Hello everyone! As promised in the first post about Azure File, today I will demonstrate how to create an Azure Files SMB share. However, first it is necessary to say that when we implement SMB shares with Azure, there are 2 basic scenarios. The first would be server to server and/or applications, in which case you can use standard admin account and access key. If you wanted to use your Active Directory domain identity with Azure Files, you will need to extend your domain to Azure (You can do this in 2 ways), that is, basically add the domain service in the Microsoft cloud, only in this one scenario you can integrate your storage account with identities, your users can each use their own domain account to use their file access privileges.
That said, let’s get down to the minimum requirements for using Azure Files on Windows machines (MacOS and Linux are also supported, but they’re not in the scope of this post).
Let’s get started!
Initially, to create an Azure Files you need to create a new Storage Account, because if you try to search Azure Files when creating a new resource, you will notice that nothing will be found.
Of course you can use an existing Storage Account, but for this post I will create a new storage account.
The important steps here is to create a resource group and the storage account itself, everything else you can customize according to your need or leave everything as default (If your don’t know how to create a Storage Account go to this post).
Hit ‘Review + Create’ and within 2 or 3 minutes you will have everything you need to create your Azure Files, Then click go to the resource. Once you have your new storage account open, hit the ‘File Share’ blade in the vertical menu on the left side.
Just for observation, at the top of the screen above it says that the Active Directory is not configured, i.e. in this scenario I could not use the identity service without first enabling the domain service in Azure.
Continuing with our configuration, hit ‘+ File Share’, type the name, put the amount of GiB needed then select the access tier needed. For this post I selected the cheapest for demonstration purposes, but you must select it according to your need (You can access here the Microsoft link explaining about each tier and pricing).
Now that the share has been created, navigate to the one we just created and you can see that there aren’t many options here. The main option is the ‘Connect’ option.
Hit the ‘Connect’ option and you will see that Azure will provide a script for Windows, Linux and MacOS.
Basically you will need to choose which operating system you will have the driver mapped, the driver letter (For Windows OS only) and which authentication method will be used.
To finish the only thing to do is run this PowerShell script on the machine where you want to have the driver mapped, with the only requirement being port 445 open for communication with Azure. In this script provided by azure, it already contains the account and password to access the resource, and at the time of execution of the script there is no need to elevate your PowerShell session.
The result I hope after executing the script will be the driver mapped as in the example below.
It is also possible to add the mapping manually, you just need to follow the following steps.
1 – On the machine you want to map the drive, open Windows Explorer and hit ‘This PC’, then right click on the white space and select Add network location, after that hit ‘Next’ twice and you will end up to a windows that you need to specify the address for the location you want to add.
2-Go back to Azure Files on Azure portal and hit ‘Properties’.
3- Copy URL without the HTTPS and paste on your Windows Explorer screen, but don’t forget to add the ‘\\’ and also change all others for back slash ‘\’. The result should be this:
4- Hit ‘Next’ and give a name for your network location, and hit ‘Next’ again.
5- Finally, it should ask for the user name and password to access the network location, so to grab that you need to go to Azure Portal again and grab it from your Azure Files Storage Account.
The credentials accessing format will be:
Now you will be able to put your files these will be automatically synced to the cloud or your on-premises environment (Depending on where you create the file).
I would also like to demonstrate the features of Azure Files snapshot and how the backup works, but this post is already too big, for this reason I will reserve these subjects for the next ones. If you have any questions, leave in the comments, see you soon!