Skip to main content

πŸ”’ Revoking Storage Access

⚠️ WARNING: THIS FEATURE WILL BE AVAILABLE FROM 25.3.2 RELEASE

πŸ“˜ Introduction​

This guide walks you through the step-by-step process for revoking storage access for storage accounts in your Azure subscription, specifically for processing flow logs via the Xshield Cloud Connector.

βœ… Prerequisites​

Before you begin, ensure the following:

  • Your Azure subscription is onboarded to the Xshield Cloud Connector.

πŸ”’ Revoking Storage Access​

Step 1: Navigate to Cloud Connector​

  1. Log in to the Xshield Management Portal.
  2. In the left navigation menu, click Sensors.
  3. Select Cloud Connector from the Sensors list.

Step 2: Access Storage Accounts​

Cloud Connector dashboard

  1. Click the Connector Name associated with the storage accounts you wish to access, or click the value in the Storage Accounts column.
  2. You will be redirected to the Storage Accounts page.

Step 3: Select Storage Accounts​

Storage Accounts page

πŸ’‘ Note: If Enable Storage Read Access was activated during onboarding, individual revocation isn't supported.
You must first revoke access for all storage accounts:

  • Select all accounts using the checkbox in the Storage Name column header.
  • Click the Storage Access dropdown button (top-right).
  • If not all accounts are selected, the button will be disabled, and you’ll see a tooltip message like below:

Revoke all message tooltip

  1. Select one or more storage accounts by checking the box next to each account name.

Step 4: Choose Revoke Option​

Revoke dropdown

  1. Click the Storage Access dropdown button (top-right).
  2. Select Revoke from the menu.

Step 5: Authenticate with Azure​

In the new window that opens:

Azure Sign-in

  1. Click Sign in and Allow.
  2. A new browser window will open for Azure authentication.
  3. Sign in using your Azure AD credentials (requires Application Administrator permissions).
  4. Review the permission request for the Xshield Cloud Connector app.

Permission request

  1. Click Accept to authorize.
  2. You’ll be redirected to the storage access revocation page.

Step 6: Revoke Access​

Revoke confirmation

  1. Click Revoke Access to finalize the revocation for the selected Storage Accounts.
  2. Once complete, you’ll be taken back to the storage accounts page.

Post-revocation status

  • Revoked accounts will show "Not allowed" in the Storage Access column.

Let me know if you'd like to build a grant/revoke automation flow or refine this for publishing on a docs site.