Secure access to Azure File Shares via SMB 3.x - do I need to use Private or Public Endpoints

Question

Trying to evaluate features available with Azure Files for secure SMB 3.x access from both on-prem and Internet access. For your users working from home can I use Private Endpoints with SMB 3.x and secure transfer mandated to allow secure access from anywhere or do I need to use Public Endpoints?

I'm reading the MS articles but they don't fully explain or answer my questions?

Thanks in advance

Answer 1

Hi @David Turner

Although SMB 3.x is considered to be an internet safe protocol, the networking considerations documentation indicates that ISPs and other organizations in some cases block communications over port 445 required by SMB.

An Azure VPN Point-to-Site (P2S) connection in combination with a private endpoint is recommended for users working from home or other locations.

Microsoft has a detailed guide on setting up a file share with a private endpoint and p2s vpn connection for Microsoft Windows users,

Answer 2

thanks Roderick, is that practical when you may have 100's of users working from home?

Dave

Answer 3

thanks Roderick, that confirms what I thought. Just found out this morning that they use VMWare virtual desktops so that will make my life a lot easier as they are either in the cloud already or using a VMWare farm somewhere.

Thanks