Share via

authentication and accessing Azure Files usin Entra ID users

Kamal Jayaram 0 Reputation points
2024-07-19T09:06:21.85+00:00

Could you please help me with Highlevel steps to use Entra ID users for authentication and accessing Azure Files.

Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,227 questions

6 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Manu Philip 17,591 Reputation points MVP
    2024-07-19T09:13:14.2766667+00:00

    Hi,

    Here is the high-level details for authentication and accessing Azure Files using Entra ID

    • Microsoft Entra Kerberos for hybrid identities: Using Microsoft Entra ID for authenticating hybrid user identities allows Microsoft Entra users to access Azure file shares using Kerberos authentication. This means your end users can access Azure file shares over the internet without requiring network connectivity to domain controllers from Microsoft Entra hybrid joined and Microsoft Entra joined VMs. Cloud-only identities aren't currently supported.
    • How it works Azure file shares use the Kerberos protocol to authenticate with an AD source. When an identity associated with a user or application running on a client attempts to access data in Azure file shares, the request is sent to the AD source to authenticate the identity. If authentication is successful, it returns a Kerberos token. The client sends a request that includes the Kerberos token, and Azure file shares use that token to authorize the request. Azure file shares only receive the Kerberos token, not the user's access credentials.

    Hope this helps.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments
  2. Kamal Jayaram 0 Reputation points
    2024-07-19T09:21:10.1433333+00:00

    Thank you for the swift response. I have configured my Shares to use EntraID, But When I try to access the share it keep askin for user and password. I am sure I am entering the correct credentials

  3. Manu Philip 17,591 Reputation points MVP
    2024-07-19T09:54:08.08+00:00

    To assign an Azure role to a Microsoft Entra identity using the Azure portal, follow these steps:

    1. In the Azure portal, go to your file share
    2. Select Access Control (IAM).
    3. Select Add a role assignment
    4. In the Add role assignment blade, select the appropriate built-in role (for example, Storage File Data SMB Share Reader or Storage File Data SMB Share Contributor) from the Role list. Leave Assign access to at the default setting: Microsoft Entra user, group, or service principal. Select the target Microsoft Entra identity by name or email address.
    5. Select Review + assign to complete the role assignment.

    Hope this helps.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments
  4. Kamal Jayaram 0 Reputation points
    2024-07-19T10:33:37.02+00:00

    Thank you, I did the same steps, when I try to access the share, I get the below error prompting for creds again and again. I am sure I am entering the correct creds

    User's image

  5. Kamal Jayaram 0 Reputation points
    2024-07-19T11:11:10.4133333+00:00

    Also . do I have option to select all users in One Go or EntraID as the target, bcoz users may be added or removed ?

    also any option to add alias for abc.file.core.windows.net as fileserveraz.abc.com ?