locked
Azure File Share / AD Authentication RRS feed

  • Question

  • We have a scenario where we have a number of employees needing to work from home, we want to be able to let them map a Azure file share on there home PC but before they do that make them authenticate using their O365 credentials. We have a hybrid on prem/Azure AD set up currently.
    Tuesday, November 20, 2018 8:30 AM

All replies

  • Tuesday, November 20, 2018 11:32 AM
  • Hi rikkilee1,

    Here is a how-to to test this out or try it out.

    https://docs.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-enable

    the functionality basically means you have a custom RBAC role that has to be built, that can be set to read write etc, that must be assigned to all the users. (better to have them in a group)

    This functionality doesn't mean that when the user automatically signs in, that the share will be available to them, they would have to still use the net use cmd, But they won't need the storage account key anymore, its a simpler net use cmd.

    net use <desired-drive-letter>: \\<storage-account-name>.file.core.windows.net\<share-name>

    Running the icacls <mounted-drive-letter> /grant <user-email>:(f) cmd for all the users will also be a hurdle, depending on the number of users.

    Also opening up port 445 from their home network.

    Hope this helps, Thanks.



    • Edited by F1317 Tuesday, November 20, 2018 4:04 PM
    Tuesday, November 20, 2018 4:04 PM
  • A minor comment - you don't necessarily need to grant full permissions to the share - you can assign more granular permissions on the folder and file level as well.

    At this point, however, you cannot perform this task via File Explorer but you have to use command line instead (icacls)

    hth
    Marcin

    Tuesday, November 20, 2018 5:18 PM