Active Directory for authentication on SMB access to Azure File in preview
Published date: March 04, 2020
Azure Files Active Directory authentication is now in preview. Mount your Azure Files using AD credentials with the exact same access control experience as on-premises. Take advantage of an AD domain service either hosted on-premises or on Azure to authenticate user access to Azure Files for both premium and standard tiers. Managing file permissions is also simple. As long as your AD identities are synced to the Azure AD, you can continue to manage the share level permission through standard role-based access control (RBAC). For directory-level and file-level permission, simply configure NTFS DACLs using Windows File Explorer just like any regular file share. You may have already synced Azure Files Active Directory to Azure AD and are ready to take advantage of this new capability.
With AD authentication, Azure Files can better serve as the storage solution for virtual desktop infrastructure (VDI) user profiles. Use Azure Files as the user profile storage, and when a user logs into the virtual session, only the profile of the authenticated user will be loaded from Azure Files. There’s no need to set up a separate domain service to manage storage access control for your VDI environment.
Learn more about using Azure Files for WVD scenarios.
- Enable Active Directory authentication for SMB access.
Mount Azure Files from AD domain-joined machines either on-premises or on Azure using AD credentials. Azure Files supports using AD as the directory service for identity-based access control experience for both premium and standard tiers. Enable AD authentication on self-managed or Azure File Sync (AFS)-managed file shares.
- Enforce share-level as well as directory-level and file-level permission.
The existing access control experience continues to be enforced for file shares enabled for AD authentication. Use role-based access control (RBAC) for share-level permission management, then persist or configure directory-level and file-level NTFS DACLs using Windows File Explorer and icacls tools.
- Support file migration from on-premises with access control list (ACL) persistence over Azure File Sync.
Azure File Sync now supports persisting ACLs on Azure Files in native NTFS DACL format. Use Azure File Sync for seamless migration from on-premises Windows file servers to Azure Files. All existing files and directories tiered to Azure Files through Azure File Sync have ACLs persisted in the native format.
Get started and share your experiences
Create a file share in the supported regions and enable authentication with your AD environment running on-premises or on Azure. Read the detailed guidance on the feature capabilities and step-by-step enablement.