ACL's for AzureFiles
I've started experimenting with Azure Files. One of the features I'm lacking is the fact that you cannot give access to Folders/Files on AzureFiles based on Active Directory credentials. If you setup a typical fileshare one would like to be able to grant/revoke access to folders and files based on information of users in AD.
We have shipped a public preview of integration with AAD DS: https://azure.microsoft.com/blog/azure-active-directory-integration-for-smb-access-now-in-public-preview/
What we have in preview is a first step along a much larger roadmap for integration with AAD/AD for authentication and authorization. As the blog post says, this initial preview is really about Windows cloud VM access to the Azure file share with an AAD identity. Future refreshes to this feature will add non-Windows (Linux, macOS, etc) support, and the ability to mount the Azure file shares on-premises with your AAD identity. You can learn more about this in our Ignite session as well (at around 22:00): https://www.youtube.com/watch?v=GMzh2M66E9o
We’ll keep you updated on our progress. In the meantime, don’t hesitate to continue posting feedback on this feature below.
Program Manager, Azure Files
763 votes and this has been open for approx 3.5 years.
Can we have a "real" update on this ? i.e. 3.5 year delay seems like its not going to happen and the current status of "planned" is not correct.
This would be awesome! Azure files shouldn't have left preview without it.
tim D commented
I would highly recommend that Microsoft raise the priority of this functionality. This is very much preventing us from furthering our research into using Azure active directory. Without proper and adult access controls on file shares, this is not even a remotely viable option. Meaning migrating from premise active directory to AAD is a non-starter until we begin to see proper security controls, patch management and access controls on files.
This is something our organization needs. I hope is a feature that gets added soon!
James D commented
Waiting for this
James D commented
Waiting for this!
Azure Storage becomes useless without AD integration. AWS can do it, why can't you Microsoft, why can't you?!?!?
Rikard Strand commented
Hope this can get attention.
I want to use file storage as on-pre file server.
Please give file storage much more flexible access control.
Branislav Susa commented
Thumbs up for this feature. We have now run into a snag as we cannot authenticate via AAD creds. Please push this to the top of the queue.
Dennis Eichler commented
I don't think it would be in Microsoft best interest to give people access to azure files with added ACLs, because then Microsoft wouldn't be able to 'rent' you VM with windows server software ,so that you can reproduce your data center in the cloud.
I see this as highly unlikely. Maybe google or amazon will do it, because those companies simply can reduce the cost for companies.
Fredrik Liljemark commented
Please get it done =)
Andrew Jackman commented
I would like to see this ASAP. without it, Azure is useless for us.
please please do.
^ This. Please do it. With 'previous versions' as a cherry on top. It's pretty much useless without it.
This is an important feature that is still needed. It's been at least a year. Can you give an update on any progress or where this is on priority? The status there is still "Planned" and not working on it, so it seems like other items are crowding it out. Any guidance?
need this feature asap
I know that connections to Azure AD for Azure File Storage is in the works but while that is happening, I would love the ability to choose (individually) what domain users can see certain shares.
We are looking for the same as everyone else. Would love to use Azure File Share/SMB but we can't have our data sitting out on the internet where anyone with the correct key can access/download it and where we need to distribute said key to anyone who needs to interact with these files (disgruntled employees ripping off data anyone?). Either we need access restricted by ACLs and AD users or be able to restrict access to only our vnet.