Forum Discussion
Lift and Shift with NTFS permissions
Hi JWJ ,
The azcopy tool (v10.6.0+) now preserves ACLs' (https://github.com/Azure/azure-storage-azcopy/releases/tag/v10.6.0) and you can use it for files, not just blobs. Of course, you could use other tools like robocopy.
Azure Files Sync preserves ACLs too, check this guide.
It is a known problem that some ISPs are blocking TCP/445 port. This practice originates from security guidance about legacy and deprecated versions of the SMB protocol. Although SMB 3.0 is an internet-safe protocol (and Azure Files are only using this version), older versions of SMB, especially SMB 1.0 are not.
It is correct that building a hybrid connectivity between Azure and your network (Express Route or S2S VPN) and enabling Private Endpoints for Azure Files can mitigate this problem.
There is also a general guidance in Azure Docs on how to preserve ACLs when importing data to Azure file shares.
Hope this helps.
pazdedav Thanks it does clarify a few things. I've gone through some of the links you posted before.
Azure File Sync does not look like what we need. What we are trying to do is move chucks of data (files and documents) to Azure, set the share permission to read only and maintain the existing NTFS permissions. We would map that data stored and shared from Azure for end users.
based on the articles and what you've said, once I get past the mapping of the file share, I can use Robocopy or azcopy to move my files over and it will maintain the permissions.