SOLVED

Azure Files and ABE (access based enumeration)

Iron Contributor

Hi,

 

Does Azure Files shares support Access Based Enumeration? It seems it does not. If I was to use Azure Sync and front end with a Windows Server can I use ABE on the file share? This is a deal breaker as we use ABE on our shared folder.

 

Thanks

7 Replies
best response confirmed by Aragorn (Iron Contributor)
Solution

Hi @Aragorn ,

 

As far as I know, ABE is a feature of DFS-N.

 

If you want to, you can integrate Azure File shares into your existing DFS Namespace (that has ABE turned on), this is supported, but Azure Files are not providing DFS-N capabilities. Please note, that DFS-R is not supported with Azure Files.

 

You will need to first enable identity-based authentication in Azure Files using this guide.

@David Pazdera Thanks will try this out.

@Aragorn did you ever get this to work?
Just trailing Azure File Shares atm and noticed ABE is not working like it does with our Windows File Shares.
Thanks
Would like to know, if this already works to everyone? I have tried this, added the File Share to DFS-N and it was pushed down, but the folders who I doont have access with is still showing, am I missing something?
Hi Champ, I raised a ticket with MS Support about this and ABE Is currently not supported with Azure File Shares, even when using your own DFS-N. It is apparently on their roadmap, but not eta.
Too bad! This is a good features to have, minus points for Azure File Shares! Thanks for your update @unitism. No ETA means still long way to go :(

@unitism I was able to solve this by using Azure File Sync with Cloud Tiering. This way users still connect to my file share presented on the server which serves as an endpoint but the files are tiered on Azure Files. I also domain joined the storage account so I can enforce ACLs directly on the AZ file share. I tested ABE and can confirm it works when accessing via the server endpoint share even when tiered to the cloud.

 

Introduction to Azure File Sync | Microsoft Docs

1 best response

Accepted Solutions
best response confirmed by Aragorn (Iron Contributor)
Solution

Hi @Aragorn ,

 

As far as I know, ABE is a feature of DFS-N.

 

If you want to, you can integrate Azure File shares into your existing DFS Namespace (that has ABE turned on), this is supported, but Azure Files are not providing DFS-N capabilities. Please note, that DFS-R is not supported with Azure Files.

 

You will need to first enable identity-based authentication in Azure Files using this guide.

View solution in original post