![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 68%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Azure Files
An Azure service that offers file shares in the cloud.
1,228 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 10%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAP%3C/text%3E%3C/svg%3E)
Hello Jéssica Advocacia,
Thank you for posting your query here!
We cannot completely understand your question as this is an English global support. It would be helpful, if you can translate your question in English. Or you can consider support in other languages from here: https://azure.microsoft.com/support/options/
Refer the FAQ here: For which languages does Microsoft provide support?
After translating your question, I understood that you encounter "Access Denied" issue while connecting to Azure File Storage despite following documentation for P2S VPN setup, including certificate creation, virtual network configuration, and VPN connection establishment.
Please note that to create a file share and access it from the desktop, you need to create and configure a Private End Point under the subnet where the storage account exists. (Service Endpoints will not work with P2S).
Go to 'Private Endpoint Connection' under settings of storage account in Azure portal.
Next create it as shown in the figure below. Remember to select the options as shown:
Follow the steps and select the subnet created in earlier steps.
For further details: Configuring Azure Files network endpoints.
Once the creation is completed, note the Network interface IP address from the summary page. This is the IP address which you can connect through your P2S network.
When you map the drive, use the folder format as \Private IP Address\Filesharename
Note: Here you need to use the file share name instead of storage account name.
Also, you may try to Peer P2S VPN VNET to the VNET where the Storage Account resides.
Note: If a VNET peer is created after the VPN client has been downloaded, a new version of the VPN client will need to be downloaded to reflect the change.
If you are getting "Access Denied" errors when trying to mount a file share with a private endpoint on your local machine, it's likely that the private endpoint is not properly configured to allow access from your local machine's IP address.
Please check the following troubleshooting steps:
· Check the firewall settings on your local machine: Ensure that the firewall on your local machine is not blocking traffic to the private endpoint. Specifically, make sure that port 445 is not blocked, as this is the port used for SMB file sharing.
· Verify that the private endpoint is resolving correctly: Ensure that the private endpoint is resolving correctly from your local machine. You can do this by pinging the private endpoint's DNS name from your local machine and verifying that the IP address returned is the same as the private IP address assigned to the private endpoint.
· Check the private endpoint logs: Check the private endpoint logs in the Azure portal to see if there are any errors or issues related to the private endpoint configuration or connectivity.
Another possible reason for this issue could be related to the Azure Storage firewall settings. Since the file share is accessed through a private endpoint, the firewall rules need to be updated to allow traffic from the VNET of the private endpoint.
To check if this is the case, you can go to the Azure Storage account settings and navigate to the "Firewalls and virtual networks" section. From there, ensure that the selected option is "Selected networks", and that the VNET of the private endpoint is added to the allowed networks list. Also, make sure that the "Allow trusted Microsoft services to access this storage account" option is enabled.
Please let us know if you have any further queries or if the issue persists. I’m happy to assist you further.
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.