How can we improve Azure Storage?

ACL's for AzureFiles

I've started experimenting with Azure Files. One of the features I'm lacking is the fact that you cannot give access to Folders/Files on AzureFiles based on Active Directory credentials. If you setup a typical fileshare one would like to be able to grant/revoke access to folders and files based on information of users in AD.

2,947 votes
Vote
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
You have left! (?) (thinking…)
Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

Hi folks,

We have shipped a public preview of integration with AAD DS: https://azure.microsoft.com/blog/azure-active-directory-integration-for-smb-access-now-in-public-preview/

What we have in preview is a first step along a much larger roadmap for integration with AAD/AD for authentication and authorization. As the blog post says, this initial preview is really about Windows cloud VM access to the Azure file share with an AAD identity. Future refreshes to this feature will add non-Windows (Linux, macOS, etc) support, and the ability to mount the Azure file shares on-premises with your AAD identity. You can learn more about this in our Ignite session as well (at around 22:00): https://www.youtube.com/watch?v=GMzh2M66E9o

We’ll keep you updated on our progress. In the meantime, don’t hesitate to continue posting feedback on this feature below.

Thanks,

Will Gries
Program Manager, Azure Files

121 comments

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...
  • Ken Yu commented  ·   ·  Flag as inappropriate

    Can you add IP Restrictions to Azure File Storage to prevent all connections except a white list of addresses?

    I'm aware of SAS Tokens, but this does not meet the requirement, as we want to use Azure File Storage as a generic File Share and not have to code anything to use it.

  • Anonymous commented  ·   ·  Flag as inappropriate

    One of the changes we are evaluating for our app is how to get off of the IaaS fileshare model we currently use, and move to a PaaS model. In a perfect world, we would like to use Azure File Services, however, they do not support ACLs at this time, and we need to be able to leverage this.

  • Kimev commented  ·   ·  Flag as inappropriate

    Any update on when you might get this implemented? I have 50+ shares I would love to move, but need ACLs enabled.

  • Anonymous commented  ·   ·  Flag as inappropriate

    This is desperately required in order to allow us to remain cloud-based only. I don't really want to use on-prem AD when Azure AD does such a good job.

  • Justin Mirsky commented  ·   ·  Flag as inappropriate

    Is there an ETA on being able to integrate Azure AD into the authentication for Azure File Shares? This is the last component we need to be able to fully move customers from on premise to 100% cloud based services. We cannot allow all users to have the same access level to file shares, we need to be able to apply permissions at share/directory levels.

  • Gerald Wiltse commented  ·   ·  Flag as inappropriate

    Can you share any information about the target use cases? For example, is there any chance of bringing azure files into the user space with a sync client?

  • Lukas commented  ·   ·  Flag as inappropriate

    We are building File Share on a client and need this feature to restrict access on the different File Shares. Otherwise for each access group a dedicated Storage Account needs to be created. Due to security standards, we cannot have two business critical applications sharing the same access keys and the only way to mitigate that is to create individual Storage Accounts.

  • Adrien commented  ·   ·  Flag as inappropriate

    We need this feature to ensure that when an employee leaves, they no longer have access to storage accounts.

  • Ben commented  ·   ·  Flag as inappropriate

    Without ACL for Azure fileshares I can't use this for any kind of solution really, which is a shame because it's almost there.

  • Seth commented  ·   ·  Flag as inappropriate

    We are also using Azure Files with Azure RemoteApp and are in need of ACL support.

  • Craig commented  ·   ·  Flag as inappropriate

    We are using Azure Files with Azure RemoteApp and we would really like to see ACL support so we can make better use of the storage without having to create individual storage accounts to isolate data

  • BJ Johnson commented  ·   ·  Flag as inappropriate

    We are implementing azure file services for archiving data, we would like to be able to have AD integration or at least the ability for ACL's on the different shares within File Services storage

Feedback and Knowledge Base