Go to ...

RSS Feed

Azure File Storage – Setup


I must admit that I am somewhat biased in writing about Microsoft Azure. I just love it,  including its flexibility and scalability, relatively gentle and simple learning curve and the stuff I can do with it. Azure File Storage is a good example: I set up  file storage in less than a minute that lets users mount it as a network share with one simple command. Then, use policies to fine-tune its access rights and you’re done. You’ll gain file storage on Azure, accessible to users around the globe (assuming your users are on Windows 8 or later with SMB 3.0 support). Windows 7 and Linux users can only use file storage in the same region (because they’re limited to SMB 2.1).

To set up Azure File Storage, sign into https://portal.azure.com. If you don’t have an existing Storage Account, create one. See this post for help: https://win10.guru/azure-storage-account-setup/. Select Storage accounts in the navigation pane at the left, and select whichever storage account you want to use for your new File Storage. Finally, select Files, as shown here:

Create a new File Share:

Name the share, and set a storage quota (= max size in GB):

Select the newly created share. Use the buttons at the top of the window to add folders and upload content:

Right click the share, then select Connect:

Select a default drive letter for this share for use on end users’ computers (#1), copy command (#2 for PowerShell, #3 for PS and Command Prompt), then execute it on client machines.

Notice that outbound TCP port 445 must be open on client machines. The resulting network share will be mapped, and each client has full Read-Write access to that share. Right click the share, then select Access policy. Click Add policy to change this as you like:

The share credentials are not saved using the command copied from Connect as shown above. After next logon they must be entered again. To allow user to automatically sign in to share at every logon, we have to add credentials to Windows Credential Manager. This can be done both in Explorer > Map network drive and command line. Let’s see the Explorer first.

On Azure portal, select Storage accounts on navigation pane. Select the storage account where your file storage is located, select Access keys:

On client machine, open Explorer > Map network drive. Enter share URL as follows:

\\StorageAccountName.file.core.windows.net\ShareName

Select Reconnect at sign-in, select Connect using different credentials, click Finish. Enter username AZURE\StorageAccountName, enter access Key1 or access Key2 value from Azure portal > Storage accounts > Storage account > Access keys as password:

(Click screenshot to expand.)

That’s it. The same using PowerShell or Command Prompt requires two commands. First, add generic credentials to Credential Manager with following command:

cmdkey /generic:\\StorageAccountName.file.core.windows.net /User:AZURE\StorageAccountName /Pass:AccessKey1_or_AccessKey2

Now enter following command to map share. In this example I map it as drive Z:

net use Z: \\StorageAccountName.file.core.windows.net /User:AZURE\StorageAccountName AccessKey1_or_AccessKey2

Please note that you should never give users the credentials to map Azure File Storage shares by themselves. Users can share or leak credentials allowing anyone to access the share. Only an admin should map an Azure File Storage share on client machines.

For you PowerShell enthusiast out there, I will post about creating and managing Azure File Storage in PS in the near future. Stay tuned!

Kari

Author: Kari Finn

A Windows Insider MVP, Kari started in computing in the mid 80’s writing code for VAX / VMS systems. Since then, he’s worked in a variety of IT positions. He specializes in Windows image capture, customization, repair and deployment as well as Hyper-V virtualization. Kari is a proud Team Member at number #1 Windows site TenForums.com.

Leave a Reply

This website stores some user agent data. These data are used to provide a more personalized experience and to track your whereabouts around our website in compliance with the European General Data Protection Regulation. If you decide to opt-out of any future tracking, a cookie will be set up in your browser to remember this choice for one year. I Agree, Deny
556