diff --git a/sdk/keyvault/azure-security-keyvault-administration/src/settings_client.cpp b/sdk/keyvault/azure-security-keyvault-administration/src/settings_client.cpp
index d9a40b8c5..0d21b0ae1 100644
--- a/sdk/keyvault/azure-security-keyvault-administration/src/settings_client.cpp
+++ b/sdk/keyvault/azure-security-keyvault-administration/src/settings_client.cpp
@@ -11,7 +11,7 @@
 #include <azure/core/internal/json/json_optional.hpp>
 #include <azure/core/internal/json/json_serializable.hpp>
 #include <azure/keyvault/administration/settings_client.hpp>
-#include <azure/keyvault/shared/keyvault_challenge_based_authentication_policy.hpp>
+#include <azure/keyvault/shared/keyvault_challenge_based_auth.hpp>
 #include <azure/keyvault/shared/keyvault_shared.hpp>
 
 #include <memory>
diff --git a/sdk/keyvault/azure-security-keyvault-certificates/src/certificate_client.cpp b/sdk/keyvault/azure-security-keyvault-certificates/src/certificate_client.cpp
index 9894a4884..aeb8cdaf8 100644
--- a/sdk/keyvault/azure-security-keyvault-certificates/src/certificate_client.cpp
+++ b/sdk/keyvault/azure-security-keyvault-certificates/src/certificate_client.cpp
@@ -3,7 +3,7 @@
 
 #include "azure/keyvault/certificates/certificate_client.hpp"
 
-#include "azure/keyvault/shared/keyvault_challenge_based_authentication_policy.hpp"
+#include "azure/keyvault/shared/keyvault_challenge_based_auth.hpp"
 #include "azure/keyvault/shared/keyvault_shared.hpp"
 #include "private/certificate_constants.hpp"
 #include "private/certificate_serializers.hpp"
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/cryptography/cryptography_client.cpp b/sdk/keyvault/azure-security-keyvault-keys/src/cryptography/cryptography_client.cpp
index 975511e9b..95ccbdaa9 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/cryptography/cryptography_client.cpp
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/cryptography/cryptography_client.cpp
@@ -17,7 +17,7 @@
 #include <azure/core/exception.hpp>
 #include <azure/core/http/http.hpp>
 #include <azure/core/http/policies/policy.hpp>
-#include <azure/keyvault/shared/keyvault_challenge_based_authentication_policy.hpp>
+#include <azure/keyvault/shared/keyvault_challenge_based_auth.hpp>
 #include <azure/keyvault/shared/keyvault_shared.hpp>
 
 #include <algorithm>
diff --git a/sdk/keyvault/azure-security-keyvault-keys/src/key_client.cpp b/sdk/keyvault/azure-security-keyvault-keys/src/key_client.cpp
index 6ba7c8127..d2299898f 100644
--- a/sdk/keyvault/azure-security-keyvault-keys/src/key_client.cpp
+++ b/sdk/keyvault/azure-security-keyvault-keys/src/key_client.cpp
@@ -15,7 +15,7 @@
 #include <azure/core/http/http.hpp>
 #include <azure/core/http/policies/policy.hpp>
 #include <azure/core/internal/http/pipeline.hpp>
-#include <azure/keyvault/shared/keyvault_challenge_based_authentication_policy.hpp>
+#include <azure/keyvault/shared/keyvault_challenge_based_auth.hpp>
 #include <azure/keyvault/shared/keyvault_shared.hpp>
 
 #include <algorithm>
diff --git a/sdk/keyvault/azure-security-keyvault-secrets/src/secret_client.cpp b/sdk/keyvault/azure-security-keyvault-secrets/src/secret_client.cpp
index c756f6d07..8528e1b78 100644
--- a/sdk/keyvault/azure-security-keyvault-secrets/src/secret_client.cpp
+++ b/sdk/keyvault/azure-security-keyvault-secrets/src/secret_client.cpp
@@ -18,7 +18,7 @@
 #include <azure/core/credentials/credentials.hpp>
 #include <azure/core/http/http.hpp>
 #include <azure/core/http/policies/policy.hpp>
-#include <azure/keyvault/shared/keyvault_challenge_based_authentication_policy.hpp>
+#include <azure/keyvault/shared/keyvault_challenge_based_auth.hpp>
 #include <azure/keyvault/shared/keyvault_shared.hpp>
 
 #include <algorithm>
diff --git a/sdk/keyvault/azure-security-keyvault-secrets/test/ut/challenge_based_authentication_policy_test.cpp b/sdk/keyvault/azure-security-keyvault-secrets/test/ut/challenge_based_authentication_policy_test.cpp
index 5514ada63..028e49c6a 100644
--- a/sdk/keyvault/azure-security-keyvault-secrets/test/ut/challenge_based_authentication_policy_test.cpp
+++ b/sdk/keyvault/azure-security-keyvault-secrets/test/ut/challenge_based_authentication_policy_test.cpp
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-#include "azure/keyvault/shared/keyvault_challenge_based_authentication_policy.hpp"
+#include "azure/keyvault/shared/keyvault_challenge_based_auth.hpp"
 #include "azure/keyvault/shared/keyvault_shared.hpp"
 
 #include <azure/core/internal/http/pipeline.hpp>
diff --git a/sdk/keyvault/azure-security-keyvault-shared/inc/azure/keyvault/shared/keyvault_challenge_based_auth.hpp b/sdk/keyvault/azure-security-keyvault-shared/inc/azure/keyvault/shared/keyvault_challenge_based_auth.hpp
new file mode 100644
index 000000000..cd3e41f65
--- /dev/null
+++ b/sdk/keyvault/azure-security-keyvault-shared/inc/azure/keyvault/shared/keyvault_challenge_based_auth.hpp
@@ -0,0 +1,188 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+/**
+ * @file
+ * @brief Key Vault Challenge-Based Authentication Policy.
+ *
+ */
+
+#pragma once
+
+#include <azure/core/http/policies/policy.hpp>
+#include <azure/core/internal/credentials/authorization_challenge_parser.hpp>
+
+#include <stdexcept>
+
+namespace Azure { namespace Security { namespace KeyVault { namespace _internal {
+  /**
+   * @brief Challenge-Based Authentication Policy for Key Vault.
+   *
+   */
+  class KeyVaultChallengeBasedAuthenticationPolicy final
+      : public Core::Http::Policies::_internal::BearerTokenAuthenticationPolicy {
+  private:
+    mutable Core::Credentials::TokenRequestContext m_tokenRequestContext;
+
+  public:
+    explicit KeyVaultChallengeBasedAuthenticationPolicy(
+        std::shared_ptr<Core::Credentials::TokenCredential const> credential,
+        Core::Credentials::TokenRequestContext tokenRequestContext)
+        : BearerTokenAuthenticationPolicy(credential, tokenRequestContext),
+          m_tokenRequestContext(tokenRequestContext)
+    {
+    }
+
+    std::unique_ptr<HttpPolicy> Clone() const override
+    {
+      return std::make_unique<KeyVaultChallengeBasedAuthenticationPolicy>(*this);
+    }
+
+  private:
+    std::unique_ptr<Core::Http::RawResponse> AuthorizeAndSendRequest(
+        Core::Http::Request& request,
+        Core::Http::Policies::NextHttpPolicy& nextPolicy,
+        Core::Context const& context) const override
+    {
+      AuthenticateAndAuthorizeRequest(request, m_tokenRequestContext, context);
+      return nextPolicy.Send(request, context);
+    }
+
+    bool AuthorizeRequestOnChallenge(
+        std::string const& challenge,
+        Core::Http::Request& request,
+        Core::Context const& context) const override
+    {
+      auto const scope = GetScope(challenge);
+      if (scope.empty())
+      {
+        return false;
+      }
+
+      ValidateChallengeResponse(scope, request.GetUrl().GetHost());
+
+      auto const tenantId = GetTenantId(GetAuthorization(challenge));
+      m_tokenRequestContext.TenantId = tenantId;
+      m_tokenRequestContext.Scopes = {scope};
+
+      AuthenticateAndAuthorizeRequest(request, m_tokenRequestContext, context);
+      return true;
+    }
+
+    static std::string TrimTrailingSlash(std::string const& s)
+    {
+      return (s.empty() || s.back() != '/') ? s : s.substr(0, s.size() - 1);
+    }
+
+    static std::string GetScope(std::string const& challenge)
+    {
+      using Core::Credentials::_internal::AuthorizationChallengeParser;
+
+      auto resource
+          = AuthorizationChallengeParser::GetChallengeParameter(challenge, "Bearer", "resource");
+
+      return !resource.empty()
+          ? (TrimTrailingSlash(resource) + "/.default")
+          : AuthorizationChallengeParser::GetChallengeParameter(challenge, "Bearer", "scope");
+    }
+
+    static std::string GetAuthorization(std::string const& challenge)
+    {
+      using Core::Credentials::_internal::AuthorizationChallengeParser;
+
+      auto authorization = AuthorizationChallengeParser::GetChallengeParameter(
+          challenge, "Bearer", "authorization");
+
+      return !authorization.empty() ? authorization
+                                    : AuthorizationChallengeParser::GetChallengeParameter(
+                                        challenge, "Bearer", "authorization_uri");
+    }
+
+    static bool TryParseUrl(std::string const& s, Core::Url& outUrl)
+    {
+      using Core::Url;
+      try
+      {
+        outUrl = Url(s);
+      }
+      catch (std::out_of_range const&)
+      {
+        return false;
+      }
+      catch (std::invalid_argument const&)
+      {
+        return false;
+      }
+
+      return true;
+    }
+
+    static void ValidateChallengeResponse(std::string const& scope, std::string const& requestHost)
+    {
+      using Core::Url;
+      using Core::Credentials::AuthenticationException;
+
+      Url scopeUrl;
+      if (!TryParseUrl(scope, scopeUrl))
+      {
+        throw AuthenticationException("The challenge contains invalid scope '" + scope + "'.");
+      }
+
+      auto const& scopeHost = scopeUrl.GetHost();
+
+      // Check whether requestHost.ends_with(scopeHost)
+      auto const requestHostLength = requestHost.length();
+      auto const scopeHostLength = scopeHost.length();
+
+      bool domainMismatch = requestHostLength < scopeHostLength;
+      if (!domainMismatch)
+      {
+        auto const requestHostOffset = requestHostLength - scopeHostLength;
+        for (size_t i = 0; i < scopeHostLength; ++i)
+        {
+          if (requestHost[requestHostOffset + i] != scopeHost[i])
+          {
+            domainMismatch = true;
+            break;
+          }
+        }
+      }
+
+      if (domainMismatch)
+      {
+        throw AuthenticationException(
+            "The challenge resource '" + scopeHost + "' does not match the requested domain.");
+      }
+    }
+
+    static std::string GetTenantId(std::string const& authorization)
+    {
+      using Core::Url;
+      using Core::Credentials::AuthenticationException;
+
+      if (!authorization.empty())
+      {
+        Url authorizationUrl;
+        if (TryParseUrl(authorization, authorizationUrl))
+        {
+          auto const& path = authorizationUrl.GetPath();
+          if (!path.empty())
+          {
+            auto const firstSlash = path.find('/');
+            if (firstSlash == std::string::npos)
+            {
+              return path;
+            }
+            else if (firstSlash > 0)
+            {
+              return path.substr(0, firstSlash);
+            }
+          }
+        }
+      }
+
+      throw AuthenticationException(
+          "The challenge authorization URI '" + authorization + "' is invalid.");
+    }
+  };
+}}}} // namespace Azure::Security::KeyVault::_internal
diff --git a/sdk/keyvault/azure-security-keyvault-shared/inc/azure/keyvault/shared/keyvault_challenge_based_authentication_policy.hpp b/sdk/keyvault/azure-security-keyvault-shared/inc/azure/keyvault/shared/keyvault_challenge_based_authentication_policy.hpp
index cd3e41f65..d28db308d 100644
--- a/sdk/keyvault/azure-security-keyvault-shared/inc/azure/keyvault/shared/keyvault_challenge_based_authentication_policy.hpp
+++ b/sdk/keyvault/azure-security-keyvault-shared/inc/azure/keyvault/shared/keyvault_challenge_based_authentication_policy.hpp
@@ -1,188 +1,10 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-/**
- * @file
- * @brief Key Vault Challenge-Based Authentication Policy.
- *
- */
-
 #pragma once
 
-#include <azure/core/http/policies/policy.hpp>
-#include <azure/core/internal/credentials/authorization_challenge_parser.hpp>
+// This header file is left for compatibility purposes.
+// The name of this header is long, and may cause build error on Windows systems on some
+// installations, with long path and maximum path length of 260 characters.
 
-#include <stdexcept>
-
-namespace Azure { namespace Security { namespace KeyVault { namespace _internal {
-  /**
-   * @brief Challenge-Based Authentication Policy for Key Vault.
-   *
-   */
-  class KeyVaultChallengeBasedAuthenticationPolicy final
-      : public Core::Http::Policies::_internal::BearerTokenAuthenticationPolicy {
-  private:
-    mutable Core::Credentials::TokenRequestContext m_tokenRequestContext;
-
-  public:
-    explicit KeyVaultChallengeBasedAuthenticationPolicy(
-        std::shared_ptr<Core::Credentials::TokenCredential const> credential,
-        Core::Credentials::TokenRequestContext tokenRequestContext)
-        : BearerTokenAuthenticationPolicy(credential, tokenRequestContext),
-          m_tokenRequestContext(tokenRequestContext)
-    {
-    }
-
-    std::unique_ptr<HttpPolicy> Clone() const override
-    {
-      return std::make_unique<KeyVaultChallengeBasedAuthenticationPolicy>(*this);
-    }
-
-  private:
-    std::unique_ptr<Core::Http::RawResponse> AuthorizeAndSendRequest(
-        Core::Http::Request& request,
-        Core::Http::Policies::NextHttpPolicy& nextPolicy,
-        Core::Context const& context) const override
-    {
-      AuthenticateAndAuthorizeRequest(request, m_tokenRequestContext, context);
-      return nextPolicy.Send(request, context);
-    }
-
-    bool AuthorizeRequestOnChallenge(
-        std::string const& challenge,
-        Core::Http::Request& request,
-        Core::Context const& context) const override
-    {
-      auto const scope = GetScope(challenge);
-      if (scope.empty())
-      {
-        return false;
-      }
-
-      ValidateChallengeResponse(scope, request.GetUrl().GetHost());
-
-      auto const tenantId = GetTenantId(GetAuthorization(challenge));
-      m_tokenRequestContext.TenantId = tenantId;
-      m_tokenRequestContext.Scopes = {scope};
-
-      AuthenticateAndAuthorizeRequest(request, m_tokenRequestContext, context);
-      return true;
-    }
-
-    static std::string TrimTrailingSlash(std::string const& s)
-    {
-      return (s.empty() || s.back() != '/') ? s : s.substr(0, s.size() - 1);
-    }
-
-    static std::string GetScope(std::string const& challenge)
-    {
-      using Core::Credentials::_internal::AuthorizationChallengeParser;
-
-      auto resource
-          = AuthorizationChallengeParser::GetChallengeParameter(challenge, "Bearer", "resource");
-
-      return !resource.empty()
-          ? (TrimTrailingSlash(resource) + "/.default")
-          : AuthorizationChallengeParser::GetChallengeParameter(challenge, "Bearer", "scope");
-    }
-
-    static std::string GetAuthorization(std::string const& challenge)
-    {
-      using Core::Credentials::_internal::AuthorizationChallengeParser;
-
-      auto authorization = AuthorizationChallengeParser::GetChallengeParameter(
-          challenge, "Bearer", "authorization");
-
-      return !authorization.empty() ? authorization
-                                    : AuthorizationChallengeParser::GetChallengeParameter(
-                                        challenge, "Bearer", "authorization_uri");
-    }
-
-    static bool TryParseUrl(std::string const& s, Core::Url& outUrl)
-    {
-      using Core::Url;
-      try
-      {
-        outUrl = Url(s);
-      }
-      catch (std::out_of_range const&)
-      {
-        return false;
-      }
-      catch (std::invalid_argument const&)
-      {
-        return false;
-      }
-
-      return true;
-    }
-
-    static void ValidateChallengeResponse(std::string const& scope, std::string const& requestHost)
-    {
-      using Core::Url;
-      using Core::Credentials::AuthenticationException;
-
-      Url scopeUrl;
-      if (!TryParseUrl(scope, scopeUrl))
-      {
-        throw AuthenticationException("The challenge contains invalid scope '" + scope + "'.");
-      }
-
-      auto const& scopeHost = scopeUrl.GetHost();
-
-      // Check whether requestHost.ends_with(scopeHost)
-      auto const requestHostLength = requestHost.length();
-      auto const scopeHostLength = scopeHost.length();
-
-      bool domainMismatch = requestHostLength < scopeHostLength;
-      if (!domainMismatch)
-      {
-        auto const requestHostOffset = requestHostLength - scopeHostLength;
-        for (size_t i = 0; i < scopeHostLength; ++i)
-        {
-          if (requestHost[requestHostOffset + i] != scopeHost[i])
-          {
-            domainMismatch = true;
-            break;
-          }
-        }
-      }
-
-      if (domainMismatch)
-      {
-        throw AuthenticationException(
-            "The challenge resource '" + scopeHost + "' does not match the requested domain.");
-      }
-    }
-
-    static std::string GetTenantId(std::string const& authorization)
-    {
-      using Core::Url;
-      using Core::Credentials::AuthenticationException;
-
-      if (!authorization.empty())
-      {
-        Url authorizationUrl;
-        if (TryParseUrl(authorization, authorizationUrl))
-        {
-          auto const& path = authorizationUrl.GetPath();
-          if (!path.empty())
-          {
-            auto const firstSlash = path.find('/');
-            if (firstSlash == std::string::npos)
-            {
-              return path;
-            }
-            else if (firstSlash > 0)
-            {
-              return path.substr(0, firstSlash);
-            }
-          }
-        }
-      }
-
-      throw AuthenticationException(
-          "The challenge authorization URI '" + authorization + "' is invalid.");
-    }
-  };
-}}}} // namespace Azure::Security::KeyVault::_internal
+#include <azure/keyvault/shared/keyvault_challenge_based_auth.hpp>
diff --git a/sdk/storage/azure-storage-blobs/src/blob_client.cpp b/sdk/storage/azure-storage-blobs/src/blob_client.cpp
index e24e23f3d..f3ec27ac5 100644
--- a/sdk/storage/azure-storage-blobs/src/blob_client.cpp
+++ b/sdk/storage/azure-storage-blobs/src/blob_client.cpp
@@ -16,7 +16,7 @@
 #include <azure/storage/common/internal/file_io.hpp>
 #include <azure/storage/common/internal/reliable_stream.hpp>
 #include <azure/storage/common/internal/shared_key_policy.hpp>
-#include <azure/storage/common/internal/storage_bearer_token_authentication_policy.hpp>
+#include <azure/storage/common/internal/storage_bearer_token_auth.hpp>
 #include <azure/storage/common/internal/storage_per_retry_policy.hpp>
 #include <azure/storage/common/internal/storage_service_version_policy.hpp>
 #include <azure/storage/common/internal/storage_switch_to_secondary_policy.hpp>
diff --git a/sdk/storage/azure-storage-blobs/src/blob_container_client.cpp b/sdk/storage/azure-storage-blobs/src/blob_container_client.cpp
index 2b2a27646..38a539c1a 100644
--- a/sdk/storage/azure-storage-blobs/src/blob_container_client.cpp
+++ b/sdk/storage/azure-storage-blobs/src/blob_container_client.cpp
@@ -13,7 +13,7 @@
 #include <azure/storage/common/crypt.hpp>
 #include <azure/storage/common/internal/constants.hpp>
 #include <azure/storage/common/internal/shared_key_policy.hpp>
-#include <azure/storage/common/internal/storage_bearer_token_authentication_policy.hpp>
+#include <azure/storage/common/internal/storage_bearer_token_auth.hpp>
 #include <azure/storage/common/internal/storage_per_retry_policy.hpp>
 #include <azure/storage/common/internal/storage_service_version_policy.hpp>
 #include <azure/storage/common/internal/storage_switch_to_secondary_policy.hpp>
diff --git a/sdk/storage/azure-storage-blobs/src/blob_service_client.cpp b/sdk/storage/azure-storage-blobs/src/blob_service_client.cpp
index 794a9a623..36b379963 100644
--- a/sdk/storage/azure-storage-blobs/src/blob_service_client.cpp
+++ b/sdk/storage/azure-storage-blobs/src/blob_service_client.cpp
@@ -10,7 +10,7 @@
 #include <azure/storage/common/crypt.hpp>
 #include <azure/storage/common/internal/constants.hpp>
 #include <azure/storage/common/internal/shared_key_policy.hpp>
-#include <azure/storage/common/internal/storage_bearer_token_authentication_policy.hpp>
+#include <azure/storage/common/internal/storage_bearer_token_auth.hpp>
 #include <azure/storage/common/internal/storage_per_retry_policy.hpp>
 #include <azure/storage/common/internal/storage_service_version_policy.hpp>
 #include <azure/storage/common/internal/storage_switch_to_secondary_policy.hpp>
diff --git a/sdk/storage/azure-storage-common/CMakeLists.txt b/sdk/storage/azure-storage-common/CMakeLists.txt
index 7011ca325..72be52c6e 100644
--- a/sdk/storage/azure-storage-common/CMakeLists.txt
+++ b/sdk/storage/azure-storage-common/CMakeLists.txt
@@ -52,6 +52,7 @@ set(
     inc/azure/storage/common/internal/file_io.hpp
     inc/azure/storage/common/internal/reliable_stream.hpp
     inc/azure/storage/common/internal/shared_key_policy.hpp
+    inc/azure/storage/common/internal/storage_bearer_token_auth.hpp
     inc/azure/storage/common/internal/storage_bearer_token_authentication_policy.hpp
     inc/azure/storage/common/internal/storage_per_retry_policy.hpp
     inc/azure/storage/common/internal/storage_service_version_policy.hpp
diff --git a/sdk/storage/azure-storage-common/inc/azure/storage/common/internal/storage_bearer_token_auth.hpp b/sdk/storage/azure-storage-common/inc/azure/storage/common/internal/storage_bearer_token_auth.hpp
new file mode 100644
index 000000000..ca3255752
--- /dev/null
+++ b/sdk/storage/azure-storage-common/inc/azure/storage/common/internal/storage_bearer_token_auth.hpp
@@ -0,0 +1,80 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+#pragma once
+
+#include <azure/core/http/policies/policy.hpp>
+
+#include <mutex>
+#include <shared_mutex>
+
+namespace Azure { namespace Storage { namespace _internal {
+
+  class StorageBearerTokenAuthenticationPolicy final
+      : public Core::Http::Policies::_internal::BearerTokenAuthenticationPolicy {
+  public:
+    /**
+     * @brief Construct a Storage Bearer Token challenge authentication policy.
+     *
+     * @param credential An #Azure::Core::TokenCredential to use with this policy.
+     * @param tokenRequestContext A context to get the token in.
+     * @param enableTenantDiscovery Enables tenant discovery through the authorization challenge.
+     */
+    explicit StorageBearerTokenAuthenticationPolicy(
+        std::shared_ptr<const Azure::Core::Credentials::TokenCredential> credential,
+        Azure::Core::Credentials::TokenRequestContext tokenRequestContext,
+        bool enableTenantDiscovery)
+        : BearerTokenAuthenticationPolicy(std::move(credential), tokenRequestContext),
+          m_scopes(tokenRequestContext.Scopes), m_safeTenantId(tokenRequestContext.TenantId),
+          m_enableTenantDiscovery(enableTenantDiscovery)
+    {
+    }
+
+    ~StorageBearerTokenAuthenticationPolicy() override {}
+
+    std::unique_ptr<HttpPolicy> Clone() const override
+    {
+      return std::unique_ptr<HttpPolicy>(new StorageBearerTokenAuthenticationPolicy(*this));
+    }
+
+  private:
+    struct SafeTenantId
+    {
+    public:
+      explicit SafeTenantId(std::string tenantId) : m_tenantId(std::move(tenantId)) {}
+
+      SafeTenantId(const SafeTenantId& other) : m_tenantId(other.Get()) {}
+
+      std::string Get() const
+      {
+        std::shared_lock<std::shared_timed_mutex> lock(m_tenantIdMutex);
+        return m_tenantId;
+      }
+
+      void Set(const std::string& tenantId)
+      {
+        std::unique_lock<std::shared_timed_mutex> lock(m_tenantIdMutex);
+        m_tenantId = tenantId;
+      }
+
+    private:
+      std::string m_tenantId;
+      mutable std::shared_timed_mutex m_tenantIdMutex;
+    };
+
+    std::vector<std::string> m_scopes;
+    mutable SafeTenantId m_safeTenantId;
+    bool m_enableTenantDiscovery;
+
+    std::unique_ptr<Azure::Core::Http::RawResponse> AuthorizeAndSendRequest(
+        Azure::Core::Http::Request& request,
+        Azure::Core::Http::Policies::NextHttpPolicy& nextPolicy,
+        Azure::Core::Context const& context) const override;
+
+    bool AuthorizeRequestOnChallenge(
+        std::string const& challenge,
+        Azure::Core::Http ::Request& request,
+        Azure::Core::Context const& context) const override;
+  };
+
+}}} // namespace Azure::Storage::_internal
diff --git a/sdk/storage/azure-storage-common/inc/azure/storage/common/internal/storage_bearer_token_authentication_policy.hpp b/sdk/storage/azure-storage-common/inc/azure/storage/common/internal/storage_bearer_token_authentication_policy.hpp
index ca3255752..447e47a1b 100644
--- a/sdk/storage/azure-storage-common/inc/azure/storage/common/internal/storage_bearer_token_authentication_policy.hpp
+++ b/sdk/storage/azure-storage-common/inc/azure/storage/common/internal/storage_bearer_token_authentication_policy.hpp
@@ -3,78 +3,8 @@
 
 #pragma once
 
-#include <azure/core/http/policies/policy.hpp>
+// This header file is left for compatibility purposes.
+// The name of this header is long, and may cause build error on Windows systems on some
+// installations, with long path and maximum path length of 260 characters.
 
-#include <mutex>
-#include <shared_mutex>
-
-namespace Azure { namespace Storage { namespace _internal {
-
-  class StorageBearerTokenAuthenticationPolicy final
-      : public Core::Http::Policies::_internal::BearerTokenAuthenticationPolicy {
-  public:
-    /**
-     * @brief Construct a Storage Bearer Token challenge authentication policy.
-     *
-     * @param credential An #Azure::Core::TokenCredential to use with this policy.
-     * @param tokenRequestContext A context to get the token in.
-     * @param enableTenantDiscovery Enables tenant discovery through the authorization challenge.
-     */
-    explicit StorageBearerTokenAuthenticationPolicy(
-        std::shared_ptr<const Azure::Core::Credentials::TokenCredential> credential,
-        Azure::Core::Credentials::TokenRequestContext tokenRequestContext,
-        bool enableTenantDiscovery)
-        : BearerTokenAuthenticationPolicy(std::move(credential), tokenRequestContext),
-          m_scopes(tokenRequestContext.Scopes), m_safeTenantId(tokenRequestContext.TenantId),
-          m_enableTenantDiscovery(enableTenantDiscovery)
-    {
-    }
-
-    ~StorageBearerTokenAuthenticationPolicy() override {}
-
-    std::unique_ptr<HttpPolicy> Clone() const override
-    {
-      return std::unique_ptr<HttpPolicy>(new StorageBearerTokenAuthenticationPolicy(*this));
-    }
-
-  private:
-    struct SafeTenantId
-    {
-    public:
-      explicit SafeTenantId(std::string tenantId) : m_tenantId(std::move(tenantId)) {}
-
-      SafeTenantId(const SafeTenantId& other) : m_tenantId(other.Get()) {}
-
-      std::string Get() const
-      {
-        std::shared_lock<std::shared_timed_mutex> lock(m_tenantIdMutex);
-        return m_tenantId;
-      }
-
-      void Set(const std::string& tenantId)
-      {
-        std::unique_lock<std::shared_timed_mutex> lock(m_tenantIdMutex);
-        m_tenantId = tenantId;
-      }
-
-    private:
-      std::string m_tenantId;
-      mutable std::shared_timed_mutex m_tenantIdMutex;
-    };
-
-    std::vector<std::string> m_scopes;
-    mutable SafeTenantId m_safeTenantId;
-    bool m_enableTenantDiscovery;
-
-    std::unique_ptr<Azure::Core::Http::RawResponse> AuthorizeAndSendRequest(
-        Azure::Core::Http::Request& request,
-        Azure::Core::Http::Policies::NextHttpPolicy& nextPolicy,
-        Azure::Core::Context const& context) const override;
-
-    bool AuthorizeRequestOnChallenge(
-        std::string const& challenge,
-        Azure::Core::Http ::Request& request,
-        Azure::Core::Context const& context) const override;
-  };
-
-}}} // namespace Azure::Storage::_internal
+#include <azure/storage/common/internal/storage_bearer_token_auth.hpp>
diff --git a/sdk/storage/azure-storage-common/src/storage_bearer_token_authentication_policy.cpp b/sdk/storage/azure-storage-common/src/storage_bearer_token_authentication_policy.cpp
index ba21b98bc..9f39fb1e7 100644
--- a/sdk/storage/azure-storage-common/src/storage_bearer_token_authentication_policy.cpp
+++ b/sdk/storage/azure-storage-common/src/storage_bearer_token_authentication_policy.cpp
@@ -1,9 +1,8 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-#include "azure/storage/common/internal/storage_bearer_token_authentication_policy.hpp"
-
 #include "azure/storage/common/internal/constants.hpp"
+#include "azure/storage/common/internal/storage_bearer_token_auth.hpp"
 
 #include <azure/core/internal/credentials/authorization_challenge_parser.hpp>
 
diff --git a/sdk/storage/azure-storage-files-datalake/src/datalake_file_system_client.cpp b/sdk/storage/azure-storage-files-datalake/src/datalake_file_system_client.cpp
index 999c2ffb5..1eb808872 100644
--- a/sdk/storage/azure-storage-files-datalake/src/datalake_file_system_client.cpp
+++ b/sdk/storage/azure-storage-files-datalake/src/datalake_file_system_client.cpp
@@ -14,7 +14,7 @@
 #include <azure/storage/common/crypt.hpp>
 #include <azure/storage/common/internal/constants.hpp>
 #include <azure/storage/common/internal/shared_key_policy.hpp>
-#include <azure/storage/common/internal/storage_bearer_token_authentication_policy.hpp>
+#include <azure/storage/common/internal/storage_bearer_token_auth.hpp>
 #include <azure/storage/common/internal/storage_per_retry_policy.hpp>
 #include <azure/storage/common/internal/storage_service_version_policy.hpp>
 #include <azure/storage/common/internal/storage_switch_to_secondary_policy.hpp>
diff --git a/sdk/storage/azure-storage-files-datalake/src/datalake_path_client.cpp b/sdk/storage/azure-storage-files-datalake/src/datalake_path_client.cpp
index b2d5b6c8b..0f2b39c36 100644
--- a/sdk/storage/azure-storage-files-datalake/src/datalake_path_client.cpp
+++ b/sdk/storage/azure-storage-files-datalake/src/datalake_path_client.cpp
@@ -11,7 +11,7 @@
 #include <azure/storage/common/crypt.hpp>
 #include <azure/storage/common/internal/constants.hpp>
 #include <azure/storage/common/internal/shared_key_policy.hpp>
-#include <azure/storage/common/internal/storage_bearer_token_authentication_policy.hpp>
+#include <azure/storage/common/internal/storage_bearer_token_auth.hpp>
 #include <azure/storage/common/internal/storage_per_retry_policy.hpp>
 #include <azure/storage/common/internal/storage_service_version_policy.hpp>
 #include <azure/storage/common/internal/storage_switch_to_secondary_policy.hpp>
diff --git a/sdk/storage/azure-storage-files-datalake/src/datalake_service_client.cpp b/sdk/storage/azure-storage-files-datalake/src/datalake_service_client.cpp
index 6e9d7ce2d..d58ab2ab3 100644
--- a/sdk/storage/azure-storage-files-datalake/src/datalake_service_client.cpp
+++ b/sdk/storage/azure-storage-files-datalake/src/datalake_service_client.cpp
@@ -11,7 +11,7 @@
 #include <azure/storage/common/crypt.hpp>
 #include <azure/storage/common/internal/constants.hpp>
 #include <azure/storage/common/internal/shared_key_policy.hpp>
-#include <azure/storage/common/internal/storage_bearer_token_authentication_policy.hpp>
+#include <azure/storage/common/internal/storage_bearer_token_auth.hpp>
 #include <azure/storage/common/internal/storage_per_retry_policy.hpp>
 #include <azure/storage/common/internal/storage_service_version_policy.hpp>
 #include <azure/storage/common/internal/storage_switch_to_secondary_policy.hpp>
diff --git a/sdk/storage/azure-storage-queues/src/queue_client.cpp b/sdk/storage/azure-storage-queues/src/queue_client.cpp
index cd2d9e20f..3b351c97a 100644
--- a/sdk/storage/azure-storage-queues/src/queue_client.cpp
+++ b/sdk/storage/azure-storage-queues/src/queue_client.cpp
@@ -8,7 +8,7 @@
 #include <azure/core/http/policies/policy.hpp>
 #include <azure/storage/common/crypt.hpp>
 #include <azure/storage/common/internal/shared_key_policy.hpp>
-#include <azure/storage/common/internal/storage_bearer_token_authentication_policy.hpp>
+#include <azure/storage/common/internal/storage_bearer_token_auth.hpp>
 #include <azure/storage/common/internal/storage_per_retry_policy.hpp>
 #include <azure/storage/common/internal/storage_service_version_policy.hpp>
 #include <azure/storage/common/internal/storage_switch_to_secondary_policy.hpp>
diff --git a/sdk/storage/azure-storage-queues/src/queue_service_client.cpp b/sdk/storage/azure-storage-queues/src/queue_service_client.cpp
index 2cdbba9a6..ffe9d5888 100644
--- a/sdk/storage/azure-storage-queues/src/queue_service_client.cpp
+++ b/sdk/storage/azure-storage-queues/src/queue_service_client.cpp
@@ -8,7 +8,7 @@
 #include <azure/core/http/policies/policy.hpp>
 #include <azure/storage/common/crypt.hpp>
 #include <azure/storage/common/internal/shared_key_policy.hpp>
-#include <azure/storage/common/internal/storage_bearer_token_authentication_policy.hpp>
+#include <azure/storage/common/internal/storage_bearer_token_auth.hpp>
 #include <azure/storage/common/internal/storage_per_retry_policy.hpp>
 #include <azure/storage/common/internal/storage_service_version_policy.hpp>
 #include <azure/storage/common/internal/storage_switch_to_secondary_policy.hpp>