How can we improve Azure Storage?

ACL's for AzureFiles

I've started experimenting with Azure Files. One of the features I'm lacking is the fact that you cannot give access to Folders/Files on AzureFiles based on Active Directory credentials. If you setup a typical fileshare one would like to be able to grant/revoke access to folders and files based on information of users in AD.

2,922 votes
Vote
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
You have left! (?) (thinking…)
Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

Hi folks,

We have shipped a public preview of integration with AAD DS: https://azure.microsoft.com/blog/azure-active-directory-integration-for-smb-access-now-in-public-preview/

What we have in preview is a first step along a much larger roadmap for integration with AAD/AD for authentication and authorization. As the blog post says, this initial preview is really about Windows cloud VM access to the Azure file share with an AAD identity. Future refreshes to this feature will add non-Windows (Linux, macOS, etc) support, and the ability to mount the Azure file shares on-premises with your AAD identity. You can learn more about this in our Ignite session as well (at around 22:00): https://www.youtube.com/watch?v=GMzh2M66E9o

We’ll keep you updated on our progress. In the meantime, don’t hesitate to continue posting feedback on this feature below.

Thanks,

Will Gries
Program Manager, Azure Files

121 comments

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...
  • MikeN commented  ·   ·  Flag as inappropriate

    Is there any rough estimate for a roadmap goal of when you'll be able to mount a drive from user endpoints running Windows and MacOS that are not Virtual Machines running in Azure? This is a requirement to seriously consider using Azure Files to replace on-premises SMB/CIFS shares.

  • Simon Harris commented  ·   ·  Flag as inappropriate

    Any update to this as the comments stretch back a number of months now and into last year?

  • Oleg commented  ·   ·  Flag as inappropriate

    waiting for a solution to mount Azure file shares ON-PREMISES with our AAD identity. This is a key feature that's preventing us from migrating more workloads to Azure. An update would be appreciated.

  • Chad commented  ·   ·  Flag as inappropriate

    Any plan to integrate manage service identity (MSI / User Assigned Managed Identities) support into this feature to control access via a cloud managed identity?

  • Anonymous commented  ·   ·  Flag as inappropriate

    Why are there no details on the product roadmap for this thing?

    We already have a functional AAD synching with on-prem AD. Why should we have to set up AADDS on top of that? Is there any plan to leverage AAD without the other overhead?

  • Bryan Brinegar commented  ·   ·  Flag as inappropriate

    We've been waiting for a solution to mount Azure file shares on-premises with our AAD identity. This is a key feature that's preventing us from migrating more workloads to Azure. An update would be appreciated.

  • Wim Didden commented  ·   ·  Flag as inappropriate

    Hi,

    I am also very interested in a solution to mount the Azure file shares on-premises with your AAD identity.

    At the moment, the only way to use SMB shares is to create a mapping with a Storage account name and key. This solution isn't very fit for an enterprise.

    I asked around on an Ignite The Tour event but still no information about this feature.
    Is there anything you can share on this matter?

  • Luke commented  ·   ·  Flag as inappropriate

    Hi

    Still intereste in this. Most recent user-update seems to be around Nov time.
    I think this should be a priroty for MS as it would allow easy movement of current SMB-based solution for LOB apps and user file repository on-premise into the cloud. Right?

    (user Nam said: contacted to Microsoft Azure Files Team yesterday, and got some the details about the Private Preview of Azure Files that support integration with Azure AD DS. Unfortunately, the preview version needs Azure VM to provide AADS ACL, the external share still uses Storage account name and key for accessing, and does not fit our needs currently.)

  • Anonymous commented  ·   ·  Flag as inappropriate

    Hi,

    I wanted to hop into this conversation to get an update if this feature is ready or if it's still in development

    Quote :

    One of the features I'm lacking is the fact that you cannot give access to Folders/Files on AzureFiles based on Active Directory credentials

  • Travis commented  ·   ·  Flag as inappropriate

    Has anyone gotten this preview feature to work? We've been testing it out and are able to access the share with the storage account, but when we attempt to add an other credential (via Azure CLI with the custom role followed by ICACLS within Windows) we see the credential being added at the root level of the share yet the user is still unable to access.

  • Liam O'Brien commented  ·   ·  Flag as inappropriate

    I am a Microsoft partner, how an I access to the team for Azure Files ACL Private preview so that I can test the features?

  • Edward Cho commented  ·   ·  Flag as inappropriate

    Maybe we can get clarification from someone on the Azure Files team on here?

  • Anonymous commented  ·   ·  Flag as inappropriate

    Is this feature already exist or is there another way to give access for Files to specified people?

  • Nam commented  ·   ·  Flag as inappropriate

    I contacted to Microsoft Azure Files Team yesterday, and got some the details about the Private Preview of Azure Files that support integration with Azure AD DS. Unfortunately, the preview version needs Azure VM to provide AADS ACL, the external share still uses Storage account name and key for accessing, and does not fit our needs currently.

← Previous 1 3 4 5 6 7

Feedback and Knowledge Base