Post
Ask Question

How to Configure Azure Fileshare with AD Authentication

Introduction

This document explains how to set up Azure File Share with AD authentication for a customer using an Exchange Plan 1 Microsoft license. This setup allows users to access Azure File Share using their Active Directory credentials.

Prerequisites

  1. Microsoft 365 Subscription
    • Azure AD DS (Azure Active Directory Domain Services)
    • On-premises Active Directory synchronized with Azure AD.
  2. Azure Subscription: Ensure the customer has an Azure subscription, as this is required for Azure Files.

Set Up Azure Storage Account

Step 1. Log into the Azure Portal.

Step 2. Navigate to Storage accounts and click on Create.

Step 3. Fill in the required details, such as Subscription, Resource group, Storage account name, Region, and Performance tier.

Create a storage account

Step 4. Choose the File shares option under Data Protection.

Data protection

Step 5. Once created, go to the newly created storage account and click on File Shares.

Step 6. Click + File share and enter a name for your file share. Choose a quota based on storage needs.

New file share

Integrate with Active Directory

You can integrate Azure Files with either Azure AD DS or your on-premises Active Directory.

Using On-Premises Active Directory (Hybrid Setup)


AzFilesHybrid PowerShell module

Download

  1.  Set up VPN/ExpressRoute: Ensure a network connection between on-premises AD and Azure using VPN or ExpressRoute.
  2. Sync AD with Azure AD: Use Azure AD Connect to synchronize your on-prem AD with Azure AD.

Join Azure Files to On-Prem AD:

Step 1. In Azure Portal, go to Storage account > Configuration.

Step 2. Choose Active Directory and configure it to connect to your on-prem AD using the credentials of an AD user with sufficient privileges.

Learn More

Configure Azure File Share Authentication

  1. Enable SMB Authentication: Go to the storage account > Configuration > Enable SMB Multichannel.
  2. Set NTFS ACLs on the file shares
    • Go to the Azure File Share and select Access Control (IAM).
    • Assign users or groups from AD to the file share and assign roles like Storage File Data SMB Share Contributor.
  3. Configure share-level and directory-level permissions using standard NTFS ACLs, just as you would for an on-prem file server.

Step 3. Accessing the File Share

  • Mount the Azure File Share using the following PowerShell command (run as admin):
    PowerShell 
    net use Z: \\<storageaccountname>.file.core.windows.net\<sharename> /u:<domain>\<username> <password>
  • Replace the placeholders with the actual storage account name, share name, domain, username, and password.
  • Ensure users can access the file share using their AD credentials.

Conclusion

Azure File Share can be integrated with AD authentication, providing secure and controlled access to files. Depending on whether the customer has Azure AD DS or an on-premises AD setup, the configuration steps may vary. Additionally, this setup does require an Azure


Similar Articles