ACL's for AzureFiles
I've started experimenting with Azure Files. One of the features I'm lacking is the fact that you cannot give access to Folders/Files on AzureFiles based on Active Directory credentials. If you setup a typical fileshare one would like to be able to grant/revoke access to folders and files based on information of users in AD.
We announced earlier today the public preview of Active Directory authentication and authorization support for Azure Files. With this feature, just like a traditional on-premises file server, you can domain join your storage account to your regular Active Directory domain and set file/folder ACLs on your file shares just like you expect! This preview release makes it seamless for Azure Files to work with existing Active Directory with no change in the client environment.
To learn more, please see our blog post here: https://azure.microsoft.com/blog/preview-of-active-directory-for-authentication-on-azure-file
Our public preview for Azure Files and AD DS is distinct from our existing support for Azure AD DS, which we will continue to support as generally available feature.
Please don’t hesitate to reach out to us if you have further questions about how to setup and deploy this feature or about other features. You can reach us at AzureFiles@microsoft.com.
Senior Program Manager, Azure Files
Jim C commented
Is there any chance we can get a revised estimate on when AD integration will be available for Azure Files? We have several clients that need the facility offered by this service, but without the ability to access based on user identity, we cannot move towards deployment. Any status you can offer would be greatly appreciated.
Tomasz Foltman commented
It would be great to have update or at least estimate when this will be implemented... someone below has 150 TB to move, I have only 10 TB but still AD ACL access (and better File Sync) are key requirements for wider adoption... it is 2018 ;)
Is there an update available? First half of 2018 is almost over.
Like all of you, I'm waiting, hoping for this yesterday! However, I was able to connect to an Azure VM share. While this does not have the simplification of setting up Azure Files, It enables security using IDs on Azure AD.
1) Enable Azure AD Domain Services
2) Create a VM, adding it to the domain.
3) Connected to share using \\ServerName\ShareName, from the workstation file explorer.
Is there an update on this item? Since the first half of the year is nearly over, can we expect to see a preview coming soon? Thank you.
This will be a great feature once AD integration and ACLs are added. Until then... it's basically useless.
We don't even have a real console yet to Azure VM's. Why should we expect AD integration in AzureFiles anytime soon.
Yeah this comment is meant to slice open a wound and pour acid in it. Doesn't MS have Billions of dollars to implement this ****?
this is stopping me too, 150TB of file data sat wanting to be moved. problem is due to SAN renewals we may move away from trying to do this
I agree, also security logs for this should be able to sent over to Azure Log Analytics. This prevents organizations that have strict security requirements from using Azure Files. Many organizations have a security requirement to maintain access logs to all files to have an audit trail of what user accounts are accessing what data.
Chris Polewiak commented
Please add Azure AD authentication to SMB shares from Azure Files.
We were expecting something beginning of May with the release of AZ FilesSync, when are we going to see some action?
David Wright commented
Any further update on the timeline for this please? Azure files is looking like the solution for our need but access control using AAD accounts is needed to make this a solution.
When is the release date. Customer is not accepting without this feature.
Adrian Edgar commented
Any more information on a date for release yet? Without this feature several of my customers won't go near Azure file shares. Wasted revenue opportunities.
Still waiting for this core feature for Azure file hosting - a key part of any security strategy.
"Azure File Sync is an effective stop-gap option until full support for Active Directory-based authentication and ACL support arrives."
+1 Waiting for this.
Need to support Azure B2C AD. (and OAuth in general)
(This could be solved by Active Directory Integration)
Right now, the user name for connecting to the file share is always the storage account name. If multiple users connect, they have to share an account. This makes auditing virtually impossible.
Peter Thomas commented
This should be a core feature of Azure File Share.