to the shared key grants a user full access to a storage account’s data. Access to shared keys should be carefully limited and monitored. Use user delegation SAS tokens with limited scope of access in scenarios where Microsoft Entra ID based authorization can't be used. Avoid hard-coding access keys or saving them anywhere in plain text that is accessible to others. Rotate your keys if you believe they might have been compromised.
+Storage account access keys provide full access to the storage account data and the ability to generate SAS tokens. Always be careful to protect your access keys. Use Azure Key Vault to manage and rotate your keys securely. Access to the shared key grants a user full access to a storage account’s data. Access to shared keys should be carefully limited and monitored. Use user delegation SAS tokens with limited scope of access in scenarios where Microsoft Entra ID based authorization can't be used. Avoid hard-coding access keys or saving them anywhere in plain text that is accessible to others. Rotate your keys if you believe they might have been compromised.
 
 > [!IMPORTANT]
 > To prevent users from accessing data in your storage account with Shared Key, you can disallow Shared Key authorization for the storage account. Granular access to data with least privileges necessary is recommended as a security best practice. Microsoft Entra ID based authorization using managed identities should be used for scenarios that support OAuth. Kerberos or SMTP should be used for Azure Files over SMB. For Azure Files over REST, SAS tokens can be used. Shared key access should be disabled if not required to prevent its inadvertent use. For more information, see [Prevent Shared Key authorization for an Azure Storage account](../articles/storage/common/shared-key-authorization-prevent.md).