This article explains how to set up a Diplomat transaction with Microsoft Azure cloud storage as a source or destination partner Diplomat MFT can transfer files to and/or from Azure Blob storage (including Azure Data Lake), or Azure File shares.
Diplomat MFT supports both key-based authentication to the storage account, or a Shared Access Signature (SAS) token via a URL. Coviant Software strongly recommends a SAS URL because it allows fine-grained access control, IP access restrictions, and token expiration.
A tutorial on Microsoft Azure file storage, including how to set up a storage account and define a share, can be found at https://learn.microsoft.com/en-us/azure/storage/common/storage-account-create
Prerequisites
- An Microsoft Azure Storage account.
- At least one share defined in the File Service section of the account, or a Blob container.
- A Microsoft Azure account access key or SAS URL.
Authentication
1. BLOB Shared Access Signature (SAS) URL
To generate a BLOB SAS URL, perform the following:
- Log on to your Microsoft Azure account
- On the Dashboard, click the storage account resource, and then the container for which you want to generate a BLOB SAS URL.
- Under ‘Settings’ in the left-hand navigation panel click ‘Shared access tokens’.
- In the right-hand side,
- Select the appropriate permissions. Diplomat MFT needs “list” for all operations, and “read”, “create”, and/or “write” depending upon how you plan to use the SAS token (i.e., as a Source vs Destination partner)
- Choose the access times for the token to be active.
- (Optionally, you can set an IP address from which connections will be accepted for this token. You should put the external IP address (or range) of your Diplomat MFT server)
- Finally, press “Generate SAS token and URL”, and copy the value from the “Blob SAS URL” field.

2. Microsoft Azure Access Key
- Log on to your Microsoft Azure account.
- On the Dashboard, click the storage account resource for which you want to download an access key.
- Under ‘Settings’ in the left-hand navigation panel click ‘Access Keys’.
- Click the ‘Click to Copy’ icon.
- You will need to paste this key into the ‘Key’ field in the Diplomat transaction in the next step.
Setting Up Diplomat Transaction

- Open the Diplomat MFT Client.
- Under Transactions in the top menu bar, select either “Create Inbound Transaction…” or “Create Outbound Transaction…” to create a new transaction, or under the Partners menu choose “Create Public Partner…” or “Create Trusted Partner…”
- Choose ‘Microsoft Azure’ as the transport type.
- Choose the storage type to be used, and fill in the appropriate details:
- Fill the ‘Account’ field with the name of your Microsoft Azure Storage account. (Not required for SAS authentication)
- Fill the ‘Key’ field with the account’s access key. or SAS URL value when using SAS.
- Fill the ‘Share/Container’ field with the name of the share to be used.
- The ‘Directory’ field is optional. When used, it refers to a sub-directory of the share.
- Click the ‘Test’ button to see the current contents of your share or sub-directory.