I was working with a client the other week and they had an RDS environment and wanted to connect to file shares in Azure. Previously I had set these up with AVD but the accounts connecting to the shares were syncronised from On-Premises AD via AAD Connect. With this method we could connect with the Storage Account access key and setup the permissions by enabling Active Directory authentication and configuring NTFS permissions.
Without Active Directory authentication there was no way to setup NTFS permissions.
In this instance we achieved this with Share-level permissions for all authenticated identities. By default the share level permission is set to None so no access is allowed to files & directories in Azure file share.
Connect to Azure Powershell and run:
$defaultPermission = “StorageFileDataSmbShareContributor” (or StorageFileDataSmbShareReader or StorageFileDataSmbShareElevatedContributor)
$account = Set-AzStorageAccount -ResourceGroupName “RGName” -AccountName “StorageAccountName” -DefaultSharePermission $defaultPermission
$account.AzureFilesIdentityBasedAuth
I had to wait around an hour to be able to connect to the file share as an Azure AD User.
