How can we improve Azure Storage?

← Storage

ACL's for AzureFiles

I've started experimenting with Azure Files. One of the features I'm lacking is the fact that you cannot give access to Folders/Files on AzureFiles based on Active Directory credentials. If you setup a typical fileshare one would like to be able to grant/revoke access to folders and files based on information of users in AD.

2,648 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  AdminMicrosoft Azure Storage Team (Admin, Microsoft Azure) responded  · 

    Hi folks,

    We have shipped a public preview of integration with AAD DS: https://azure.microsoft.com/blog/azure-active-directory-integration-for-smb-access-now-in-public-preview/

    What we have in preview is a first step along a much larger roadmap for integration with AAD/AD for authentication and authorization. As the blog post says, this initial preview is really about Windows cloud VM access to the Azure file share with an AAD identity. Future refreshes to this feature will add non-Windows (Linux, macOS, etc) support, and the ability to mount the Azure file shares on-premises with your AAD identity. You can learn more about this in our Ignite session as well (at around 22:00): https://www.youtube.com/watch?v=GMzh2M66E9o

    We’ll keep you updated on our progress. In the meantime, don’t hesitate to continue posting feedback on this feature below.

    Thanks,

    Will Gries
    Program Manager, Azure Files

    Show previous admin responses (2)

    110 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Forgot password?
      Create a password
      Signed in as (Sign out)
      Close
      Close
      Submitting...
      • Anonymous commented  ·   ·  Flag as inappropriate

        Hi,

        I wanted to hop into this conversation to get an update if this feature is ready or if it's still in development

        Quote :

        One of the features I'm lacking is the fact that you cannot give access to Folders/Files on AzureFiles based on Active Directory credentials

      • Travis commented  ·   ·  Flag as inappropriate

        Has anyone gotten this preview feature to work? We've been testing it out and are able to access the share with the storage account, but when we attempt to add an other credential (via Azure CLI with the custom role followed by ICACLS within Windows) we see the credential being added at the root level of the share yet the user is still unable to access.

      • Liam O'Brien commented  ·   ·  Flag as inappropriate

        I am a Microsoft partner, how an I access to the team for Azure Files ACL Private preview so that I can test the features?

      • Anonymous commented  ·   ·  Flag as inappropriate

        Is this feature already exist or is there another way to give access for Files to specified people?

      • Nam commented  ·   ·  Flag as inappropriate

        I contacted to Microsoft Azure Files Team yesterday, and got some the details about the Private Preview of Azure Files that support integration with Azure AD DS. Unfortunately, the preview version needs Azure VM to provide AADS ACL, the external share still uses Storage account name and key for accessing, and does not fit our needs currently.

      • Mark Whisler commented  ·   ·  Flag as inappropriate

        Something is amiss. 404s on all the preview documentation and the announcement is mysteriously missing from my previous link. Perhaps some issues arose and it got delayed.

      • Edward Cho commented  ·   ·  Flag as inappropriate

        Thanks Mark. I tried looking for the public preview but don't see it (yet). Anyone get to try this out yet?

      • Mike Driest commented  ·   ·  Flag as inappropriate

        Is there any update on this? We have a use case for clients with Azure Active Directory Domain Services + RDmi + Azure File Storage and would prefer to set user/group ACLs on directories in shares within Azure Files instead of building a file server VM.

      • Marc commented  ·   ·  Flag as inappropriate

        nothing of consequence will be announced before Ignite next month. fingers crossed for Kerb auth based access to blob storage via SFTP!!!

      • Christian Bruyere commented  ·   ·  Flag as inappropriate

        I'm working as a consultant for SMBs and I can tell you we are waiting for this features for more than 2 years... Microsoft Teams is a nice work around but it isn't for every company.

        Please provide us some feedback on this!

      • Anonymous commented  ·   ·  Flag as inappropriate

        I've also started experimenting with Azure Files for Unix World. But we are lacking the basic feature of setting up the umask and assigning permissions/ownership to users/groups and WE CAN NOT. ANY ETA ?

      • Creative Anonymous commented  ·   ·  Flag as inappropriate

        If you have a hybrid solution, you can store a VHDX on the Azure Files store, map to the onsite server and utilize AD ACLs. As long as the server can reach port 445 it should work.

      • Anonymous commented  ·   ·  Flag as inappropriate

        2000+ votes, can you guys at least keep us in the loop? Please, ANY update would be helpful.

      • Jim Bricker commented  ·   ·  Flag as inappropriate

        The marketing should have a giant asterisk saying it doesn't include Azure AD security per file like on prem file servers/AD.

      ← Previous 1 3 4 5 6

      Storage: Files

      Feedback and Knowledge Base

      (thinking…)
      Hosted by UserVoice