question

Piet-6782 avatar image
0 Votes"
Piet-6782 asked Sumarigo-MSFT commented

Azure file share ACL monitoring

Hi all

We have set up an Azure file share on a storage account to replace an on-premise file server. The storage account is configured to be accessible only through an private endpoint. Next to that, we want to receive an alert or to be able to monitor the ACL settings on this file share. Do somebody knows how to do that?

Kind regards

azure-storage-accounts
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Sumarigo-MSFT avatar image
0 Votes"
Sumarigo-MSFT answered

Storage account needs to be joined to on-prem AD or Azure AD for controlling ACL's/NTFS firstly. ACL settings can be monitored or modified by checking on the file share properties(from private endpoint only file share can be accessible. on that the file share properties can be viewed, edited or modified.)

Better security with enhanced access control experience in Azure Files

Monitoring Azure Files

Note:

  1. Azure File Sync preserves and replicates all discretionary ACLs, or DACLs, (whether Active Directory-based or local) to all server endpoints that it syncs to.

  2. You can enable Azure AD DS or on-premises AD DS authentication on a file share managed by Azure File Sync. Changes to the directory/file NTFS ACLs on local file servers will be tiered to Azure Files and vice-versa.

129847-image.png

Learn how to configure Windows ACLs permissions for on-premises

Please let us know if you have any further queries. I’m happy to assist you further.


Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.



image.png (33.6 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Piet-6782 avatar image
0 Votes"
Piet-6782 answered Sumarigo-MSFT commented

@Sumarigo-MSFT , thank you for your answer.

Our storage account is joined to the Azure AD and we have Azure AD sync active between Azure and our on-premise AD.

If I understand your explanation correctly, I can monitor the ACL assignments through the fileshare properties itself? I suppose you mean to take the NTFS and Share permissions in explorer?

Kind regards

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Piet-6782 You can use Azure Monitor : https://docs.microsoft.com/en-us/azure/storage/files/storage-files-monitoring?tabs=azure-portal in this scenario.



Please do not forget to "135104-image.png” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.


0 Votes 0 ·
image.png (3.1 KiB)