![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 79%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
Azure Files
An Azure service that offers file shares in the cloud.
1,170 questions
@EelcovD Welcome to Microsoft Q&A Forum, Thank you for posting your query here!
Firstly, Let me explain why I recommended Azure File Share in your scenario , Azure file share is “Fully managed file shares in the cloud that are accessible via Server Message Block (SMB) and NFS protocol (also known as Common Internet File System or CIFS). Azure File shares can be mounted concurrently by cloud or on-premises deployments of Windows, Linux, and macOS.” Azure file shares can also be cached on Windows Servers with Azure File Sync for fast access near where the data is being used.
- There is No problem using Azure file Share with IIS (IIS Shared Configuration allows system administrators to use multiple IIS servers sharing the same configuration file. If you want to keep this configuration file in an Azure file share) How to use Azure file share in IIS Shared Configuration?
- I would recommended to use Azure Active Directory for Security purpose(Authentication ) Azure Files supports identity-based authentication and access control. You can choose one of two ways to use identity-based access control: on-premises Active Directory Domain Services or Azure Active Directory Domain Services (Azure AD DS). On-premises Active Directory Domain Services (AD DS) supports authentication using AD DS domain-joined machines, either on-premises or in Azure, to access Azure file shares over SMB. Azure AD DS authentication over SMB for Azure Files enables Azure AD DS domain-joined Windows VMs to access shares, directories, and files using Azure AD credentials. For more details, see Overview of Azure Files identity-based authentication support for SMB access.
Azure Files offers two additional ways to manage access control:
You can use shared access signatures (SAS) to generate tokens that have specific permissions, and which are valid for a specified time interval. For example, you can generate a token with read-only access to a specific file that has a 10-minute expiry. Anyone who possesses the token while the token is valid has read-only access to that file for those 10 minutes. Shared access signature keys are supported only via the REST API or in client libraries. You must mount the Azure file share over SMB by using the storage account keys.
Azure File Sync preserves and replicates all discretionary ACLs, or DACLs, (whether Active Directory-based or local) to all server endpoints that it syncs to.
You can refer to Authorizing access to Azure Storage for a comprehensive representation of all protocols supported on Azure Storage services.
It won't involve to your URL. A shared access signature (SAS) is a URI that allows you to specify the time span and permissions allowed for access to a storage resource such as a blob or container. The time span and permissions can be derived from a stored access policy or specified in the URI.
The SAS token is a string that y ou generate on the client side, for example by using one of the Azure Storage client libraries. The SAS token is not tracked by Azure Storage in any way. You can create an unlimited number of SAS tokens on the client side. After you create a SAS, you can distribute it to client applications that require access to resources in your storage account.
Client applications provide the SAS URI to Azure Storage as part of a request. Then, the service checks the SAS parameters and the signature to verify that it is valid. If the service verifies that the signature is valid, then the request is authorized. Otherwise, the request is declined with error code 403 (Forbidden).
Here's an example of a service SAS URI, showing the resource URI and the SAS token. Because the SAS token comprises the URI query string, the resource URI must be followed first by a question mark, and then by the SAS token:
Service SAS support for directory scoped access
3. You can Manage the Azure Storage Tiers ( Hot, Cool) You can switch between different tiers for all files in the share. Different charges apply to each tier. Switching tiers causes transactions. Learn More
Hot: Hot file shares offer storage optimized for general purpose file sharing scenarios such as team shares. Hot file shares are offered on the standard storage hardware backed by HDDs.
Cool: Cool file shares offer cost-efficient storage optimized for online archive storage scenarios. Cool file shares are offered on the standard storage hardware backed by HDDs.
Once you've created a file share in a storage account, you cannot move it to tiers exclusive to different storage account kinds. For example, to move a transaction optimized file share to the premium tier, you must create a new file share in a FileStorage storage account and copy the data from your original share to a new file share in the FileStorage account. We recommend using AzCopy to copy data between Azure file shares, but you may also use tools like robocopy on Windows or rsync for macOS and Linux.
File shares deployed within GPv2 storage accounts can be moved between the standard tiers (transaction optimized, hot, and cool) without creating a new storage account and migrating data, but you will incur transaction costs when you change your tier. When you move a share from a hotter tier to a cooler tier, you will incur the cooler tier's write transaction charge for each file in the share. Moving a file share from a cooler tier to a hotter tier will incur the cool tier's read transaction charge for each file in the share.
See Understanding Azure Files billing for more information.
- Please look at the Azure Files Pricing page for various cost components, which typically includes – Storage, Transactions (RW), Bandwidth (BW), any other related services like Azure File Sync/Azure Backup (optional).
Standard and Premium tiers have different pricing model.
Standard is Used storage + Transactions
Premium is provisioned storage + no transactions.
BW cost always apply.
Transactions/BW cost varies based on the workload patterns. For example, for a low end general purpose file server with 5-10% churn, we have seen that transactions typically cost < 5-10% of bill. For a high transaction, low latency, consistent performance workload, performance tier might work better e.g. Databases. For a low transaction workload that need reliable performance, standard tier will be suffice e.g. general purpose file servers.
- Storage capacity is billed in units of the average daily amount of data stored, in gigabytes (GB), over a monthly period. For example, if you consistently used 10 GB of storage for the first half of the month and none for the second half of the month, you would be billed for your average usage of 5 GB of storage. However, using the Cool (GPv2 accounts only) or Archive tier for less than 30 and 180 days respectively will incur an additional charge.
Data storage prices and you can also calculate using Azure Pricing calculator
If you still find any difficulties in Pricing, I would recommended to contact billing support who can provide you the detailed information based on your region and your scenario. https://azure.microsoft.com/en-in/support/options/. Billing and Subscription team would be the best to provide more insight and guidance Free support has been provided.
Hope this helps!
Kindly let us know if the above helps or you need further assistance on this issue.
-----------------------------------------------------------------------------------------------------------------------
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.