Which security solution enables time-limited access to blobs in Azure?

The correct choice is Shared access signatures (SAS) because they provide a way to grant limited access to Azure storage resources, such as blobs, for a specified period. With a SAS token, you can control the permissions associated with the access—such as read, write, or delete—and define when the access will expire. This time-limited access is particularly useful for scenarios where temporary access to data is necessary, such as sharing files with external users or applications without exposing full access to your storage account.

In contrast, access keys offer unrestricted access to your Azure storage account and do not support time limits, making them less secure for scenarios requiring controlled access. Private endpoints facilitate secure connections to Azure services and do not inherently manage access permissions or their durations. Storage account firewalls restrict access to the entire storage account based on IP addresses or virtual networks, lacking the granularity and flexibility of SAS tokens to control access at the blob level with specific time limitations.