How to setup SFTP using Azure Blob Storage (Manual)

Since 2022 Microsoft supports the SSH FTP protocol on the Azure Blob Storage accounts. In this manual I will show you how to setup SFTP on Azure Blob storage.

image 58

Before you can use SFTP, you will need to know a few things. One of them is that SFTP relies on the hierarchical namespace. Hierarchical namespace organizes objects (files) into a hierarchy of directories and subdirectories in the same way that the file system on your computer is organized.

Azure Blob storage unfortunatly doesn’t support Microsoft Entra ID (B2b) authentication, instead it uses local users. Local users must use either a password or a Secure Shell (SSH) private key credential for authentication. You can have a maximum of 1000 local users for a storage account.

When you create a local user, Azure will generate a password for you when you choose password authentication. Make sure to copy that password and save it in a location where you can find it later. You won’t be able to retrieve that password from Azure again. If you lose the password, you’ll have to generate a new one. For security reasons, you can’t set the password yourself.

If you choose to authenticate with private-public key pair, you can either generate one, use one already stored in Azure, or provide Azure the public key of an existing public-private key pair. You can have a maximum of 10 public keys per local user. You can use multiple keys to do a rolling update.


If you want to deploy an SFTP resource in Azure, you will have to keep in mind that Microsoft will charge you extra for each running SFTP instance. Price consists out of the following components for the Azure SFTP service:

Price in DollarsPrice in Euros
Storage per GB per month$ 0,0036 – 0,15€ 0,000341 – 0,14180
Storage transactions per 10k$ 0,00 – 0,234€ 0,00 – 0,2212
SFTP per Hour$ 0,30€ 0,29


STEP 1: Create the Storage account

Go to the Azure Portal, and go to Storage Accounts and Create a new storage account.

image 59

Now fill in the Storage account name, select a region and redundancy.

image 60

On the advanced tab we will need to select 2 options. Select the Enable hierarchical namespace and Enable SFTP.

image 61

Fill in all other tabs with your own requirements


Create the storage account when ready.

image 1

STEP 2: Create Container

Now go to Containers and create a new Container. For this manual I just created an sftp container.

image 3

STEP 3: Configure SFTP

Now go to your newly created Azure Resource and go to SFTP. And click on Add local user

image 2

Now create a Username, select an Authentication method. When completed go to Container permissions

image 4

Now select the just created Container (or create a new one) and select the desired permissions for each container.

image 8

When the local user is created you will get a popup with the key or password, and it will be shown only once! So save the password. You can only reset it, never retrieve it:

image 6

Now lets get the connection information: Copy the connection string, and change <CONTAINER_NAME> with the name of the container we just created, in our case it looks like this with the container name sftp:

image 10

Now lets try to connect to our new SFTP share:

image 7

We just got a succesful login and we are able to read all shares and files.

image 9

More information:

SFTP Pricing: Azure Storage Blobs Pricing | Microsoft Azure

Add a Comment

Your email address will not be published. Required fields are marked *