How to use Azure Active Directory Domain Services to control ACL on storage/fileshare

asked 2023-01-16T17:36:43.3566667+00:00
Scott Ham 0 Reputation points

Hi everyone, I am trying to accomplish the following

  1. Access the fileshare remotely off premise using username / password not keys
  2. Allow only VPN to access the file share.
  3. How to manage fileshare/folders ACL with very same way of having a domain controller and giving users read only or write access to folders/files.


Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,572 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
1,538 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. answered 2023-01-16T18:30:38.7166667+00:00
    lukemurraynz 2,531 Reputation points Microsoft MVP

    Hi, Scott.

    You should be able to:

    1. Stand up Azure Active Directory Domain Services
    2. Setup an Azure Point-to-Site VPN
    3. Stand up an Azure storage account, for Azure Files
    4. Setup storage account with private endpoints for file share (this puts is on the same network as your VPN)
    5. Create a File share and setup permissions (storage account key first, then for Windows ACLS).

    Have a read of this MS document, its very close to what your after: