We recently announce the General Availability of Azure Active Directory Domain Services (Azure AD DS) authentication for Azure Files! By enabling integration with Azure AD DS, you can mount your Azure file share over SMB using Azure AD credentials from Azure AD DS domain joined Windows VMs with NTFS ACLs enforced. For more details, please refer to our blog post:http://aka.ms/azure-file-aadds-authentication-ga-blog.
A part of the GA announcement, we shared the upcoming plan to extend the authentication support to Active Directory (AD) either hosted on-premises or in cloud. If you need an Azure Files solution with AD authentication today, you can consider installing Azure File Sync (AFS) on your Windows File Servers where AD integration is fully supported.
If you are interested to hear future updates on Azure Files Active Directory Authentication, please complete this sign-up survey:https://aka.ms/AzureFilesADAuthPreviewSurvey.
Azure Files Teamwanadminsvc supported this idea ·
We are evaluating what we can do to address this feedback and would very much appreciate your continued votes and suggestions on it.
One alternative to mounting the share on-premises over port 445 is Azure File Sync, which enables you to create a cache of an Azure file share on an on-premises Windows Server. Azure File Sync only sends data over the Azure Files HTTPS (using the File REST APIs). You can learn more about Azure File Sync here: https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-planning
Please don’t hesitate to reach out if you have any additional questions!
Program Manager, Azure Fileswanadminsvc commented
Even if Azure Files were allowed to be mapped to say - port 443. for SMB V3 wouldn't that require an update to all Windows Machines to allow them to connect to an alternative port when using the net use command?
One possible option - place a small virtual machine in azure, join it to a domain or install active directory, install azure file share sync, set it to only keep last 3 months of tiered data,then install MyWorkDrive.com software on it that enables mapped drives and web access over port 443/SSL.
Soon Microsoft will have Active Directory allowed outside of just AAD DS for Azure File Shares so that will make it even easier since you won't be forced to use AAD DS or AFS Sync if you want to use your own active directory.