How to use Azure Active Directory Domain Services to control ACL on storage/fileshare

Scott Ham 0 Reputation points
2023-01-16T17:36:43.3566667+00:00

Hi everyone, I am trying to accomplish the following

  1. Access the fileshare remotely off premise using username / password not keys
  2. Allow only VPN to access the file share.
  3. How to manage fileshare/folders ACL with very same way of having a domain controller and giving users read only or write access to folders/files.

Thanks

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,745 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,807 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Luke Murray 10,611 Reputation points MVP
    2023-01-16T18:30:38.7166667+00:00

    Hi, Scott.

    You should be able to:

    1. Stand up Azure Active Directory Domain Services
    2. Setup an Azure Point-to-Site VPN
    3. Stand up an Azure storage account, for Azure Files
    4. Setup storage account with private endpoints for file share (this puts is on the same network as your VPN)
    5. Create a File share and setup permissions (storage account key first, then for Windows ACLS).

    Have a read of this MS document, its very close to what your after:

    https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable?tabs=azure-portal