Secure access to Azure File Shares via SMB 3.x - do I need to use Private or Public Endpoints

David Turner 66 Reputation points
2022-11-16T17:35:59.38+00:00

Trying to evaluate features available with Azure Files for secure SMB 3.x access from both on-prem and Internet access. For your users working from home can I use Private Endpoints with SMB 3.x and secure transfer mandated to allow secure access from anywhere or do I need to use Public Endpoints?

I'm reading the MS articles but they don't fully explain or answer my questions?

Thanks in advance

Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
1,321 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,432 questions
0 comments No comments
{count} votes

Accepted answer
  1. Roderick Bant 2,051 Reputation points
    2022-11-16T20:16:30.953+00:00

    Hi @David Turner

    Although SMB 3.x is considered to be an internet safe protocol, the networking considerations documentation indicates that ISPs and other organizations in some cases block communications over port 445 required by SMB.

    An Azure VPN Point-to-Site (P2S) connection in combination with a private endpoint is recommended for users working from home or other locations.

    Microsoft has a detailed guide on setting up a file share with a private endpoint and p2s vpn connection for Microsoft Windows users,

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. David Turner 66 Reputation points
    2022-11-16T20:42:03.663+00:00

    thanks Roderick, is that practical when you may have 100's of users working from home?

    Dave


  2. David Turner 66 Reputation points
    2022-11-17T13:28:57.023+00:00

    thanks Roderick, that confirms what I thought. Just found out this morning that they use VMWare virtual desktops so that will make my life a lot easier as they are either in the cloud already or using a VMWare farm somewhere.

    Thanks

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.