How can we improve Azure Storage?

ACL's for AzureFiles

I've started experimenting with Azure Files. One of the features I'm lacking is the fact that you cannot give access to Folders/Files on AzureFiles based on Active Directory credentials. If you setup a typical fileshare one would like to be able to grant/revoke access to folders and files based on information of users in AD.

2,648 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  AdminMicrosoft Azure Storage Team (Admin, Microsoft Azure) responded  · 

    Hi folks,

    We have shipped a public preview of integration with AAD DS: https://azure.microsoft.com/blog/azure-active-directory-integration-for-smb-access-now-in-public-preview/

    What we have in preview is a first step along a much larger roadmap for integration with AAD/AD for authentication and authorization. As the blog post says, this initial preview is really about Windows cloud VM access to the Azure file share with an AAD identity. Future refreshes to this feature will add non-Windows (Linux, macOS, etc) support, and the ability to mount the Azure file shares on-premises with your AAD identity. You can learn more about this in our Ignite session as well (at around 22:00): https://www.youtube.com/watch?v=GMzh2M66E9o

    We’ll keep you updated on our progress. In the meantime, don’t hesitate to continue posting feedback on this feature below.

    Thanks,

    Will Gries
    Program Manager, Azure Files

    110 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Anonymous commented  ·   ·  Flag as inappropriate

        Right now, the user name for connecting to the file share is always the storage account name. If multiple users connect, they have to share an account. This makes auditing virtually impossible.

      • Gary Bond commented  ·   ·  Flag as inappropriate

        Any update on when this might become available?
        Last update from MS is June 25 2015 it's on the backlog.

      • Jonathan PREVOT commented  ·   ·  Flag as inappropriate

        Now Azure Active Directory is perfectly launch can we hope this feature will be really planned? It's a very important and interesting for most of our customers.

      • Ravi Patil commented  ·   ·  Flag as inappropriate

        We have so many customers looking for storage with user access policies. Following features required. File versioning, file modifying/deletion logs (Ex: which user modified files).

      • Scott M commented  ·   ·  Flag as inappropriate

        Yep.. Move it up! AD integration should have been on the top of the list. If I cannot assign permissions to files and directories in a file storage resource using AD credentials. The resource is useless.

      • Ben commented  ·   ·  Flag as inappropriate

        763 votes and this has been open for approx 3.5 years.

        Can we have a "real" update on this ? i.e. 3.5 year delay seems like its not going to happen and the current status of "planned" is not correct.

      • tim D commented  ·   ·  Flag as inappropriate

        I would highly recommend that Microsoft raise the priority of this functionality. This is very much preventing us from furthering our research into using Azure active directory. Without proper and adult access controls on file shares, this is not even a remotely viable option. Meaning migrating from premise active directory to AAD is a non-starter until we begin to see proper security controls, patch management and access controls on files.

      • Adrien commented  ·   ·  Flag as inappropriate

        This is something our organization needs. I hope is a feature that gets added soon!

      • JG-03 commented  ·   ·  Flag as inappropriate

        Azure Storage becomes useless without AD integration. AWS can do it, why can't you Microsoft, why can't you?!?!?

      • Anonymous commented  ·   ·  Flag as inappropriate

        I want to use file storage as on-pre file server.
        Please give file storage much more flexible access control.

      • Branislav Susa commented  ·   ·  Flag as inappropriate

        Thumbs up for this feature. We have now run into a snag as we cannot authenticate via AAD creds. Please push this to the top of the queue.

      • JS commented  ·   ·  Flag as inappropriate

        I don't think it would be in Microsoft best interest to give people access to azure files with added ACLs, because then Microsoft wouldn't be able to 'rent' you VM with windows server software ,so that you can reproduce your data center in the cloud.

        I see this as highly unlikely. Maybe google or amazon will do it, because those companies simply can reduce the cost for companies.

      Feedback and Knowledge Base