This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 46%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELB%3C/text%3E%3C/svg%3E)
Hi There,
We are a small business with an extremely simple on premise file & printer shares. Quite literally Windows built in sharing. This works absolutely perfect for us.
However, I have ran into an issue today.
We use M365 for email, SharePoint etc, however, our on premise printers & copiers are all setup to the network share created by our file server.
We are looking to create a new share, for 'finance' where invoices, bank statements etc can be scanned to. The issue is, I only want people that are in the Azure AD group 'Finance' to be able to access this share.
The problem of course is, without the file server actually being a server, I do not have the same tools available to others and also (by my knowledge) Azure Connect will be pointless.
Is it possible to only allow AzureAD{Group} to access certain shares if I Azure Join the file server?
Thanks all!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
To support authentication with Azure AD credentials and access a file share by using Azure AD credentials, you must enable Azure AD Domain Services for your Azure AD tenant and your machine must be domain-joined to Azure AD DS. Then you could assign the group permissions as described here: https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-active-directory-domain-service-enable?tabs=azure-portal
Otherwise user writeback from Azure AD to on-prem is not yet supported.
Need some more details. Do you have AAD connect server at onperm? Or whether onperm and cloud users will use different credentials for login?
No, there is no on premises active directory.
It's essentially a Micro-PC which uses Windows built in file & printer sharing, however, all of our other computers (Surfaces, ThinkPads etc) are Azure AD Joined so that our employees log in with their email address & password.
That's as basic as it is! The file server currently has no Azure affiliation and is just using Windows login.
Azure AD join only possible with windows 11 and windows 10 OS. In the server OS 2019 VM running on Azure cloud will support Azure AD join.
https://learn.microsoft.com/en-us/azure/active-directory/devices/concept-azure-ad-join