Scenario:
As part of a company compliance policy and security review [Audit] you may be advised to disable SAS access policy on existing Azure storage account.
The SAS key in Azure storage must be disabled as recommended by the best practices. The impact of disabling Shared Access Key on the storage account when LCM is enabled. By default, storage Access key is enabled at storage account level.
In order to disable this property as part of best practice suggested above on existing storage account, we need to identify which Application/process is using storage account with this SAS key.
Solution
As mentioned in this public article below you need to enable storage logging, you may observe in the logs its showing LCM is using is SAS based authentication in case you have configured LCM policy in storage account.
Prevent authorization with Shared Key - Azure Storage | Microsoft Docs
These log files are irrelevant since LCM uses System Key SAS, so we can ignore these logs. System Key and Admin Keys are still supported for SAS and Shared Key when AllowSharedKeyAccess=false.
Therefore, the final conclusion and the result is that this property will not affect your LCM policy.
Microsoft
