Good stuff! Thanks John, this looks like a very powerful feature! Great coverage.

Thanks John, well explained as usual

Great write-up. I wonder could it be a solution for authorising access with frequently changing levels: so we have a data storage and all users have read access role. But we add a per-user condition and assign index tag, when we want to allow a user access specific blob.... Would it work? What are the restrictions on number of tags in user assignment? (so can we dynamically add 100/500 tags to a user assignment?) How is it encoded in access token (or is it evaluated in the backend?)? If we need to provide an URL-based access to the data, is it feasible to have a service, requesting the blob content on behalf of the user via rest api and presenting it via an url? or is there any better way? Or may be you can share name of the PM of the feature so I could try to find answers there..

This is very interesting thanks for making the video.

Thank you John..!!

Could you combine this with AAD B2C to control blob access and restrict to B2C users?

Game changer indeed. Unfortunately, seems for me, the option to use tags as condition is not yet available. I dont see it in the drop down of choices of attributes. Only account name, container name or blob path. :-( Hopefully it'll be available soon.