Forum Discussion
Azure Files / Public Endpoint / Conditional Access Policies
Hi all, I'm working on setting up on-premises Active Directory Domain Services authentication over SMB for Azure file shares. The plan would be to have end users access Azure file shares using Windows File Explorer accessing the public endpoint of the storage account.
A couple of questions about how this works:
1. Would a user be able to open up Windows File Explorer on a PC and type in: \\storageaccountname.file.core.windows.net\file_share_name and some type of authentication window would appear and require the user to enter AD credentials and after successful authentication the file share data would show up?
2. Can you use Azure Conditional Access Policies to further secure an Azure file share with a public endpoint in addition to the the storage firewall when using the File Explorer app?
3. Is File Explorer even an app that can be governed by Azure Conditional Access Policies?
Any feedback on any of this would be much appreciated. Thanks.
1 Reply
- 1. Yes, you should be able to access the share using the link directly from run Command or explorer. If you are already logged on to the pc using your domain credential and you have access to the share it will not ask you to put password again.
2. When you are using AD Authentication, you have to control share permission via RBAC and folder/file access via NTFS permission. Manage the share share way you would have managed if it was hosted on a file server. You can't use SAS access policy in this case. However, you can still use access policy if you want to access the share via SAS key.
3. I think number 2 covers it.
