How can I make the Storage Account accessible to all users when they login at their workstations?

Question

How can I make the Storage Account accessible to all users when they login at their workstations?

I need to be able to mount the Storage Center shared drive to the user when they run a script on their desktop. I have a Storage Account host, but it is not available to the user. Is this an Azure thing or an IT thing? I'm relatively new to Azure so I apologize if the explanation is vague.

Answer 1

Hello Mark Siminski

it looks like you're trying to make your Azure Storage Account accessible to all users at their workstations, specifically by mounting a shared drive through a script. Here’s how you can approach this:

Steps to Ensure Accessibility:

1. Role-Based Access Control (RBAC) Assignments:
   • Ensure that the users have the necessary permissions to access the storage account. You can assign them roles through the Azure portal by going to Access Control (IAM) for your storage account. The recommended roles for users are:
   • Reader and Data Access
   • Storage Blob Data Contributor
   • Storage File Data Privileged Contributor
   • Follow these steps:
   1. Go to your storage account in the Azure portal.
   2. Select Access Control (IAM).
   3. Click on + Add > Add role assignment.
   4. Select the role and add the users.
2. Network Firewall Settings:
   • Check the firewall settings of your storage account. Make sure that the client IP addresses of your users are allowed through the firewall. You can temporarily set the access to "Allow from all networks" to confirm if the issue lies with the firewall.
3. Authentication Setup:
   • If you are using Microsoft Entra ID, make sure that Entra authentication is set up correctly. Users need to authenticate with an identity that has access to the storage.
4. Mounting the Storage:
   • You can use a script to mount the Azure File Share as a network drive. This typically involves using a PowerShell script that utilizes the net use command or similar to map the drive letter to your Azure File Share.
5. Test Access:
   • After assigning the appropriate roles and configuring network settings, test the access to the storage account again.

Refer this article: How to Mount the Azure file share with File Explorer

NOTE: The Azure portal provides a PowerShell script that you can use to mount your file share directly to a host using the storage account key. However, we recommend using identity-based authentication instead of the storage account key for security reasons. If you must use the storage account key, follow the mount instructions, but under Authentication method, select Storage account key.

You can mount an SMB Azure file share on Windows using the Azure portal or Azure PowerShell.

Reference: How to mount Azure file share using Powershell/Portal

$storageAccountName = "<YourStorageAccountName>"
$shareName = "<YourFileShareName>"
$storageAccountKey = "<YourStorageAccountKey>"
$networkDriveLetter = "Z:"

# Construct the context to connect to the storage account
$context = New-AzStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $storageAccountKey

# Mount the Azure File Share
net use $networkDriveLetter "\\$storageAccountName.file.core.windows.net\$shareName" /u:"Azure\$storageAccountName" $storageAccountKey

References:

• Azure Storage Account Access Control
• Assign Roles to Users for Access
• Azure Storage Network Security

---

Hope the above answer helps! Please let us know do you have any further queries.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".