Merge pull request #272009 from pauljewellmsft/verify-shared-key

Provide alternate command to check shared key status

Author: prmerger-automator[bot]

articles/storage/common/shared-key-authorization-prevent.md

@@ -298,11 +298,22 @@ The **AllowSharedKeyAccess** property is supported for storage accounts that use
 
 ## Verify that Shared Key access is not allowed
 
-To verify that Shared Key authorization is no longer permitted, you can attempt to call a data operation with the account access key. The following example attempts to create a container using the access key. This call will fail when Shared Key authorization is disallowed for the storage account. Remember to replace the placeholder values in brackets with your own values:
+To verify that Shared Key authorization is no longer permitted, you can query the Azure Storage Account settings with the following command. Replace the placeholder values in brackets with your own values.
+
+```azurecli-interactive
+az storage account show \
+    --name <storage-account-name> \
+    --resource-group <resource-group-name> \
+    --query "allow-shared-key-access"
+```
+
+The command returns **false** if Shared Key authorization is disallowed for the storage account.
+
+You can further verify by attempting to call a data operation with the account access key. The following example attempts to create a container using the access key. This call will fail when Shared Key authorization is disallowed for the storage account. Replace the placeholder values in brackets with your own values:
 
 ```azurecli-interactive
 az storage container create \
-    --account-name <storage-account> \
+    --account-name <storage-account-name> \
     --name sample-container \
     --account-key <key> \
     --auth-mode key