You may already know Azure Files service allowing you to use Azure as files ‘server’ and off course Azure AD to manage authentication to your Microsoft cloud services (Azure and/or Office 365).
Well, good news, you can use Azure AD to leverage authentication to access Azure Files; meaning you can set NTFS like permissions on Azure Files. Off course the existing storage account key process is still supported and available.
- First you need to enable Azure AD Domain Services – if you do not know Azure AD Domain Services you can take a look there https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-overview
- Enable Azure AD Authentication for your storage account using either PowerShell or Azure Cli
You will need to install the preview module for AzureRM.Storage for PowerShell
or the preview extension storage-preview for Azure Cli
Set-AzureRmStorageAccount –ResourceGroupName -Name -EnableAzureFilesAadIntegrationForSMB $true
Then you can set the NTFS permissions using iCacls or Set-Acl command after having mounted the Azure File share