BlobBridge Deployment Checklist for SharePoint Admins

1. Confirm prerequisites

• Microsoft 365 tenant with a SharePoint App Catalog (tenant or site collection).
• An Azure subscription where the storage account already exists or can be provisioned.
• BlobBridge licence file (trial or full) and the blob-bridge SPFx package downloaded from the customer portal.
• Admin personas: Azure subscription owner (or with Storage Account Contributor), SharePoint tenant admin, and someone who can assign Azure AD roles.

Tip: capture the Microsoft 365 Tenant ID and Azure subscription ID in the change ticket so every team is working from the same source of truth.

2. Harden and configure the storage account

BlobBridge reads and writes directly to the Azure Storage account you provide. Before you worry about SharePoint, guarantee the storage layer is in the right shape:

1. Use a General-purpose v2 account with hierarchical namespaces disabled (BlobBridge works with block blob containers).
2. Enable secure transfer required and restrict public network access according to your policy. Private endpoints work—just ensure the SharePoint tenant can resolve the FQDN.
3. Under Configuration, confirm that Storage account key access is enabled. BlobBridge uses SAS or user delegation keys, but key access must not be blocked at the account level.
4. Decide whether hot/cool tiers or lifecycle policies will be applied to the target containers and document the defaults.

If the platform team manages storage accounts centrally, request the configuration in writing so it can be traced during the go-live review.

3. Assign the right Azure roles

BlobBridge relies on Azure RBAC to govern SAS creation and container operations. The easiest way to unblock administrators is to map roles deliberately:

• Grant the deployment engineer the Storage Blob Data Owner role on the storage account scope so they can manage ACLs, generate SAS tokens and validate permissions.
• If you are separating duties, provide the operations team the Storage Blob Data Owner role and the SharePoint team Storage Blob Data Reader for audit visibility.
• Document who can rotate the SAS, who can create additional containers and who is accountable for cost alerts.

Do not rely on the classic account-key model—RBAC + SAS keeps the deployment aligned with Azure security baselines.

4. Create containers and scope SAS correctly

Most production tenants want predictable SAS scope from day one. Follow this sequence:

1. Create blob containers using naming conventions that match your SharePoint audiences (for example hr-shared, projects-emea).
2. For static SAS, generate tokens limited to the required operations (CRUD) and set expiries that align with your rotation policy (typically 30–90 days).
3. If you plan to use user delegation SAS, configure an Azure AD application and document the token issuance flow before go-live.
4. Record the storage endpoint URLs and SAS strings in your secure vault—never paste them into emails or change tickets.

Need a walkthrough? See the docs section on “Container creation & SAS setup” after you complete this checklist; it mirrors the steps above with screenshots.

5. Prepare the BlobBridge artefacts

BlobBridge ships as an SPFx package plus a licence file.

• Virus-scan the .sppkg and licence before uploading to your tenant.
• Capture the package version and SHA-256 hash (provided in the release notes) in the deployment ticket.
• Store the licence file in a SharePoint document library that the web part can reach—usually a locked-down “Apps” library at the tenant level.

6. Publish to SharePoint

This is the moment the SharePoint admin steps in:

1. Upload the blob-bridge.sppkg package to the App Catalog. Approve deployment tenant-wide.
2. Add the “BlobBridge” web part to a pilot communication site and configure it with your first SAS token.
3. Reference the licence file location in the web part properties and confirm the licence status shows as Valid.
4. Test uploads, renames and deletes to ensure storage permissions align with the SAS scopes you defined.

7. Validate security and compliance

Before you open the floodgates, prove that controls are in place:

• Review Azure Storage diagnostic logging and ensure it is being shipped to Log Analytics or your SIEM.
• Confirm data residency and retention policies are noted in the deployment record (BlobBridge keeps files inside Azure, not SharePoint).
• Share your SAS rotation cadence with the security team and note who will execute it.
• Document the process for revoking a SAS immediately if a container is compromised.

8. Plan go-live and ongoing operations

With technical tasks complete, keep the momentum rolling:

1. Create a communication pack for end users explaining how BlobBridge mirrors the SharePoint document library experience.
2. Schedule a post-implementation review two weeks after launch to capture feedback and confirm telemetry (cost, latency, error rates).
3. Automate alerts for storage capacity thresholds and SAS renewals.
4. Back up the configuration: licence file path, SAS values, container list and custom CSS if you applied any branding.