Setting Up Azure Blob Storage


Set up Azure Blob Storage to store backup and restore files, and then give your Azure SQL managed instance access to the files.

Before You Begin

Verify that you have a minimum of the following settings enabled when generating the SAS token:

  • Allowed Services: Blob

  • Allowed resource type: Container and Object

  • Allowed Permissions: Read, Write, and Create


  1. Generate a shared access signatures (SAS) token for your Azure Storage from the Azure Portal.

    You can generate one of the three SASs that Azure Storage supports. For more information, go to Delegate Access with Shared Access Signatures on the Microsoft Azure documentation website.

    You can also generate the SAS token using the Azure command line or PowerShell.

  2. If you use Azure portal for the shared access signature, do the following:

    1. Log on to the portal.

    2. Click on your Storage Account, click the Shared access signature menu, and then click Generate SAS and connection string.

    3. Remove the question mark character ("?") from the beginning of the returned value and record this value for use in the next step.

  3. Using CREATE CREDENTIAL (Transact-SQL), create a T-SQL credential in your Azure SQL managed instance that allows Azure SQL managed instances to access the files from Azure Blob Storage, using the following values for the parameters:

    • credential_name: The URL for the “commvault” container in your Azure Blob Storage.

    • IDENTITY: Use "Shared Access Signature".

    • SECRET: The SAS token.

      For example, assume that the name of your Azure storage account is “testazurestorage”, and the value for the SAS token is the following:


      In that case, use the following T-SQL credential generation statement:

      CREATE CREDENTIAL [] WITH IDENTITY='Shared Access Signature', SECRET='sv=2018-03-28&sr=c&si=test_Policy&sig=4gFj4b%2BJPywWFrDIJbV6L69R4iQtlw72695oFBjepVM%3D'