How can we improve Azure Storage?

ACL's for AzureFiles

I've started experimenting with Azure Files. One of the features I'm lacking is the fact that you cannot give access to Folders/Files on AzureFiles based on Active Directory credentials. If you setup a typical fileshare one would like to be able to grant/revoke access to folders and files based on information of users in AD.

2,922 votes
Vote
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
You have left! (?) (thinking…)
Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

Hi folks,

We have shipped a public preview of integration with AAD DS: https://azure.microsoft.com/blog/azure-active-directory-integration-for-smb-access-now-in-public-preview/

What we have in preview is a first step along a much larger roadmap for integration with AAD/AD for authentication and authorization. As the blog post says, this initial preview is really about Windows cloud VM access to the Azure file share with an AAD identity. Future refreshes to this feature will add non-Windows (Linux, macOS, etc) support, and the ability to mount the Azure file shares on-premises with your AAD identity. You can learn more about this in our Ignite session as well (at around 22:00): https://www.youtube.com/watch?v=GMzh2M66E9o

We’ll keep you updated on our progress. In the meantime, don’t hesitate to continue posting feedback on this feature below.

Thanks,

Will Gries
Program Manager, Azure Files

121 comments

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...
  • Mark Whisler commented  ·   ·  Flag as inappropriate

    Something is amiss. 404s on all the preview documentation and the announcement is mysteriously missing from my previous link. Perhaps some issues arose and it got delayed.

  • Edward Cho commented  ·   ·  Flag as inappropriate

    Thanks Mark. I tried looking for the public preview but don't see it (yet). Anyone get to try this out yet?

  • Mike Driest commented  ·   ·  Flag as inappropriate

    Is there any update on this? We have a use case for clients with Azure Active Directory Domain Services + RDmi + Azure File Storage and would prefer to set user/group ACLs on directories in shares within Azure Files instead of building a file server VM.

  • Marc commented  ·   ·  Flag as inappropriate

    nothing of consequence will be announced before Ignite next month. fingers crossed for Kerb auth based access to blob storage via SFTP!!!

  • Christian Bruyere commented  ·   ·  Flag as inappropriate

    I'm working as a consultant for SMBs and I can tell you we are waiting for this features for more than 2 years... Microsoft Teams is a nice work around but it isn't for every company.

    Please provide us some feedback on this!

  • Anonymous commented  ·   ·  Flag as inappropriate

    I've also started experimenting with Azure Files for Unix World. But we are lacking the basic feature of setting up the umask and assigning permissions/ownership to users/groups and WE CAN NOT. ANY ETA ?

  • Creative Anonymous commented  ·   ·  Flag as inappropriate

    If you have a hybrid solution, you can store a VHDX on the Azure Files store, map to the onsite server and utilize AD ACLs. As long as the server can reach port 445 it should work.

  • Anonymous commented  ·   ·  Flag as inappropriate

    2000+ votes, can you guys at least keep us in the loop? Please, ANY update would be helpful.

  • Jim Bricker commented  ·   ·  Flag as inappropriate

    The marketing should have a giant asterisk saying it doesn't include Azure AD security per file like on prem file servers/AD.

  • Tom Lambert commented  ·   ·  Flag as inappropriate

    Hi guys,
    I've been waiting for this release and chasing with our contacts at Microsoft for the last 2 years.
    We have multiple file migration projects for SMB/SME customers to implement, and AFS with Azure AD ACLs has always been the "dream scenario" rather than file servers / NAS in the cloud.
    Can we all get an update on this please - as the 1st half of 2018 is over.
    Thanks
    Tom

  • Jim C commented  ·   ·  Flag as inappropriate

    Is there any chance we can get a revised estimate on when AD integration will be available for Azure Files? We have several clients that need the facility offered by this service, but without the ability to access based on user identity, we cannot move towards deployment. Any status you can offer would be greatly appreciated.

  • Tomasz Foltman commented  ·   ·  Flag as inappropriate

    It would be great to have update or at least estimate when this will be implemented... someone below has 150 TB to move, I have only 10 TB but still AD ACL access (and better File Sync) are key requirements for wider adoption... it is 2018 ;)

  • pbeiler commented  ·   ·  Flag as inappropriate

    Like all of you, I'm waiting, hoping for this yesterday! However, I was able to connect to an Azure VM share. While this does not have the simplification of setting up Azure Files, It enables security using IDs on Azure AD.
    1) Enable Azure AD Domain Services
    2) Create a VM, adding it to the domain.
    3) Connected to share using \\ServerName\ShareName, from the workstation file explorer.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Is there an update on this item? Since the first half of the year is nearly over, can we expect to see a preview coming soon? Thank you.

  • Timothy commented  ·   ·  Flag as inappropriate

    This will be a great feature once AD integration and ACLs are added. Until then... it's basically useless.

  • Blah commented  ·   ·  Flag as inappropriate

    We don't even have a real console yet to Azure VM's. Why should we expect AD integration in AzureFiles anytime soon.

    Yeah this comment is meant to slice open a wound and pour acid in it. Doesn't MS have Billions of dollars to implement this ****?

Feedback and Knowledge Base