Cloud  /  Azure

Microsoft Azure 26 guides · updated 2026

Practical guides to Azure compute, networking, storage, and data services — built for engineers running production workloads on Microsoft's cloud.

Azure Files: Managed SMB and NFS File Shares Accessible From Cloud and On-Premises

Azure Files delivers fully managed file shares that mount as network drives using SMB 3.x or NFS 4.1. Once mounted, the share looks like a local drive — applications that read and write files work without code changes. Microsoft manages the underlying storage hardware, redundancy, and availability. You pay per provisioned or consumed capacity depending on the tier.

The key differentiator from Blob Storage is the protocol: Blob uses HTTP/REST; Files uses SMB and NFS — protocols that applications, virtual machines, and on-premises clients already understand. The key differentiator from running your own file server is that Azure Files requires no server management, scales automatically, and integrates with Active Directory for identity-based access.


Real-World Scenario

A professional services firm runs SAP on Azure VMs and needs a shared UNC path for SAP transport directories. The existing on-premises NetApp appliance is expensive to maintain and requires VPN connectivity for overseas offices. Migrating to Azure Files provides the same \\server\sap-transport path via SMB, authenticated against Active Directory, with Premium SSD performance (< 1 ms latency) and ZRS redundancy — at roughly half the annual cost of the NetApp.


File Share Tiers

Tier | Backed By | Performance | Min Size | Use Case
--------------|-----------|-------------------|----------|---------------------------
Premium | SSD | Single-digit ms | 100 GiB | Databases, SAP, low-latency
Transaction | HDD | Low IOPS OK | N/A | General shares, home drives
Optimised | | | |
Hot | HDD | Moderate IOPS | N/A | Actively used shares
Cool | HDD | Lower cost | N/A | Archival, backups

Premium tier shares live in a FileStorage storage account (separate from GPv2 accounts used by Standard shares). They are provisioned — you pay for the provisioned size regardless of how much data is stored. Standard tiers bill on consumed capacity.


SMB and NFS Comparison

Protocol | OS Support | Auth | Encryption
---------|------------------------|--------------------|------------------
SMB 3.x | Windows, Linux, macOS | AD DS, Azure AD DS | In-transit (SMB 3.0)
NFS 4.1 | Linux only | VNet-only (no auth)| In-transit via VPN

NFS shares are only accessible from VNet-integrated environments (no public endpoint authentication). SMB shares support identity-based access through Active Directory Domain Services (AD DS) or Azure Active Directory Domain Services (Azure AD DS), enabling per-user permissions and Windows ACLs on files and directories.


Azure File Sync: The Hybrid Bridge

Azure File Sync extends Azure Files into on-premises servers. You install the File Sync agent on a Windows Server, register it with a Storage Sync Service, and define sync groups. Files sync bidirectionally between the on-premises server and the Azure file share.

Azure File Sync Architecture
------------------------------
Azure Files Share (cloud endpoint)
|
[Storage Sync Service]
|
Sync Group
/ | \
Server1 Server2 Server3 (registered endpoints)
Tokyo London New York (local caches)
Cloud Tiering: files not recently accessed are
tiered out of local disk to cloud. A stub remains
locally; opening the stub triggers transparent recall.

Cloud tiering is the killer feature: the on-premises server retains only frequently accessed files locally, while all files remain accessible (with a brief retrieval delay for cold files). A 10 TB share can live on a server with 1 TB of local disk — Azure holds the rest.


Identity-Based Access

Mounting a file share with just a storage account key gives all-or-nothing access. Identity-based access applies Windows ACLs per user and group:

  1. Join the storage account to AD DS (on-premises domain or Azure AD DS).
  2. Assign a share-level RBAC role (Storage File Data SMB Share Reader/Contributor/Elevated Contributor) to AD users or groups.
  3. Set directory and file-level NTFS ACLs using icacls or Windows Explorer.
Share-level RBAC + File-level NTFS ACLs
-----------------------------------------
RBAC: HR-Group -> Storage File Data SMB Share Contributor
(allows HR users to mount the share)
NTFS ACL on \\share\payroll:
HR-Managers: Read, Write
HR-Analysts: Read
Finance-Auditors: Read
IT-Admins: Full Control

This mirrors the familiar file server permission model without any on-premises server.


Mounting an Azure File Share

On Windows (PowerShell):

Terminal window
$storageAccount = "myfilesacct"
$shareName = "appdata"
$storageKey = "<account_key>"
$pass = ConvertTo-SecureString -String $storageKey -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential("AZURE\$storageAccount", $pass)
New-PSDrive -Name Z `
-PSProvider FileSystem `
-Root "\\$storageAccount.file.core.windows.net\$shareName" `
-Credential $cred `
-Persist

On Linux (bash):

Terminal window
sudo mkdir -p /mnt/appdata
sudo mount -t cifs \
//myfilesacct.file.core.windows.net/appdata /mnt/appdata \
-o "vers=3.0,username=myfilesacct,password=<key>,serverino"
# Make persistent (add to /etc/fstab)
echo "//myfilesacct.file.core.windows.net/appdata /mnt/appdata \
cifs vers=3.0,username=myfilesacct,password=<key>,serverino 0 0" \
| sudo tee -a /etc/fstab

Snapshots

Azure Files share snapshots capture the state of a file share at a point in time. They are incremental (only changed blocks are stored after the first snapshot) and read-only.

Share Snapshot Timeline
------------------------
Snap 1 (Mon 02:00) <- base snapshot, full
Snap 2 (Tue 02:00) <- incremental (Monday's changes)
Snap 3 (Wed 02:00) <- incremental (Tuesday's changes)
CURRENT <- live share
Restore file from Snap 2:
Browse to share snapshot -> copy file back to current share
or: az storage file copy start --source-share <snap-url>

For automated backup, Azure Backup for Azure Files integrates with File Sync and manages snapshot scheduling and retention without additional scripts.


Key Interview Points


Best Practices