Azure Files NFS v4.1 is a fully managed, enterprise-grade solution purpose-built to run high-performance Linux workloads in the cloud with native NFS semantics and full POSIX compatibility. Azure Files delivers fully managed SMB and NFS file storage with built-in high availability and durability. It eliminates the need to provision or manage file servers, enabling seamless file sharing. Data can be accessed concurrently for read and write operations by thousands of clients—both within and outside Azure—while maintaining strong consistency.
Azure Files NFS v4.1 is purpose-built to support a wide range of high-performance, enterprise, and cloud-native workloads. Customers use it for mission-critical workloads like SAP, ERP, and CRM systems; DevOps workflows including CI/CD, log sharing, and test environments; and scalable platforms such as VDI, web apps, and content management systems. It’s also a top choice for data-intensive workloads like AI/ML training, HPC, and big data analytics—where parallel access, low latency, and POSIX compliance are critical.
We’re excited to share a wave of new enhancements to Azure Files NFS, designed to further secure your NFS volumes and to provide RESTful access to your NFS data.
Secure your application with encryption in-transit for NFS volumes
Today, your data on Azure Files NFS volumes is encrypted at rest by default, using either Microsoft-managed keys or your own customer-managed keys. In addition, MACsec encryption secures traffic across Azure datacenters, and network-level protections such as service endpoint integration, private endpoints, and network security groups (NSGs) restrict access to trusted environments.
A common question is: what about traffic within the trusted VNet?
Azure Files NFS volumes now support in-transit encryption (public preview) via TLS, ensuring all traffic between clients and servers is fully encrypted. With this update, your NFS data is now encrypted end-to-end: at rest, in transit, and across the network.
You can simply turn on the “Secure Transfer Required” setting on your storage account to mandate “all” mounts to use encrypted communication. You can further centrally enforce this setting to be “always” set to true on “all” storage accounts across your organization using in-built Azure Policy and help your organization stay secure and compliant at all times.
To simplify setup, we've also introduced a mount helper package—available from the packages.microsoft.com. This package configures your Linux client to use stunnel, a utility that wraps NFS traffic in a secure TLS tunnel. Since NFS doesn’t natively support encryption, stunnel provides a seamless way to secure communication without modifying your applications or workflow.
With this enhancement, Azure Files NFS v4.1 offers the robust security modern enterprises require—without compromising performance or simplicity. Get started with in-transit encryption for your Azure FIles NFS volumes.
Scale your workload with RESTful access to data in your NFS volumes
NFS has long been the protocol of choice for stateful, POSIX-compliant workloads like collaborative file sharing, application state management, and enterprise systems. But there are also scenarios—such as data migration, backup, disaster recovery (DR), and large-scale analytics—where stateless access and massive parallelism matter more than maintaining client-side state.
To support these use cases, we're introducing general availability of REST protocol access for Azure Files NFS volumes—enabling secure, scalable, HTTPS-based access to the same data previously available only via NFS.
By combining NFS’s rich POSIX semantics with REST’s accessibility and parallelism, Azure Files bridges the gap between traditional file systems and the modern cloud, enabling powerful new use cases across industries.
Now, you can use either NFS or REST to access the same Azure Files volume—choosing the protocol that best matches your workload. REST’s stateless, scalable design is ideal for parallel processing, automation, and secure internet access using OAuth 2.0 and RBAC—without requiring VPNs or ExpressRoute.
When REST makes sense:
- You need to migrate data at scale or run massively parallel operations
- You’re building automated pipelines that don’t require a persistent mount
- You want simple, secure internet-based access from on-prem or third-party services outside your VNet boundaries
These REST APIs are designed to preserve POSIX-style properties like permissions and ownership - and even support creating symbolic links and hard links - so you can stay secure and compatible without sacrificing flexibility.
Azure Files has always supported REST APIs for volume management via Azure Resource Manager. With this new capability, the REST APIs now extend to the data plane -bringing true protocol flexibility to your cloud-native storage solution.
Learn more
Ready to migrate your Linux workloads?
Try Azure Files NFS v4.1 today and explore our documentation for best practices. Whether you're running applications on Azure VMs, Kubernetes, Functions, or App Services, Azure Files provides a powerful, secure, and flexible storage choice.
From stateful workloads that demand POSIX compliance to high-throughput, stateless operations powered by REST, Azure Files supports the full spectrum of modern Linux workloads. With end-to-end encryption, simplified client setup, and seamless protocol interoperability, you can modernize your infrastructure without sacrificing performance, security, or manageability.
Empower your next big move—your workloads are secure, scalable, and ready for what’s next.
Please reach out to the team at AzureFiles@microsoft.com for any questions.
Microsoft