how to store files on azure Vm through Azure AD?

Question

Hello Guys

I have created a 'ABC' user on azure ad with all admin privileges. I have created azure vm. Now I want the 'ABC' user can stored files from azure AD to azure vm file server.
Is it Possible, If possible then how? please help?

Answer 1

Hi,

Ensure that the user 'ABC' has access to the Azure VM, you might then want to create for example an Azure File Share on your Azure VM, where your user 'ABC' can store his/her files.

Create an Azure file share
https://learn.microsoft.com/en-us/azure/storage/files/storage-how-to-create-file-share?tabs=azure-portal

Once the Azure file share is created, the user 'ABC' can mount the file share on his/her local machine by using the SMB 3.0 protocol, or you can use tools like Storage Explorer to access files in your file share. From your application, you can use storage client libraries, REST APIs, PowerShell, or Azure CLI to access your files in the Azure file share.

Use an Azure file share with Windows
https://learn.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows

Best regards,
Leon

Answer 2

@SudeshSharma-8729, Thank you for reaching out and I apologize for the delay in my response. Based on your requirement, you can follow the steps mentioned below:

1. Storage Account (General purpose)
2. Create Azure AD DS
3. Storage join Azure AD DS (Under Configuration blade)
4. Create a user in AAD and provide the following RBAC roles on the Storage account (Storage File Data SMB Share Reader, Storage File Data SMB Share Contributor, Storage File Data SMB Share Elevated Contributor)
5. Join the VM to Azure domain.
6. Login to the VM as admin user.
7. Mount the fileshare using storgae name and key. --
8. Righ click fileshare (Security Add the domain user).
9. Unmount the fileshare.
10. Logout from the VM.
11. Login as domain user. --
12. Mount the share with the share path (eg: net use <desired-drive-letter>: \\<storage-account-name>.file.core.windows.net\<share-name>)

You would also want to check the following article: https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable

Hope this helps.

Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.

Answer 3

@Sudesh Sharma , Can you explain a bit what you mean by "I want the 'ABC' user can stored files from azure AD to azure vm file server". Azure AD doesnt store any files in itself.

A user in Azure AD can be given permissions to manage a VM also he or she can manage a fileserver but that has got nothing to do with AAD. AAD is just storing the user's identity and making that user available to be added to other Azure Resources in that tenant.

Also as @Leon Laude mentioned, Azure File shares is also an option, where you can mount the share on your machine.

Do share the details as what type of files you would want the user to manage and where are these files currently stored so that we can help you better.

Answer 4

hey @soumi-MSFT I have created a website that is hosted on azure vm. I have created login and profile page on that website. Now I want to stored
files according to client login details (means client can access files according to their login details).client can download files
from their profile after login to my website.

I want to give access "ABC' user to stored files according to client login details. I dont want to share my vm credentials with
'ABC' user.

files are in zip format. Files are stored in my system HDD.