How to manage Azure Files
This guide provides detailed instructions on how to manage Azure Files, a fully managed cloud file share service that is accessible via the industry-standard Server Message Block (SMB) protocol and Network File System (NFS) protocol.
Prerequisites
- An Azure subscription. If you don't have one, create a free account before you begin.
- A storage account. For instructions on creating a storage account, see Create a storage account.
Creating an Azure File Share
You can create an Azure file share using the Azure portal, Azure CLI, or PowerShell.
Using the Azure Portal
- Navigate to your storage account in the Azure portal.
- In the left-hand menu, under "Data storage", select "File shares".
- Click "+ File share" to open the Create file share pane.
- Enter a name for your file share (e.g.,
myshare). Share names must be lowercase. - Select a tier (Transaction optimized, Hot, or Cool).
- Specify the quota for the share.
- Click "Create".
Using Azure CLI
az storage share create --name <share-name> --account-name <storage-account-name> --account-key <storage-account-key> --quota <quota-in-gb> --tier <transaction-optimized|hot|cool>Mounting an Azure File Share
Mounting a file share allows you to access it from your on-premises machines or Azure VMs.
Mounting with SMB (Windows, Linux, macOS)
To mount an Azure file share using SMB, you'll typically use the storage account name and access key, or a managed identity.
Note: For production scenarios, it is highly recommended to use Azure AD DS or Azure AD Kerberos authentication instead of account keys.
Windows
net use <drive-letter>: \\<storage-account-name>.file.core.windows.net\%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%2024%2024%22%3E%3Cpath%20d=%22M11.99%202C6.47%202%202%206.48%202%2012s4.47%2010%209.99%2010C17.52%2022%2022%2017.52%2022%2012S17.52%202%2011.99%202zM12%2020c-4.42%200-8-3.58-8-8s3.58-8%208-8%208%203.58%208%208-3.58%208-8%208zm-1-13h2v6h-2zm0%208h2v2h-2z%22%2F%3E%3C%2Fsvg%3E <storage-account-name>-<share-name> /user:<storage-account-name><storage-account-name> <storage-account-key>Linux
sudo mount -t cifs //<storage-account-name>.file.core.windows.net/%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%2024%2024%22%3E%3Cpath%20d=%22M11.99%202C6.47%202%202%206.48%202%2012s4.47%2010%209.99%2010C17.52%2022%2022%2017.52%2022%2012S17.52%202%2011.99%202zM12%2020c-4.42%200-8-3.58-8-8s3.58-8%208-8%208%203.58%208%208-3.58%208-8%208zm-1-13h2v6h-2zm0%208h2v2h-2z%22%2F%3E%3C%2Fsvg%3E <storage-account-name>-<share-name> /mnt/%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%2024%2024%22%3E%3Cpath%20d=%22M11.99%202C6.47%202%202%206.48%202%2012s4.47%2010%209.99%2010C17.52%2022%2022%2017.52%2022%2012S17.52%202%2011.99%202zM12%2020c-4.42%200-8-3.58-8-8s3.58-8%208-8%208%203.58%208%208-3.58%208-8%208zm-1-13h2v6h-2zm0%208h2v2h-2z%22%2F%3E%3C%2Fsvg%3E -o vers=3.0,username=<storage-account-name>,password=<storage-account-key>,dir_mode=0777,file_mode=0777,cache=looseMounting with NFS (Linux)
NFS v4.1 is supported for Azure File shares. This requires a premium storage account.
sudo mount -o sec=sys,vers=4.1,proto=tcp <storage-account-name>.file.core.windows.net:/<storage-account-name>/<share-name> /mnt/%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%2024%2024%22%3E%3Cpath%20d=%22M11.99%202C6.47%202%202%206.48%202%2012s4.47%2010%209.99%2010C17.52%2022%2022%2017.52%2022%2012S17.52%202%2011.99%202zM12%2020c-4.42%200-8-3.58-8-8s3.58-8%208-8%208%203.58%208%208-3.58%208-8%208zm-1-13h2v6h-2zm0%208h2v2h-2z%22%2F%3E%3C%2Fsvg%3EManaging Permissions
Azure Files supports different permission models:
- NTFS ACLs: For SMB shares, you can configure granular permissions using NTFS Access Control Lists (ACLs).
- POSIX ACLs: For NFS shares, POSIX ACLs are used.
- Azure RBAC: For managing access to the file share resource itself (e.g., create, delete shares).
Security Best Practice: Avoid using storage account keys directly for mounting in production environments. Consider using managed identities, Azure AD Kerberos, or service principals for more secure access.
Key Management Operations
| Operation | Description |
|---|---|
| Create Share | Provision a new Azure file share. |
| Delete Share | Remove an existing file share. |
| List Shares | View all file shares within a storage account. |
| Get Share Properties | Retrieve metadata and settings for a specific share. |
| Set Share Quota | Adjust the maximum size of a file share. |