none
Cloud Shared Folder Solution RRS feed

  • Question

  • Hello:

    I'm working on a solution to create Shared Folder in Azure Cloud. The requirements: physical computers on-premises should be able to mount it as Drive and authentication by AD is also required.

    We were looking at Azure File, but they do NOT support AD authentication from on-premises PCs.

    Is there anything else we can use?

    Of course, we can create new VM and set FTP on it, but ideally I'm hoping for more elegant solution (similar to Azure File).

    Is there anything else we can use?

    Any ideas? Suggestions?

    Thank you!

    Friday, April 19, 2019 5:32 PM

Answers

  • @olegarr Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused. 

    It’s available now. We are making it easier for customers to “lift and shift” applications to the cloud while maintaining the same security model used on-premises with the general availability of Azure Active Directory Domain Services (Azure AD DS) authentication for Azure Files. Better security with enhanced access control experience in Azure Files


    ------------------------------------------------------------------------------------------

    Do click on "Mark as Answer" and Upvote on the post that helps you, this can be beneficial to other community members

    Tuesday, August 13, 2019 5:12 AM
    Moderator

All replies

  • The only other option I'm aware of that would address your direct requirement is deploying Azure AD DS and joining your on-premises computers to Azure AD DS - but I'd not recommend it. 

    However, can you clarify first why exactly do you need a shared folder in Azure for on-premises computers?

    If you need your data to be reside in Azure, have you considered using Azure File Sync (which, incidentally, would provide a viable workaround to your requirement)

    hth
    Marcin


    Friday, April 19, 2019 7:53 PM
  • Marcin,

    Thank you for your input!

    We just have group of people that are working on the same project and they have to share files; that's why we want to create File Share solution.  They are all on-premises users and AD authentication is required.  Azure File would be great, if not AD limitation...

    I'll read more about Azure File Sync..

    Thank you!

    Monday, April 22, 2019 1:26 AM
  • @olegarr ,in addition to Marcin’s suggestion, Azure file share is best suited for your requirement. By using SMB, you can mount an Azure file share directly on Windows, Linux, or macOS, either on-premises or in cloud VMs, without writing any code or attaching any special drivers to the file system. You also can cache Azure file shares on on-premises file servers by using Azure File Sync for quick access, close to where the data is used.

    Kindly, let us know if you need any further assistance on this.

    Monday, April 22, 2019 12:44 PM
    Moderator
  • @YASWANTHM-MSF,

    Unfortunately, Azure file share does not support AD authentication for on-premises machines, otherwise we would use it already.

    Thank you! 

    Monday, April 22, 2019 1:11 PM
  • @olegarr, yes you are correct it won’t support on-premises AD authentication. But if you want to authenticate the AD users then you need to deploy Azure AD Domains service in Azure and join the on-premises computers to the ADDS. It is very complex solution. I would recommend you to refer the following article on Azure Active Directory authentication over SMB for Azure Files.

    Have you tried using Azure storage explorer? If not, suggest you try the Azure storage explorer for accessing the Azure file share from on-premises.

    Azure Storage Explorer is an tool which helps you to easily access the Azure storage account through any device on any platform(Windows, MacOS, or Linux). You can easily connect to your subscription and manipulate your tables, blobs, queues, and files.

    For more information, you can look at the article on Azure storage Explorer to help you understand how Azure Storage explorer works

    Kindly let us know if you need any further assistance on this.


    Tuesday, April 23, 2019 9:16 AM
    Moderator
  • @YASWANTHM-MSFT,

    Thank you very much for your help!  I really appreciate your help!

    Yes, i did try Azure Storage Explorer and like it, even it's not as convenient for users as mapped drive (adds one more layer of complexity). 

    Anyway, the stopping point right now is AD authentication.   And the article you mentioned clearly said "Azure AD authentication over SMB is not supported for on-premises machines accessing Azure Files"  :-(

    Do you think there is anything else we can use to provide shared storage?

    Thank you!

    Tuesday, April 23, 2019 2:15 PM
  • @olegarr,

    I am Program Manager from Azure Files team. Thanks a lot for your feedback. Currently, Azure Files AAD Authentication leverages AAD DS to support Azure Windows VMs. The existing scope doesn’t extend to on-premise environment nor AD. Azure Files team is actively working on a solution that better integrates with AD providing seamless support for on-premises access. Please stay tune for our upcoming releases on Azure Updates. In the interim, Azure Files Sync can be an intermediate solution. You can host a Windows file server either on-prem or on an Azure VM. Then you install Azure File Sync agent to sync all data to Azure Files. The file server acts as an endpoint that integrates with your existing AD for authentication and authorization. When Azure Files is ready to support access control experience with on-prem AD, you can simply remove the file server as the middle man and directly access Azure Files over SMB. Your data would already be stored on Azure Files migrated by Azure Files Sync. For more information on how Azure Files Sync works, please refer to this article.  

    Wednesday, May 1, 2019 8:14 AM
  • @SumanthMarigowda-MSFT,

    Thank you very much for your input!

    I promise, do not hold your word, but do you have rough ETA when Azure Files will be ready to support access control with on-prem AD?   Are we talking about weeks or months? 

    Thank you,

    Olegarr

    Friday, May 3, 2019 1:01 AM
  • @olegarr We currently do not have any ETA on this, It’s going to be updated soon, All Azure updates latest features are shared here

    If you wish to leave your feedback/UserVoice here. All the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure.

    Friday, May 3, 2019 6:14 PM
    Moderator
  • @SumanthMarigowda-MSFT,

    Do you have any updated info when Azure Files will be ready to support access control with on-prem AD?

    Thank you!

    Friday, June 7, 2019 5:56 PM
  • @olegarr We are currently working on this feature! Very soon will update you the status on this request.
    Wednesday, June 12, 2019 6:22 AM
    Moderator
  • @SumanthMarigowda-MSFT,

    Do you have any updates? 

    I wonder when Azure Files will be ready to support access control with on-prem AD.

    Thank you!

    Thursday, August 1, 2019 2:36 AM
  • @olegarr Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused. 

    It’s available now. We are making it easier for customers to “lift and shift” applications to the cloud while maintaining the same security model used on-premises with the general availability of Azure Active Directory Domain Services (Azure AD DS) authentication for Azure Files. Better security with enhanced access control experience in Azure Files


    ------------------------------------------------------------------------------------------

    Do click on "Mark as Answer" and Upvote on the post that helps you, this can be beneficial to other community members

    Tuesday, August 13, 2019 5:12 AM
    Moderator
  • @SumanthMarigowda-MSFT,

    Thanks a lot for your help!  I'll check it out soon. 

    Thanks again! 

    Friday, August 16, 2019 3:51 PM