How can we improve Azure Storage?

ACL's for AzureFiles

I've started experimenting with Azure Files. One of the features I'm lacking is the fact that you cannot give access to Folders/Files on AzureFiles based on Active Directory credentials. If you setup a typical fileshare one would like to be able to grant/revoke access to folders and files based on information of users in AD.

2,539 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    Hi folks,

    We have shipped a public preview of integration with AAD DS: https://azure.microsoft.com/blog/azure-active-directory-integration-for-smb-access-now-in-public-preview/

    What we have in preview is a first step along a much larger roadmap for integration with AAD/AD for authentication and authorization. As the blog post says, this initial preview is really about Windows cloud VM access to the Azure file share with an AAD identity. Future refreshes to this feature will add non-Windows (Linux, macOS, etc) support, and the ability to mount the Azure file shares on-premises with your AAD identity. You can learn more about this in our Ignite session as well (at around 22:00): https://www.youtube.com/watch?v=GMzh2M66E9o

    We’ll keep you updated on our progress. In the meantime, don’t hesitate to continue posting feedback on this feature below.

    Thanks,

    Will Gries
    Program Manager, Azure Files

    109 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Adrien commented  ·   ·  Flag as inappropriate

        We need this feature to ensure that when an employee leaves, they no longer have access to storage accounts.

      • Ben commented  ·   ·  Flag as inappropriate

        posted almost 2 years ago.... how is this not a priority ?

      • Ben commented  ·   ·  Flag as inappropriate

        Without ACL for Azure fileshares I can't use this for any kind of solution really, which is a shame because it's almost there.

      • Seth commented  ·   ·  Flag as inappropriate

        We are also using Azure Files with Azure RemoteApp and are in need of ACL support.

      • Craig commented  ·   ·  Flag as inappropriate

        We are using Azure Files with Azure RemoteApp and we would really like to see ACL support so we can make better use of the storage without having to create individual storage accounts to isolate data

      • BJ Johnson commented  ·   ·  Flag as inappropriate

        We are implementing azure file services for archiving data, we would like to be able to have AD integration or at least the ability for ACL's on the different shares within File Services storage

      • Simon Hudson commented  ·   ·  Flag as inappropriate

        We were really hoping to be able to use Azure storage to replace file servers for several of our clients. To achieve this we need Active Directory integration, granular permission and the ability to migrate permissions from the existing file server to Azure file storage with the ability to remap the user identities in the process.
        I.e. we may move some of the clients to a pure Azure Active Directory model where they no longer have an on premise identity, so the old identity will need to be mapped to the new one.

      • Shuhei Uda commented  ·   ·  Flag as inappropriate

        We need you to permit ACL feature for Azure Storage (Blob, Table, Queue, Files).
        Since Azure Storage does not have source IP filtering now, it is unusable to save confidential data. (ex. personal information, payment data, security data, etc.)

        - Japanese
        Azure Storage (Blob, Table, Queue, Files) でアクセス制限を可能にしてほしい。
        現時点ではIP アドレスなどでアクセス制限ができないので、個人情報や金銭にかかわる情報などを保存する用途では使用できない。

      • Teppei Ishii commented  ·   ·  Flag as inappropriate

        +1
        without ACL and quota, Azure Files is only for someone who owns & administors Azure Storage account. This cannot be truely the enterprise capable solution.

      • Jeremy commented  ·   ·  Flag as inappropriate

        Allow AzureAD User access and file permission control with the Storager > File Service > File Shares.

        I want to map the file shares directly to end point systems but need to be able to set access permissions.

      • Peter Selch Dahl commented  ·   ·  Flag as inappropriate

        Please see Advisors forum for feedback in regards to this feedback request. I PING Lavanya from the Azure Storage team. We really need this function now. Let's get up the votes!

      Feedback and Knowledge Base