![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 16%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJK%3C/text%3E%3C/svg%3E)
Azure Files
An Azure service that offers file shares in the cloud.
1,420 questions
Thank you for your detailed post and I apologize for the delayed response!
I understand that you set up Azure Files and are now looking at options to secure it - for example, since you only use Azure AD, you'd like to use Azure AD for access control instead of using your Storage Account Key. To hopefully help point you in the right direction or resolve your issue, I'll share my findings below.
Findings:
When it comes to securing access to your Azure Files from within the Azure Portal, you should be able to choose how to authorize access to file data using either your Azure AD account or the storage account access key. For more info.
When trying to control access to your Azure File share data across identities, the only way I found to do this would be through assigning share-level permissions on your storage account, which would only be available once you've enabled an Active Directory (on-prem AD) source.
-
Note:You can use Azure Files OAuth over REST to replace storage account key access with OAuth authentication and authorization to access Azure File shares with read-all/write-all privileges. For more info.
Please keep in mind that a storage account key is an administrator key for your storage account, including administrator permissions to all files and folders within the file share you're accessing. If this isn't sufficient for your workload, it's recommended to use Azure File Sync or identity-based authentication over SMB (AD authentication). For more info.
Additional Links:
- Choose how to authorize access to file data in the Azure portal
- Identity Based Auth - Access control
- Using an Azure file share with Windows
- Assign Azure RBAC roles using the Azure portal
I hope this helps!
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.