Skip to content
BlurFirst

How to Blur the Azure Portal During Screen Sharing (Hide Subscription, Keys & Secrets)

7 min read

Walking through Azure on a call? Here's how to hide the subscription ID and name, tenant ID, resource group and resource names, Cost Management figures, Key Vault secrets, connection strings and storage keys in the Azure portal before you share your screen.

To hide subscription and resource data in the Azure portal during a screen share, blur the items in the page before you present — the subscription ID and name, the tenant (directory) ID, resource group and resource names, Cost Management figures, and secrets like Key Vault names, connection strings and storage account keys. BlurFirst paints each blur into the page as real pixels, so it survives Zoom, Google Meet, Microsoft Teams, Loom, OBS and screenshots of the shared feed.

The portal is a blade-based single-page app, so the same identifiers show up across many screens — the subscription filter and the directory switcher at the top-right, breadcrumbs, and overview blades. Cover the fixed chrome with anchored region blurs and use element blur for values. Start with Ctrl/⌘ ⇧ Y, and keep panic Ctrl/⌘ ⇧ H ready.

What the Azure portal exposes during a share

  • Subscription ID and name — on the Subscriptions blade and at the top of most resource overviews; the name often encodes the client or environment.
  • Tenant / directory ID — shown on the Microsoft Entra ID (Azure AD) overview and in the directory switcher top-right.
  • Resource group and resource names — in breadcrumbs, resource lists and the search bar, naming clients, apps and environments.
  • Cost Management figures — spend, forecasts and cost-by-resource charts under Cost Management → Cost analysis.
  • Key Vault secret names — the list under Key Vault → Secrets, plus a value if you click Show Secret Value.
  • Connection strings — for storage accounts, App Service → Configuration, and Azure SQL.
  • Storage account access keyskey1/key2 and their connection strings under Storage account → Access keys.
  • User principal names — UPNs like jane@contoso.onmicrosoft.com in Entra ID user and member lists.

Blur the Azure portal step by step

  1. 1

    Open the blade you'll present

    Navigate to the exact resource or blade before the call so you're not searching live, which surfaces other resource names in the results.

  2. 2

    Box-blur the subscription and directory selectors

    Drag a box over the top-right directory switcher and the subscription filter so the tenant and subscription context stays hidden as you move between blades.

  3. 3

    Element-blur IDs and names

    Click the subscription ID, tenant ID, a resource group name or a resource name to frost just that element; the rest of the blade stays readable. Click again to reveal.

  4. 4

    Handle Key Vault and Access keys carefully

    On Key Vault → Secrets or Storage account → Access keys, blur the value before you click Show Secret Value or Copy, or simply don't reveal it on the call.

  5. 5

    Run Scan and keep panic ready

    Scan (Pro) catches key/token patterns and email addresses (UPNs) locally in one click. If a connection string or another subscription appears unexpectedly, press Ctrl/⌘ ⇧ H to blur everything instantly.

Sensitive itemWhere it appearsBest gesture
Subscription ID + nameSubscriptions blade, overviewsElement blur, or box the header
Tenant / directory IDEntra ID, directory switcherBox-blur the top-right selector
Resource group / resource namesBreadcrumbs, resource listsElement blur per item
Key Vault secret / connection stringKey Vault, App configElement blur before revealing
Storage account keysAccess keys bladeElement blur key1/key2
Cost figuresCost ManagementBox-blur charts and totals
What to hide in the Azure portal, and the gesture that fits.

Why Azure RBAC doesn't protect the viewer

Azure RBAC, management groups and Conditional Access govern what the signed-in user can reach. On a screen share that user is *you*, so the audience sees your subscriptions, your tenant, every resource name and every dollar figure. RBAC gates access; it was never meant to control what someone watching your screen can read. In-page blurring works at the presentation layer, hiding those values from the viewer regardless of your role assignments.

Keep your Azure portal blurs on every visit

If you support or demo from the portal often, set the structural blurs once. BlurFirst Pro's per-site auto-apply re-applies your boxes (the directory switcher, the subscription filter) each time you open portal.azure.com, and they survive the portal's blade-by-blade re-rendering. The profile stores only a CSS selector per region — never the subscription ID, keys or connection strings inside it.

Frequently asked questions

Can I blur the subscription ID but keep the resource visible?

Yes. Element-blur the subscription ID and name, or box the header band that holds them, and leave the rest of the blade visible for your walkthrough. Click a blurred element again to reveal it.

Can BlurFirst hide a storage account key or connection string?

Yes, while it's shown in the browser tab. Blur the element before you click Show or Copy on the Access keys or Configuration blade. If a key was ever exposed elsewhere, regenerate it — blurring only protects the live view.

Will the blurs survive moving between blades?

Region blurs are anchored to a screen area and re-apply as the portal redraws each blade. Per-site auto-apply (Pro) restores your structural blurs automatically every visit.

Does Scan detect Azure keys and UPNs?

Scan detects key/token patterns and email addresses locally, so it catches many keys and the user principal names in Entra ID. Subscription IDs, tenant IDs and resource names aren't patterns it recognises, so blur those manually.

Does anything I blur get uploaded?

No. BlurFirst runs entirely in your browser and makes only a license-check request. Scan runs locally, so subscription and resource data never leave the page.

Blur it before you share it.

Hide any field, region or message on a page before your next call. Nothing you blur leaves your browser.

Add to Chrome