New Azure Files features are more secure and easy to use

by Vlad Turiceanu
Vlad Turiceanu
Vlad Turiceanu
Passionate about technology, Windows, and everything that has a power button, he spent most of his time developing new skills and learning more about the tech world. Coming... read more
Affiliate Disclosure

Security has always been a big focus point for Microsoft. Lately, the tech giant made a lot of changes to its cloud computing platform.

Starting with Azure Security Center for IoT, getting through Azure Security Lab, and now focusing on Azure Files, security was the main goal.

Azure Files is getting new security features

azure files new security features
That’s why Microsoft just released a new set of security features to enhance the access control experience in Azure Files.

The first of these new security features is Azure Active Directory Domain Service (Azure AD DS) that has authentication support for Server Message Block (SMB) access.

Here’s how Microsoft describes Azure AD DS on their blog:

By integrating Azure AD DS, you can mount your Azure file share over SMB using Azure Active Directory (Azure AD) credentials from Azure AD DS domain joined Windows virtual machines (VMs) with NTFS access control lists (ACLs) enforced.

New changes brought to general availability

The next feature was first showcased at Ignite 2018, but back then it needed a command line tool named “icacls” that wasn’t easily discoverable or consistent with user behaviour.

Now, viewing or modifying the permissions on a file or folder with Windows File Explorer has been massively improved. Once again, permission assignments for Azure Files is available and easier than ever.

Finally, to simplify share level access management, three new built-in role-based access controls were added. The built-in controls are Storage File Data SMB Share Elevated Contributor, Contributor, and Reader.

You’ll no longer have to create custom roles because you can use the built-in ones to grant share-level permissions for SMB access to Azure Files.

And that’s not all, because the Azure team is already working on some new things:

Supporting authentication with Azure Active Directory Domain Services is most useful for application lift and shift scenarios, but Azure Files can help with moving all on-premises file shares, regardless of whether they are providing storage for an application or for end users. Our team is working to extend authentication support to Windows Server Active Directory hosted on-premises or in the cloud.

So keep an eye out for new features and services in the future.

This article covers:Topics: