As organizations accelerate their cloud-first journeys, the ability to deliver secure, seamless identity and access management for storage in the cloud is now a game-changer. We are excited to announce the Public Preview of Entra-only identities support with Azure Files SMB. With native Entra ID (identities are created and managed entirely in the cloud, with no reliance on on-premises Active Directory or hybrid setups) authentication for Azure Files SMB, customers can move beyond the limitations of on-premises Active Directory and hybrid sync tools—enabling cloud-created identities to access file shares securely, from anywhere. This unlocks a new era of agility: organizations can modernize their storage, compute, and identity infrastructure entirely in Azure, reducing operational complexity, strengthening security with Zero Trust alignment, and cutting costs tied to legacy infrastructure. The result? Faster onboarding, simplified management, and a future-ready foundation for workloads.
Key benefits include:
- Enhancing Secure Access with Admin Roles: Until now, admin scenarios for SMB shares required mounting with storage account keys. Azure Files now supports new Role-Based access (RBAC) permissions specifically addressing scenarios for admin-level access in a simple and secure fashion. More information here.
- Modern Identity Management Experience: Centralized identity management in Azure empowers organizations to set granular file/directory permissions directly through the Azure portal, which previously required a share mount, now delivering a unified and streamlined configuration experience.
- Reduced Operational Overhead: No need for VPN dependencies or complex hybrid identity setups. IT teams save time and resources previously spent on managing Group Policy Objects (GPOs), replication issues, and Active Directory health checks.
- No Dependency on On-Premises infrastructure: Organizations ready to retire their domain controllers can now seamlessly access Azure Files using cloud-based identities, eliminating the need for on-premises identity infrastructure.
- Remote Login support with thin clients: Remote workers using thin clients only need internet connectivity—no network connectivity to Active Directory servers
Modernizing real world architectures
Virtual Desktop Workloads (VDI) Work Best with Azure Files and Entra-Only Identities
Azure Files is the foundational storage layer for VDI solutions including AVD, enabling scalable, secure, and fully managed file shares that power user profile persistence, application delivery, and session state continuity. Through native integration with FSLogix, Azure Files supports roaming profiles across multi-session Windows 10/11 desktops, ensuring a consistent user experience regardless of host pool or region.
Support for Microsoft Entra ID, specifically Entra Kerberos with a cloud only identity is tailor-made for VDI and AVD workloads as it enables Entra-joined session hosts to authenticate and access file shares, eliminating traditional Active Directory infrastructure. This is especially critical for organizations pursuing a cloud-only strategy, as it eliminates the need for domain controllers while maintaining enterprise-grade access control and encryption.
“Entra-only identities access with Azure Files will transform how we deliver virtual desktop solutions. By removing the need for on-premises domain controllers, we’ve simplified deployments and strengthened security for our customers. This cloud-native approach aligns perfectly with Zero Trust principles, enabling us to provide a seamless, secure VDI experience while reducing operational complexity.” — Jacques Theron, Cloud Solutions Architect, Netsurit
Entra Only identities allow access over thin clients for remote-site collaboration
Workloads such as Oil & Gas use file shares for reservoir characterization and visualization, which generate high-scale datasets. These activities are usually operated globally in remote fields, offshore rigs, and exploration sites. Traditionally, this means requiring thick clients with uninterrupted network connectivity to a domain controller to access storage resources in the cloud. This results in adding on-premises domain controller infrastructure at every physical site. With Azure Files supporting authentication for native Entra users, clients no longer require domain-joining or network connectivity to domain controllers, avoiding complex infrastructure setups, VPN or thick-client access. This shift supports real-time collaboration, decentralized control, and mobility—allowing engineers and analysts to use Entra-joined thin clients with basic internet connectivity for remote file-sharing collaboration and analysis. The result is improved agility, lower IT costs, and a future-ready identity architecture that aligns with the industry's digital transformation goals.
“Entra-only identities support with Azure Files transforms SLB’s Petrel workflows by removing dependencies on on-premises domain controllers, simplifying identity management and storage infrastructure for globally distributed teams working on complex exploration and reservoir characterization. This cloud-native architecture allows customers to access SMB shares in an easy and secure manner without complex VPN or hybrid infrastructure setups.” – Swapnil Daga, Storage Architect for Tenant Infrastructure, SLB.
Entra-Only Identities transforms Information Worker productivity
For organizations with large, distributed workforce, Entra only identities with Azure Files removes the heavy lift of on-premises domain controllers while giving employees seamless, secure access to shared content over SMB. With Entra handling authentication end-to-end, users sign in once and get consistent access to project folders and departmental shares regardless of in-office or remote work. This cloud native model reduces helpdesk friction from password resets and domain join issues and accelerates onboarding—new hires and contractors get the right file access the moment they are added to Entra groups. For IW workloads like document collaboration, reporting, and app-assisted tasks means faster time to productivity, fewer access breaks, and policy driven governance that travels with the user, not the network.
Get Started with MS Entra Kerberos with Entra Only identities
Start leveraging the Entra only Identities identity experience with Azure Files today at no added cost! Explore our documentation for step-by-step guidance. Whether you are provisioning new storage or enhancing existing deployments, this feature empowers you to modernize your storage and identity infrastructure, with a simple and efficient configuration experience. Make your workload ready for the future!
For any questions, please reach out to the team at azurefiles@microsoft.com.
Microsoft