How to Blur the Azure Portal During Screen Sharing (Hide Subscription, Keys & Secrets)
Walking through Azure on a call? Here's how to hide the subscription ID and name, tenant ID, resource group and resource names, Cost Management figures, Key Vault secrets, connection strings and storage keys in the Azure portal before you share your screen.
To hide subscription and resource data in the Azure portal during a screen share, blur the items in the page before you present — the subscription ID and name, the tenant (directory) ID, resource group and resource names, Cost Management figures, and secrets like Key Vault names, connection strings and storage account keys. BlurFirst paints each blur into the page as real pixels, so it survives Zoom, Google Meet, Microsoft Teams, Loom, OBS and screenshots of the shared feed.
The portal is a blade-based single-page app, so the same identifiers show up across many screens — the subscription filter and the directory switcher at the top-right, breadcrumbs, and overview blades. Cover the fixed chrome with anchored region blurs and use element blur for values. Start with Ctrl/⌘ ⇧ Y, and keep panic Ctrl/⌘ ⇧ H ready.
What the Azure portal exposes during a share
- Subscription ID and name — on the Subscriptions blade and at the top of most resource overviews; the name often encodes the client or environment.
- Tenant / directory ID — shown on the Microsoft Entra ID (Azure AD) overview and in the directory switcher top-right.
- Resource group and resource names — in breadcrumbs, resource lists and the search bar, naming clients, apps and environments.
- Cost Management figures — spend, forecasts and cost-by-resource charts under Cost Management → Cost analysis.
- Key Vault secret names — the list under Key Vault → Secrets, plus a value if you click Show Secret Value.
- Connection strings — for storage accounts, App Service → Configuration, and Azure SQL.
- Storage account access keys — key1/key2 and their connection strings under Storage account → Access keys.
- User principal names — UPNs like
jane@contoso.onmicrosoft.comin Entra ID user and member lists.
Blur the Azure portal step by step
- 1
Open the blade you'll present
Navigate to the exact resource or blade before the call so you're not searching live, which surfaces other resource names in the results.
- 2
Box-blur the subscription and directory selectors
Drag a box over the top-right directory switcher and the subscription filter so the tenant and subscription context stays hidden as you move between blades.
- 3
Element-blur IDs and names
Click the subscription ID, tenant ID, a resource group name or a resource name to frost just that element; the rest of the blade stays readable. Click again to reveal.
- 4
Handle Key Vault and Access keys carefully
On Key Vault → Secrets or Storage account → Access keys, blur the value before you click Show Secret Value or Copy, or simply don't reveal it on the call.
- 5
Run Scan and keep panic ready
Scan (Pro) catches key/token patterns and email addresses (UPNs) locally in one click. If a connection string or another subscription appears unexpectedly, press Ctrl/⌘ ⇧ H to blur everything instantly.
| Sensitive item | Where it appears | Best gesture |
|---|---|---|
| Subscription ID + name | Subscriptions blade, overviews | Element blur, or box the header |
| Tenant / directory ID | Entra ID, directory switcher | Box-blur the top-right selector |
| Resource group / resource names | Breadcrumbs, resource lists | Element blur per item |
| Key Vault secret / connection string | Key Vault, App config | Element blur before revealing |
| Storage account keys | Access keys blade | Element blur key1/key2 |
| Cost figures | Cost Management | Box-blur charts and totals |
Why Azure RBAC doesn't protect the viewer
Azure RBAC, management groups and Conditional Access govern what the signed-in user can reach. On a screen share that user is *you*, so the audience sees your subscriptions, your tenant, every resource name and every dollar figure. RBAC gates access; it was never meant to control what someone watching your screen can read. In-page blurring works at the presentation layer, hiding those values from the viewer regardless of your role assignments.
Keep your Azure portal blurs on every visit
If you support or demo from the portal often, set the structural blurs once. BlurFirst Pro's per-site auto-apply re-applies your boxes (the directory switcher, the subscription filter) each time you open portal.azure.com, and they survive the portal's blade-by-blade re-rendering. The profile stores only a CSS selector per region — never the subscription ID, keys or connection strings inside it.