Identity-based authentication (Active Directory) for Azure file shares with OnPremise AD DS

Question

Folks,

How can I allow certain AD DS security group member to access the Azure Storage Account File Share \StorageAccountFileName.file.core.windows.net\storedfiles ?

What are the steps and the procedure to allow me to achieve this.

Answer 1

Hi EA,

There are 2 parts to acheive this and first is to enable the ADDS to allow / enable access to the Storage account and 2nd is to assign share-level permissions to an identity and there are two ways you can assign share-level permissions. You can assign them to specific Azure AD users/user groups and you can assign them to all authenticated identities as a default share level permission.

storage-files-identity-ad-ds-enable

storage-files-identity-ad-ds-assign-permissions

==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Answer 2

Hello there,

You can enable identity-based authentication with either Azure AD DS or on-premises AD DS for Azure file shares on your new and existing storage accounts. Only one domain service can be used for file access authentication on the storage account, which applies to all file shares in the account.

Overview of Azure Files identity-based authentication options for SMB access https://learn.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-overview

---------------------------------------------------------------------------------------------------------------------------------

--If the reply is helpful, please Upvote and Accept it as an answer--