Introduction
This document explains how to set up Azure File Share with AD authentication for a customer using an Exchange Plan 1 Microsoft license. This setup allows users to access Azure File Share using their Active Directory credentials.
Prerequisites
- Microsoft 365 Subscription
- Azure AD DS (Azure Active Directory Domain Services)
- On-premises Active Directory synchronized with Azure AD.
- Azure Subscription: Ensure the customer has an Azure subscription, as this is required for Azure Files.
Set Up Azure Storage Account
Step 1. Log into the Azure Portal.
Step 2. Navigate to Storage accounts and click on Create.
Step 3. Fill in the required details, such as Subscription, Resource group, Storage account name, Region, and Performance tier.
Step 4. Choose the File shares option under Data Protection.
Step 5. Once created, go to the newly created storage account and click on File Shares.
Step 6. Click + File share and enter a name for your file share. Choose a quota based on storage needs.
Integrate with Active Directory
You can integrate Azure Files with either Azure AD DS or your on-premises Active Directory.
Using On-Premises Active Directory (Hybrid Setup)
AzFilesHybrid PowerShell module
Download
- Set up VPN/ExpressRoute: Ensure a network connection between on-premises AD and Azure using VPN or ExpressRoute.
- Sync AD with Azure AD: Use Azure AD Connect to synchronize your on-prem AD with Azure AD.
Join Azure Files to On-Prem AD:
Step 1. In Azure Portal, go to Storage account > Configuration.
Step 2. Choose Active Directory and configure it to connect to your on-prem AD using the credentials of an AD user with sufficient privileges.
Learn More
Configure Azure File Share Authentication
- Enable SMB Authentication: Go to the storage account > Configuration > Enable SMB Multichannel.
- Set NTFS ACLs on the file shares
- Go to the Azure File Share and select Access Control (IAM).
- Assign users or groups from AD to the file share and assign roles like Storage File Data SMB Share Contributor.
- Configure share-level and directory-level permissions using standard NTFS ACLs, just as you would for an on-prem file server.
Step 3. Accessing the File Share
Conclusion
Azure File Share can be integrated with AD authentication, providing secure and controlled access to files. Depending on whether the customer has Azure AD DS or an on-premises AD setup, the configuration steps may vary. Additionally, this setup does require an Azure