You have Azure Active Directory tenant and want to provide users with access to shared files by using Azure Storage. The users will have different levels of access to various Azure file shares based on their user account or their group membership. How will you solve this?
Experience Level: Senior
Tags: Azure Active DirectoryAzure CloudAzure Storage
Answer
Azure Files supports identity-based authentication over Server Message Block (SMB) through on-premises Active Directory Domain Services (AD DS) and Azure Active Directory Domain Services (Azure AD DS).
Azure Files enforces authorization on user access to both the share and the directory/file levels. Share-level permission assignment can be performed on Azure Active Directory (Azure AD) users or groups managed through the Azure role-based access control (Azure RBAC) model. With RBAC, the credentials you use for file access should be available or synced to Azure AD. You can assign Azure built-in roles like Storage File Data SMB Share Reader to users or groups in Azure AD to grant read access to an Azure file share.
At the directory/file level, Azure Files supports preserving, inheriting, and enforcing Windows DACLs just like any Windows file servers. You can choose to keep Windows DACLs when copying data over SMB between your existing file share and your Azure file shares. Whether you plan to enforce authorization or not, you can use Azure file shares to back up ACLs along with your data.
Azure file shares enforce standard Windows file permissions at both the directory and file level, including the root directory. Configuration of directory or file-level permissions is supported over both SMB and REST. Mount the target file share from your VM and configure permissions using Windows File Explorer, Windows icacls, or the Set-ACL command.
Related Azure Cloud job interview questions
According to Microsoft Cloud Adoption Framework (CAF), what are the three specific terms related to Management phaze that can help improve conversations among business stakeholders?
Microsoft Cloud Adoption Framework (CAF) JuniorWhat are 6 key steps for establishing a management baseline according to Microsoft Cloud Adoption Framework (CAF)?
Microsoft Cloud Adoption Framework (CAF) JuniorWhat is management baseline according to Microsoft Cloud Adoption Framework (CAF)?
Microsoft Cloud Adoption Framework (CAF) JuniorWhat are the 5 disciplines of cloud governance according to Microsoft Cloud Adoption Framework (CAF)?
Microsoft Cloud Adoption Framework (CAF) JuniorIs Cloud Security Posture Management (CSPM) available for all Azure Subscriptions?
Microsoft Defender Junior