What's new in Azure Files

Azure Files is updated regularly to offer new features and enhancements. This article provides detailed information about what's new in Azure Files and Azure File Sync.

What's new in 2022

2022 quarter 4 (October, November, December)

Azure Active Directory (Azure AD) Kerberos authentication for hybrid identities on Azure Files is generally available

This feature builds on top of FSLogix profile container support released in December 2022 and expands it to support more use cases (SMB only). Hybrid identities, which are user identities created in Active Directory Domain Services (AD DS) and synced to Azure AD, can mount and access Azure file shares without the need for line-of-sight to an Active Directory domain controller. While the initial support is limited to hybrid identities, it’s a significant milestone as we simplify identity-based authentication for Azure Files customers. Read the blog post.

2022 quarter 2 (April, May, June)

SUSE Linux support for SAP HANA System Replication (HSR) and Pacemaker

Azure customers can now deploy a highly available SAP HANA system in a scale-out configuration with HSR and Pacemaker on Azure SUSE Linux Enterprise Server virtual machines (VMs), using NFS Azure file shares for a shared file system.

2022 quarter 1 (January, February, March)

Azure File Sync TCO improvements

To offer sync and tiering, Azure File Sync performs two types of transactions on behalf of the customer:

  • Transactions from churn, including changed files (sync) and recalled files (tiering).
  • Transactions from cloud change enumeration, done to discover changes made directly on the Azure file share. Historically, this was a major component of an Azure File Sync customer’s Azure Files bill.

To improve TCO, we markedly decreased the number of transactions needed to fully scan an Azure file share. Prior to this change, most customers were best off in the hot tier. Now most customers are best off in the cool tier.

What's new in 2021

2021 quarter 4 (October, November, December)

Increased IOPS for premium file shares

Premium Azure file shares now have additional included baseline IOPS and a higher minimum burst IOPS. The baseline IOPS included with a provisioned share was increased from 400 to 3,000, meaning that a 100 GiB share (the minimum share size) is guaranteed 3,100 baseline IOPS. Additionally, the floor for burst IOPS was increased from 4,000 to 10,000, meaning that every premium file share will be able to burst up to at least 10,000 IOPS.

Formula changes:

Item Old value New value
Baseline IOPS formula MIN(400 + 1 * ProvisionedGiB, 100000) MIN(3000 + 1 * ProvisionedGiB, 100000)
Burst limit MIN(MAX(4000, 3 * ProvisionedGiB), 100000) MIN(MAX(10000, 3 * ProvisionedGiB), 100000)

For more information, see:

NFS 4.1 protocol support is generally available

Premium Azure file shares now support either the SMB or the NFS 4.1 protocols. NFS 4.1 is available in all regions where Azure Files supports the premium tier, for both locally redundant storage and zone-redundant storage. Azure file shares created with the NFS 4.1 protocol enabled are fully POSIX-compliant, distributed file shares that support a wide variety of Linux and container-based workloads. Some example workloads include: highly available SAP application layer, enterprise messaging, user home directories, custom line-of-business applications, database backups, database replication, and Azure Pipelines.

For more information, see:

Symmetric throughput for premium file shares

Premium Azure file shares now support symmetric throughput provisioning, which enables the provisioned throughput for an Azure file share to be used for 100% ingress, 100% egress, or some mixture of ingress and egress. Symmetric throughput provides the flexibility to make full utilization of available throughput and aligns premium file shares with standard file shares.

Formula changes:

Item Old value New value
Throughput (MiB/sec)
  • Ingress: 40 + CEILING(0.04 * ProvisionedGiB)
  • Egress: 60 + CEILING(0.06 * ProvisionedGiB)
100 + CEILING(0.04 * ProvisionedGiB) + CEILING(0.06 * ProvisionedGiB)

For more information, see:

2021 quarter 3 (July, August, September)

SMB Multichannel is generally available

SMB Multichannel enables SMB clients to establish multiple parallel connections to an Azure file share. This allows SMB clients to take full advantage of all available network bandwidth and makes them resilient to network failures, reducing total cost of ownership and enabling 2-3x for reads and 3-4x for writes through a single client. SMB Multichannel is available for premium file shares (file shares deployed in the FileStorage storage account kind) and is disabled by default.

For more information, see:

SMB 3.1.1 and SMB security settings

SMB 3.1.1 is the most recent version of the SMB protocol, released with Windows 10, containing important security and performance updates. Azure Files SMB 3.1.1 ships with two additional encryption modes, AES-128-GCM and AES-256-GCM, in addition to AES-128-CCM which was already supported. To maximize performance, AES-128-GCM is negotiated as the default SMB channel encryption option; AES-128-CCM will only be negotiated on older clients that don't support AES-128-GCM.

Depending on your organization's regulatory and compliance requirements, AES-256-GCM can be negotiated instead of AES-128-GCM by either restricting allowed SMB channel encryption options on the SMB clients, in Azure Files, or both. Support for AES-256-GCM was added in Windows Server 2022 and Windows 10, version 21H1.

In addition to SMB 3.1.1, Azure Files exposes security settings that change the behavior of the SMB protocol. With this release, you may configure allowed SMB protocol versions, SMB channel encryption options, authentication methods, and Kerberos ticket encryption options. By default, Azure Files enables the most compatible options, however these options may be toggled at any time.

For more information, see:

2021 quarter 2 (April, May, June)

Premium, hot, and cool storage reservations

Azure Files supports storage reservations (also referred to as reserved instances). Azure Files Reservations allow you to achieve a discount on storage by pre-committing to storage utilization. Azure Files supports Reservations on the premium, hot, and cool tiers. Reservations are sold in units of 10 TiB or 100 TiB, for terms of either one year or three years.

For more information, see:

Improved portal experience for domain joining to Active Directory

The experience for domain joining an Azure storage account has been improved to help guide first-time Azure file share admins through the process. When you select Active Directory under File share settings in the File shares section of the Azure portal, you will be guided through the steps required to domain join.

Screenshot of the new portal experience for domain joining a storage account to Active Directory

For more information, see:

2021 quarter 1 (January, February, March)

Azure Files management now available through the control plane

Management APIs for Azure Files resources, the file service and file shares, are now available through control plane (Microsoft.Storage resource provider). This enables Azure file shares to be created with an Azure Resource Manager or Bicep template, to be fully manageable when the data plane (i.e. the FileREST API) is inaccessible (like when the storage account's public endpoint is disabled), and to support full role-based access control (RBAC) semantics.

We recommend you manage Azure Files through the control plane in most cases. To support management of the file service and file shares through the control plane, the Azure portal, Azure storage PowerShell module, and Azure CLI have been updated to support most management actions through the control plane.

To preserve existing script behavior, the Azure storage PowerShell module and the Azure CLI maintain the existing commands that use the data plane to manage the file service and file shares, as well as adding new commands to use the control plane. Portal requests only go through the control plane resource provider. PowerShell and CLI commands are named as follows:

  • Az.Storage PowerShell:
    • Control plane file share cmdlets are prefixed with Rm, for example: New-AzRmStorageShare, Get-AzRmStorageShare, Update-AzRmStorageShare, and Remove-AzRmStorageShare.
    • Traditional data plane file share cmdlets don't have a prefix, for example New-AzStorageShare, Get-AzStorageShare, Set-AzStorageShareQuota, and Remove-AzStorageShare.
    • Cmdlets to manage the file service are only available through the control plane and don't have any special prefix, for example Get-AzStorageFileServiceProperty and Update-AzStorageFileServiceProperty.
  • Azure storage CLI:
    • Control plane file share commands are available under the az storage share-rm command group, for example: az storage share-rm create, az storage share-rm update, etc.
    • Traditional file share commands are available under the az storage share command group, for example: az storage share create, az storage share update, etc.
    • Commands to manage the file service are only available through the control plane, and are available through the az storage account file-service-properties command group, for example: az storage account file-service-properties show and az storage account file-service-properties update.

To learn more about the Azure Files management API, see:

See also