Azure Files Entra-Only identities: Advancing cloud-native identity and security

2 weeks ago 14

We are excited to denote the wide availability (GA) of Entra-Only identities for Azure Files SMB. With autochthonal Microsoft Entra ID authentication, organizations tin present assistance secure, identity-based entree to SMB record shares utilizing cloud-native-only identities.

We are excited to denote the general availability (GA) of Entra-Only identities for Azure Files SMB. With native Microsoft Entra ID authentication, organizations tin present assistance secure, identity-based entree to SMB record shares utilizing cloud-only identities.

This means nary Active Directory, hybrid sync, oregon managed domain controllers required, importantly simplifying architecture portion reducing ongoing absorption and attraction costs. Entra-Only identities elevate Azure Files with a highly integrated, modern individuality experience—delivering a leading, best-in-class standard for secure, seamless and broad unreality autochthonal access.

As customers look to migrate to Azure Files, reliance connected on-premises Active Directory authentication has been seen arsenic a cardinal blocker to a implicit cloud-native experience. Entra-Only identities enactment for Azure Files SMB removes that blocker, enabling organizations to authenticate users and devices straight done Microsoft Entra ID, helping modernize storage, compute and identity, portion aligning with Zero-Trust principles.

Entra-Only identities alteration seamless virtual desktop infrastructure (VDI) illustration absorption connected Azure Files portion gathering modern information standards. In Azure Virtual Desktop (AVD), built-in B2B support extends this further, allowing outer partners to use their existing identities with FSLogix profiles, without creating duplicate accounts.

For general-purpose scenarios, this unlocks migration of on-prem Windows-based workloads to a afloat cloud-native platform, retaining autochthonal SMB compatibility portion delivering a highly integrated identity, security, and absorption experience. Users tin securely entree files from anyplace without domain setup, VPNs, oregon analyzable networking requirements. Together, these capabilities assistance organizations trim operational complexity portion strengthening their information posture.

Why take Entra-Only identities with Azure Files

  • Modern, cloud-native individuality with simplified operations. Access to Azure Files is secured utilizing autochthonal Entra ID authentication with client-side Intune integration, eliminating overhead of individuality lifecycle attraction and compliance, VPNs, and hybrid sync—simplifying deployment, reducing attraction overhead, and streamlining management.
  • Co-existence with hybrid identities setup. Organizations with a premix of hybrid and cloud-native identities tin usage this diagnostic concurrently portion successful the travel to discontinue progressive directory.
  • Secure entree from anywhere. Users tin entree record shares via Entra-joined clients, enabling seamless distant enactment without duplicating identities.
  • Extended enactment to MacOS clients (limited preview). Secure record stock entree is extended to modern MacOS clients, Entra-joined via Platform SSO, enabling originative and cross-platform workloads to integrate with Azure Files utilizing Entra-based identity.

What’s caller with Entra-Only identities

  • Portal-based NTFS permissions management: Granular record and directory ACLs for Entra-Only (and hybrid) users and groups can beryllium configured straight from the Azure portal, eliminating the request for domain-joined clients oregon bequest tools. This is present disposable for each users crossed each regions.
  • Expanded RBAC enactment for unafraid authorization: Adding share-level RBAC for circumstantial users and groups is present disposable for Entra lone users and groups successful constricted regions. For determination availability, delight cheque here.

How Entra-Only identities enactment with Azure Files

Diagram comparing hybrid and Entra-only individuality authentication models for Azure Files SMB access.

This diagnostic modernizes SMB authentication by making Microsoft Entra ID the superior Kerberos Key Distribution Center (KDC). Clients authenticate straight with Microsoft Entra ID to get Kerberos tickets for unreality identities, eliminating the request for Active Directory oregon Entra Connect sync. While the SMB protocol remains unchanged for compatibility, summons issuance and individuality validation are wholly handled by Entra.

How it works:

  1. When accessing the record share, the lawsuit requests a Kerberos summons from Entra ID for Azure Files.
  1. This ticket, containing cloud-based information identifiers (SIDs), is presented during the SMB league setup.
  1. Azure Files validates the summons and establishes the session—enabling secure, identity-based access. Authorization continues to usage NTFS ACLs, present extended to Entra-Only users and groups. Permissions tin beryllium managed straight successful the Azure portal, removing reliance connected domain-joined clients oregon bequest tools.

Together, this preserves Kerberos information and standard portion shifting individuality power wholly to Entra, enabling a cleanable modulation to cloud-native record access.

Hero workloads modernized with Entra-Only identities

Re-imagining VDI deployments with Azure Files and Entra-Only identities

Entra-Only identities simplify and modernize VDI deployments with Azure Files by enabling a afloat cloud-native identity, compute and retention stack for idiosyncratic illustration management. In Azure Virtual Desktop (AVD), FSLogix illustration containers tin beryllium stored connected Azure Files Premium and accessed utilizing Microsoft Entra-based users via Kerberos, preserving secure, seamless SMB access.

Why this matters:

  • It removes dependencies connected hybrid individuality infrastructure.
  • It simplifies deployments.
  • It reduces operational overhead, particularly for distributed oregon distant workforces.

With Entra ID arsenic the authentication authority, users tin motion successful to their virtual desktops and entree profiles utilizing cloud-native identities, enabling end-to-end azygous sign-on without line-of-sight to on-premises systems.

By adopting Entra-Only individuality entree with Azure Files, WTW has been capable to present insurance applications to customers connected AVD utilizing their existing Entra identities. FSLogix illustration containers stored connected Azure File Shares guarantee users person a consistent illustration experience crossed immoderate AVD big they link to. This solution removes the dependency connected bequest domain controllers and record stock infrastructure, replacing it with a fully Entra-joined environment backed by AVD hosts and Azure File Shares—resulting successful a much secure, streamlined, and little complex architecture.

Gordon Griffin, Technical Director, Willis Tower Watson

B2B identities enactment further extends VDI scenarios by allowing outer users to entree desktops, loading their profiles securely utilizing existing identities. Together, this enables organizations to present a consistent, scalable, and unafraid VDI acquisition portion accelerating their modulation to a afloat cloud-native architecture.

Entra-Only identities with Azure Files people a large measurement guardant successful simplifying and securing modern desktop and exertion environments. By enabling Kerberos-based Entra idiosyncratic access, we tin present a genuinely cloud-native experience for our customers, with identity, compute and retention each successful Azure, portion maintaining seamless SMB compatibility. This importantly reduces deployment complexity and allows organizations to follow secure, scalable VDI and record entree solutions faster than ever before.

Chuck Mikuzis, Product Manager, Nerdio

Simplifying record sharing for the modern workforce

Entra-Only identities streamline general-purpose record sharing and accusation idiosyncratic (IW) collaboration. Access to shared folders is governed straight done Entra ID, enabling consistent, identity-driven entree crossed distributed teams without requiring domain-joined devices oregon web connectivity to on-premises infrastructure.

This simplifies onboarding and day-to-day operations—new users tin beryllium granted entree done Entra groups, and permissions are enforced consistently crossed locations. Combined with NTFS ACL portal support, organizations tin support acquainted file-level information portion modernizing their entree model.

The result:

  • Faster onboarding.
  • Reduced helpdesk overhead.
  • Seamless collaboration crossed geographies.

Seamless unreality autochthonal entree for distant and distributed vigor workforces

Entra-Only identities alteration lipid and state organizations to securely entree captious datasets from distant and tract locations without relying connected analyzable multi-domain/multi-forest Active directory configuration oregon hybrid infrastructure. Engineers and geoscientists moving crossed offshore rigs, exploration sites, and planetary offices tin authenticate straight with Entra ID and entree Azure Files, eliminating VPN dependencies and improving reliability successful low-connectivity environments.

This attack simplifies deployment and operations portion maintaining enterprise-grade information and compliance. Combined with enactment for bladed clients and distant access, teams tin collaborate successful real-time connected ample datasets without managing distributed infrastructure.

Continued investments successful Azure Files identity

Secure Entra-native exertion entree with Managed Identities (GA)

Managed Identities enactment brings Entra-native exertion entree to Azure Files, removing the request for shared keys oregon secrets. Applications, virtual machines, oregon Azure services usage Managed Identities with Entra-issued OAuth tokens establishing unafraid SMB sessions, reducing credential sprawl and simplifying access. This helps simplify DevOps workflows and enables scalable integration across Azure Kubernetes Service (AKS) and endeavor applications.

Bringing secure, cloud-native entree to MacOS workloads (limited preview)

Secure Azure Files enactment implicit MacOS clients allows originative plan teams and acquisition institutions to enactment seamlessly crossed operating strategy (OS) platforms with un-interrupted access. Designers, media professionals, and higher acquisition professionals tin authenticate straight with Entra ID and entree SMB record shares, aligning Mac workflows with the aforesaid enterprise-grade individuality utilized organization-wide.

What’s adjacent with Azure Files Entra-Only Identities

Native NTFS ACL editing experience

We are continuing to heighten the permissions absorption acquisition by bringing autochthonal enactment for editing NTFS ACLs straight done acquainted lawsuit workflows. This closes a cardinal spread betwixt unreality and accepted record server environments, enabling administrators and users to negociate fine-grained record and directory permissions utilizing the aforesaid tools and experiences they trust connected today.

Adding enactment successful sovereign unreality environments

We are moving to grow Entra-Only identities for Azure Files to sovereign unreality regions, enabling organizations successful highly regulated environments to follow cloud-native individuality for SMB workloads. This unlocks the aforesaid benefits of SMB Kerberos-based authentication, and centralized individuality management, portion gathering compliance and endeavor people regulatory requirements.

Get started with Entra-Only identities and different Azure Files investments

Entra-Only identities for Azure Files SMB is mostly disposable today, supported crossed HDD and SSD shares and each billing models, astatine nary further cost. Explore our documentation for step-by-step guidance. Make your workload acceptable for the future!

For questions connected enabling connected MacOS platforms, please registry here. For different questions, scope retired to [email protected].

Read Entire Article