Share via

map Azure storage with Azure AD / Entra user credentials

jeff bushberg 0 Reputation points
2023-10-24T18:26:01.9533333+00:00

I am trying to map Azure storage to user Azure AD / Entra user credentials. I would like to map home drives. I can map using the storage connect key but seem stuck at how to map my Azure AD/Entra users.

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,944 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Carlos Robrto Domingues 1 Reputation point
    2023-10-24T23:20:59.23+00:00

    Hi Wellcome to A&Q.

    Is it possible using Azure AD DS authentication only. This means that you need to join your Azure storage account to a domain that is either synchronized with Azure AD or hosted by Azure AD DS. In that case, you need to use the storage account name and key as the login and password

    0 comments
  2. Sumarigo-MSFT 45,416 Reputation points Microsoft Employee
    2023-10-27T10:14:39.9233333+00:00

    @jeff bushberg Welcome to Microsoft Microsoft Q&A Forum, Thank you for posting your query here!

    For better understanding the issue: Are you using Azure Blob or Files Storage?

    May I know what exactly are you trying to accomplish?

    Azure Storage supports using Microsoft Entra ID to authorize requests to blob data. With Microsoft Entra ID, you can use Azure role-based access control (Azure RBAC) to grant permissions to a security principal, which may be a user, group, or application service principal. The security principal is authenticated by Microsoft Entra ID to return an OAuth 2.0 token. The token can then be used to authorize a request against the Blob service.

    Azure Files supports identity-based authentication for Windows file shares over Server Message Block (SMB) using the Kerberos authentication protocol through the following methods:

    • On-premises Active Directory Domain Services (AD DS)
    • Microsoft Entra Domain Services
    • Microsoft Entra Kerberos for hybrid user identities

    Microsoft Entra Domain Services provides managed domain services such as domain join, group policies, LDAP, and Kerberos/NTLM authentication. These services are fully compatible with Active Directory Domain Services. For more information, see Microsoft Entra Domain Services

    Overview of Azure Files identity-based authentication options for SMB access

    Enable Microsoft Entra Domain Services authentication on Azure Files
    Choose how to authorize access to file data in the Azure portal(Use your Microsoft Entra account)

    Understand authorization for data operations Authorize access to data in Azure Storage

    Please let us know if you have any further queries. I’m happy to assist you further.     

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.