ACL's for AzureFiles
I've started experimenting with Azure Files. One of the features I'm lacking is the fact that you cannot give access to Folders/Files on AzureFiles based on Active Directory credentials. If you setup a typical fileshare one would like to be able to grant/revoke access to folders and files based on information of users in AD.
We recently announce the General Availability of Azure Active Directory Domain Services (Azure AD DS) authentication for Azure Files! By enabling integration with Azure AD DS, you can mount your Azure file share over SMB using Azure AD credentials from Azure AD DS domain joined Windows VMs with NTFS ACLs enforced. For more details, please refer to our blog post:http://aka.ms/azure-file-aadds-authentication-ga-blog.
A part of the GA announcement, we shared the upcoming plan to extend the authentication support to Active Directory (AD) either hosted on-premises or in cloud. If you need an Azure Files solution with AD authentication today, you can consider installing Azure File Sync (AFS) on your Windows File Servers where AD integration is fully supported.
If you are interested to hear future updates on Azure Files Active Directory Authentication, please complete this sign-up survey:https://aka.ms/AzureFilesADAuthPreviewSurvey.
Azure Files Team
We are also using Azure Files with Azure RemoteApp and are in need of ACL support.
We are using Azure Files with Azure RemoteApp and we would really like to see ACL support so we can make better use of the storage without having to create individual storage accounts to isolate data
Vojtech Vit commented
+3. We need the same - but for Blob Service.
BJ Johnson commented
We are implementing azure file services for archiving data, we would like to be able to have AD integration or at least the ability for ACL's on the different shares within File Services storage
Simon Hudson commented
We were really hoping to be able to use Azure storage to replace file servers for several of our clients. To achieve this we need Active Directory integration, granular permission and the ability to migrate permissions from the existing file server to Azure file storage with the ability to remap the user identities in the process.
I.e. we may move some of the clients to a pure Azure Active Directory model where they no longer have an on premise identity, so the old identity will need to be mapped to the new one.
Please provide AD integration and ACL for Azure File Storage.
Pete Hall commented
Any news on this? Integration with Azure AD is a must
+1 This feature should be supported.
Shuhei Uda commented
We need you to permit ACL feature for Azure Storage (Blob, Table, Queue, Files).
Since Azure Storage does not have source IP filtering now, it is unusable to save confidential data. (ex. personal information, payment data, security data, etc.)
Azure Storage (Blob, Table, Queue, Files) でアクセス制限を可能にしてほしい。
Ingram Leedy commented
+1 yes yes yes
M. Willemsen commented
This would be great! Hope this will be implemented soon.
Teppei Ishii commented
without ACL and quota, Azure Files is only for someone who owns & administors Azure Storage account. This cannot be truely the enterprise capable solution.
Allow AzureAD User access and file permission control with the Storager > File Service > File Shares.
I want to map the file shares directly to end point systems but need to be able to set access permissions.
Jono Walker commented
I would also love this as we could move our EFSS from another provider
Xiaolin An commented
+1 for ACL and quota implementation
Peter Selch Dahl commented
Please see Advisors forum for feedback in regards to this feedback request. I PING Lavanya from the Azure Storage team. We really need this function now. Let's get up the votes!
+1 This will immensely help me remove my aging file server
Gerald Wiltse commented
The market has proven that a good multi-platform sync client like Dropbox is imperative for any modern storage solution. While mapping drives is useful, and works for some use cases, I believe a sync client a logical step in the near future for Azure Files.
Sharepoint online has been the Microsoft cloud file sharing solution for a few years now. However, countless articles and bloggers made it very clear: Sharepoint is a big web front end, which runs on IIS and SQL and WebDAV for file hosting, and will never be the best file sharing platform for this reason.
Azure Files is a platform that has the potential to fill in the gaps left by Sharepoint (and every other cloud-file storage provider for that matter). Because of the proximity to Azure AD and Sharepoint Online, it is uniquely positioned to become a one-of-a-kind file sharing service with fully integrated ACL's based on Azure AD Users and Groups. While that is another feature request entirely, that type of security combined with a sync client would enable Office 365 organizations everywhere (like my clients) to stop fighting with Sharepoint storage on a daily basis for some types of data, and still leverage their very robust pre-existing security group and permission strategy.
Gerald Wiltse commented
Yes, this is the single biggest thing I have been waiting for with Azure Files. It's awesome to be able to mount azure files shares over the internet with SMB 3.0 now, and the security keys are a reasonable security mechanism for server-side mounting, but it's time to add a layer for user-based security, integrated with Azure AD.
Brian “B” Laws commented
Being able to access Azure Files via a UNC would make the service vastly more useful. We could at that point use it like a traditional NAS for accessing common files and for automated processes. Like Eric said, non-interactive services are unable to access the Azure Files shares since they are unable to map the drive (that is, without a lot of complicated configuration). This would enable us to use it as a backup target for SQL Server, SharePoint, etc. Yes, SQL Server backups can write to an Azure Storage account, but this option is not available in Maintenance Plans (at least as of SQL 2012). We could abandon Maintenance Plans but that would require a higher level of complexity and management.