Merge pull request #123124 from azarboon/patch-99

Court72 · web-flow · commit d2969cc46df4 · 2024-06-11T08:54:45.000-06:00
Update authorize-data-access.md
diff --git a/articles/storage/common/authorize-data-access.md b/articles/storage/common/authorize-data-access.md
@@ -80,7 +80,7 @@ The following section briefly describes the authorization options for Azure Stor
 
 - **Shared Key authorization**: Applies to blobs, files, queues, and tables. A client using Shared Key passes a header with every request that is signed using the storage account access key. For more information, see [Authorize with Shared Key](/rest/api/storageservices/authorize-with-shared-key/).
 
-    Microsoft recommends that you disallow Shared Key authorization for your storage account. When Shared Key authorization is disallowed, clients must use Microsoft Entra ID or a user delegation SAS to authorize requests for data in that storage account. For more information, see [Prevent Shared Key authorization for an Azure Storage account](shared-key-authorization-prevent.md).
+    The storage account access key should be used with caution. Anyone who has the access key is able to authorize requests against the storage account, and effectively has access to all the data. Microsoft recommends that you disallow Shared Key authorization for your storage account. When Shared Key authorization is disallowed, clients must use Microsoft Entra ID or a user delegation SAS to authorize requests for data in that storage account. For more information, see [Prevent Shared Key authorization for an Azure Storage account](shared-key-authorization-prevent.md).
 
 - **Shared access signatures** for blobs, files, queues, and tables. Shared access signatures (SAS) provide limited delegated access to resources in a storage account via a signed URL. The signed URL specifies the permissions granted to the resource and the interval over which the signature is valid. A service SAS or account SAS is signed with the account key, while the user delegation SAS is signed with Microsoft Entra credentials and applies to blobs only. For more information, see [Using shared access signatures (SAS)](storage-sas-overview.md).
 
