I'm exploring the use of Azure Files as file shares in a hybrid Active Directory setup. I've successfully created an Azure File share and accessed it through an Azure VM, but I want to make sure that I can extend user mapping with the right permissions from on-premises devices. Has anyone here successfully done this? What are some key things I should be aware of? Also, I'm curious about how to estimate costs for data throughput. Do I need to connect using a storage account key, or can I set it up using user credentials? Lastly, we're facing a challenge with archiving — is it feasible to store large amounts of retention data in Azure's archive or cold storage instead of on-prem?
5 Answers
It's really dependent on your setup. I strongly recommend using Entra authentication to link to your share. We connect through Entra and use SMB for accessing files and folders based on standard Windows share permissions. If you're starting a new share without pre-existing files, go all in with Entra and skip SMB altogether.
We recently set up something similar. We had to create an on-prem VM to act as a domain controller to manage permissions for specific groups. Otherwise, if you just set up Azure Files, anyone in your Entra has access to all the shares and files.
If you're considering storage needs, take a look at Qumulo. Their pricing calculator is handy, and you can easily deploy it through the Azure portal. Don’t forget they have a cold storage tier that might work for you!
Honestly, you should test out different configurations. Costs vary based on your specific setup because some applications work well with remote SMB while others might not perform as needed.
Just a heads up, Azure Files might not be ideal for terrestrial machines with human users. A physical file server with backup to the cloud could offer a better experience. And for archiving, while Azure cold storage is an option, solutions like Wasabi S3 might give you more value.
But how do you mount the share without using SMB?