Setting up a VBR server - with M365 also on the same server - and attempting to connect to Azure blob storage. Azure is still fresh to me so trying to piece together all the information as on-prem is where I have been in the past.
Authorization with Azure AD provides superior security and ease of use over Shared Key authorization. Microsoft recommends using Azure AD authorization with your blob applications when possible to assure access with minimum required privileges.
Authorization with Shared Key is not recommended as it may be less secure. For optimal security, disable authorization via Shared Key for your storage account, as described in Prevent Shared Key authorization for an Azure Storage account.
Use of access keys and connection strings should be limited to initial proof of concept apps or development prototypes that don't access production or sensitive data. Otherwise, the token-based authentication classes available in the Azure SDK should always be preferred when authenticating to Azure resources.
Microsoft recommends that clients use either Azure AD or a shared access signature (SAS) to authorize access to data in Azure Storage. For more information, see Authorize operations for data access.
I read that as we should not be using shared keys outside PoC and instead use token based Azure AD authentication. I set 'Azure AD user account' as the authentication method for the container and set the roles to access it but when running the Azure blob connection wizard only shared key is an option via VBR. Am I missing something when comparing the above MS article vs the Veeam set up?