question

stavrosmitchell-6182 avatar image
0 Votes"
stavrosmitchell-6182 asked SteveParankewich answered

Dealing with File shares and Intune/AAD joined computers


Hey everyone

I have a client of around 100 - 150 users. There production file share has moved to Sharepoint, but i have around 4tb of data which they use for reference quiet often. With share permissions currently on a file server.

We are currently moving computers off the domain and enrolling them into AAD. We started a few intune policies which are working perfectly.

The goal is if possible can i create a storage account in azure for the 4tb of data. Of course there will be multiple containers with different access keys. and have intune configure the map drive to the pc's. so the user never gets the access keys this way i kinda control the permissions.

Also would you guys know a way to use rbac rules in case they get hold of the access keys on the containers in the storage.



thanks for all the help and if you have other suggestions i am opened to it

mem-intune-generalmem-intune-device-configurationsazure-files
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

deherman-MSFT avatar image
0 Votes"
deherman-MSFT answered Jason-MSFT commented

@stavrosmitchell-6182

For Azure Files you can authenticate with Azure AD DS. You can assign access permissions to the identities. As recommended in our docs I recommend reading through our planning guide. I am unfamiliar with intune, but you can refer to our documentation on mounting with Windows which might be helpful.

Hope this helps. Let me know if you have any specific questions or issues and I will be happy to help.



Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

· 7
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hey thanks i thought i saw somewhere you can only authenticate on a vm which is on the AADDS domain. A desktop which is connected to azure ad cannot authenticate even if AADDS is active. Am i wrong?

0 Votes 0 ·

@stavrosmitchell-6182
You are correct, for more details please refer to the How it works page. For Azure AD DS authentication, you should enable Azure AD Domain Services and domain join the VMs you plan to access file data from. Your domain-joined VM must reside in the same virtual network (VNET) as your Azure AD DS.

0 Votes 0 ·

So if your device (not a VM) is Azure Active Directory joined, is there no way to use identity based authentication against an Azure File Share currently?

We currently have a Hybrid AD setup and users VPN to the office where the on premise AD resides, then can access the File Share. We want to go to full Azure AD, but it sounds like our users would then lose access to the File Shares with no workaround. Is that correct.

1 Vote 1 ·
Show more comments
Crystal-MSFT avatar image
0 Votes"
Crystal-MSFT answered

@stavrosmitchell-6182 From Intune side, to configure drive mapping via Intune, we can use script to do this. Here are some links for the reference:
https://techblog.ptschumi.ch/microsoft-365/intune-endpoint-manager/intune-logon-script-and-drive-mapping-how-to/
https://www.2azure.nl/2019/09/07/create-a-drive-mapping-using-intune-on-azure-ad-joined-devices-manual/
Note:on-microsoft link, just for the reference.

Hope it can help.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SteveParankewich avatar image
0 Votes"
SteveParankewich answered

Any update to this? I have a customer with 4 million files I have copied up to Azure Files but I require Identity Based Auth and we are moving everything to Azure AD Joined machines as per Microsoft's huge push and the benefits of Azure AD Only. Users access the data via Windows Explorer and the sync client for One Drive has a 300,000 limit. The data is best access from a share.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.