ACL's for AzureFiles
I've started experimenting with Azure Files. One of the features I'm lacking is the fact that you cannot give access to Folders/Files on AzureFiles based on Active Directory credentials. If you setup a typical fileshare one would like to be able to grant/revoke access to folders and files based on information of users in AD.
We recently announce the General Availability of Azure Active Directory Domain Services (Azure AD DS) authentication for Azure Files! By enabling integration with Azure AD DS, you can mount your Azure file share over SMB using Azure AD credentials from Azure AD DS domain joined Windows VMs with NTFS ACLs enforced. For more details, please refer to our blog post:http://aka.ms/azure-file-aadds-authentication-ga-blog.
A part of the GA announcement, we shared the upcoming plan to extend the authentication support to Active Directory (AD) either hosted on-premises or in cloud. If you need an Azure Files solution with AD authentication today, you can consider installing Azure File Sync (AFS) on your Windows File Servers where AD integration is fully supported.
If you are interested to hear future updates on Azure Files Active Directory Authentication, please complete this sign-up survey:https://aka.ms/AzureFilesADAuthPreviewSurvey.
Azure Files Team
Liam O'Brien commented
I am a Microsoft partner, how an I access to the team for Azure Files ACL Private preview so that I can test the features?
Edward Cho commented
Maybe we can get clarification from someone on the Azure Files team on here?
Is this feature already exist or is there another way to give access for Files to specified people?
I contacted to Microsoft Azure Files Team yesterday, and got some the details about the Private Preview of Azure Files that support integration with Azure AD DS. Unfortunately, the preview version needs Azure VM to provide AADS ACL, the external share still uses Storage account name and key for accessing, and does not fit our needs currently.
Mark Whisler commented
Something is amiss. 404s on all the preview documentation and the announcement is mysteriously missing from my previous link. Perhaps some issues arose and it got delayed.
Edward Cho commented
Thanks Mark. I tried looking for the public preview but don't see it (yet). Anyone get to try this out yet?
Mark Whisler commented
There appears to be an update on this here. https://blogs.technet.microsoft.com/stbnewsbytes/2018/09/06/cloud-platform-release-announcements-for-september-5th-2018/
Mike Driest commented
Is there any update on this? We have a use case for clients with Azure Active Directory Domain Services + RDmi + Azure File Storage and would prefer to set user/group ACLs on directories in shares within Azure Files instead of building a file server VM.
nothing of consequence will be announced before Ignite next month. fingers crossed for Kerb auth based access to blob storage via SFTP!!!
Bryan Brinegar commented
Christian Bruyere commented
I'm working as a consultant for SMBs and I can tell you we are waiting for this features for more than 2 years... Microsoft Teams is a nice work around but it isn't for every company.
Please provide us some feedback on this!
I've also started experimenting with Azure Files for Unix World. But we are lacking the basic feature of setting up the umask and assigning permissions/ownership to users/groups and WE CAN NOT. ANY ETA ?
Creative Anonymous commented
If you have a hybrid solution, you can store a VHDX on the Azure Files store, map to the onsite server and utilize AD ACLs. As long as the server can reach port 445 it should work.
2000+ votes, can you guys at least keep us in the loop? Please, ANY update would be helpful.
Jim Bricker commented
The marketing should have a giant asterisk saying it doesn't include Azure AD security per file like on prem file servers/AD.
Tom Lambert commented
I've been waiting for this release and chasing with our contacts at Microsoft for the last 2 years.
We have multiple file migration projects for SMB/SME customers to implement, and AFS with Azure AD ACLs has always been the "dream scenario" rather than file servers / NAS in the cloud.
Can we all get an update on this please - as the 1st half of 2018 is over.
any updates on this?
Jim C commented
Is there any chance we can get a revised estimate on when AD integration will be available for Azure Files? We have several clients that need the facility offered by this service, but without the ability to access based on user identity, we cannot move towards deployment. Any status you can offer would be greatly appreciated.
Tomasz Foltman commented
It would be great to have update or at least estimate when this will be implemented... someone below has 150 TB to move, I have only 10 TB but still AD ACL access (and better File Sync) are key requirements for wider adoption... it is 2018 ;)
Is there an update available? First half of 2018 is almost over.