Hey everyone, I'm trying to set up Azure Files for a client, using Entra ID instead of an access key. This way, we can revoke individual access without having to refresh keys every time someone leaves the company. I managed to configure Entra ID authentication with Kerberos, allowing a user access to a specific folder. However, I've hit a snag with NTFS permissions since there's no domain available. Since we're looking to retire their server, using Active Directory isn't an option we considered, and Entra Domain Services hasn't been mentioned either. I'm curious if anyone has experience managing user-specific files via individual shares in Azure Files. We're scanning files into it, and I want to know if this is a viable approach or if there's a better strategy I should consider. I apologize if I'm overlooking an obvious solution, and I'd really appreciate your insights. Thanks!
1 Answer
It sounds like you've hit a limitation there. For this to really work with individual NTFS permissions, you're going to need Entra Domain Services or a traditional Active Directory setup. Just a heads up, Entra Domain Services can get pretty pricey, around $400-500 a month. Also, keep in mind that all your endpoints will need to join the Entra PaaS Domain, which isn't the same as using just Entra ID.
What a bummer! I hadn’t dug into Azure Files extensively until now. I totally get why some features are limited. I might just go for creating individual shares and control access via RBAC instead. Appreciate the insight!