Azure files are previewed for Active Directory authentication support
Last August, Microsoft introduced several new security features for the Azure Files service. This includes Active Directory Domain Services (AD DS) authentication support for accessing server message block. Currently, this feature has been enhanced in the form of a preview of Azure AD general authentication in Azure files.
Basically, files can now be deployed in Azure AD with the same access control experience as on-premises. Both standard and premium tier authentication can be used without restrictions because functionality is limited to on-premises or cloud functionality.
As mentioned last year, sharing-level permissions can be changed using role-based access control (RBAC). However, directory-level and file-level permissions can be applied using NTFS (NTFS-DACLs) access control lists.
All the key features presented in this preview are described as follows:
Enable Active Directory /Domain Services (SMB) authentication for .server message block. You can deploy Azure files from computers that are connected to an Active Directory domain and use Active Directory credentials locally or in Azure. Azure Files enables active directory to be used as a directory service for identity-based access control experiences, both at the premium and standard levels. You can enable Active Directory authentication for self-managed or Azure file synchronization-managed file sharing.
Apply share-level permissions and directory-level or file-level permissions. Active Directory-enabled file shares continue to have the existing access control experience. You can use RBAC for sharing-level permission management and use Windows Explorer and the icacls tool to maintain or configure directory-level or file-level NTFS DACLs.
. Support file migration from on-premises using ACL persistence for Azure file synchronization. With Azure file synchronization, you can now keep ACLs in Azure files in native NTFS DACL format. You can use Azure file synchronization to seamlessly migrate from a local Windows file server to an Azure file. Existing files and directories that are layered into Azure files through Azure file synchronization retain ACLs in their native format.
Microsoft wants to allow you to work with files with AD without changing the client environment. Note that single sign-on is sufficient to provide access to file shares on computers that are connected to the AD domain. Using AD authentication, the company believes that Azure Files can be a definitive storage solution for virtual desktop infrastructure (VDI) users.