Security has always been a big focus point for Microsoft. Lately, the tech giant made a lot of changes to its cloud computing platform.
Azure Files is getting new security features
The first of these new security features is Azure Active Directory Domain Service (Azure AD DS) that has authentication support for Server Message Block (SMB) access.
Here’s how Microsoft describes Azure AD DS on their blog:
By integrating Azure AD DS, you can mount your Azure file share over SMB using Azure Active Directory (Azure AD) credentials from Azure AD DS domain joined Windows virtual machines (VMs) with NTFS access control lists (ACLs) enforced.
New changes brought to general availability
The next feature was first showcased at Ignite 2018, but back then it needed a command line tool named “icacls” that wasn’t easily discoverable or consistent with user behaviour.
Now, viewing or modifying the permissions on a file or folder with Windows File Explorer has been massively improved. Once again, permission assignments for Azure Files is available and easier than ever.
Finally, to simplify share level access management, three new built-in role-based access controls were added. The built-in controls are Storage File Data SMB Share Elevated Contributor, Contributor, and Reader.
You’ll no longer have to create custom roles because you can use the built-in ones to grant share-level permissions for SMB access to Azure Files.
And that’s not all, because the Azure team is already working on some new things:
Supporting authentication with Azure Active Directory Domain Services is most useful for application lift and shift scenarios, but Azure Files can help with moving all on-premises file shares, regardless of whether they are providing storage for an application or for end users. Our team is working to extend authentication support to Windows Server Active Directory hosted on-premises or in the cloud.
So keep an eye out for new features and services in the future.