You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/storage/files/files-managed-identities.md
+9-9Lines changed: 9 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,24 +1,24 @@
1
1
---
2
-
title: Use Managed Identities with Azure Files (Preview)
3
-
description: Learn how to authenticate managed identities to allow applications and VMs to access SMB Azure file shares by using identity-based authentication with Entra ID.
2
+
title: Use Managed Identities with Azure Files
3
+
description: Learn how to authenticate managed identities to allow applications and VMs to access SMB Azure file shares by using identity-based authentication with Microsoft Entra ID.
4
4
author: khdownie
5
5
ms.service: azure-file-storage
6
6
ms.topic: how-to
7
-
ms.date: 03/27/2026
7
+
ms.date: 04/20/2026
8
8
ms.author: kendownie
9
9
ms.custom:
10
10
- devx-track-azurepowershell
11
11
zone_pivot_groups: azure-files-windows-linux
12
12
# Customer intent: As a cloud administrator, I want to improve security by authenticating managed identities to allow applications and virtual machines to access SMB Azure file shares by using identity-based authentication with Microsoft Entra ID instead of using a storage account key.
13
13
---
14
14
15
-
# Access SMB Azure file shares by using managed identities with Microsoft Entra ID (preview)
15
+
# Access SMB Azure file shares by using managed identities with Microsoft Entra ID
16
16
17
17
**Applies to:**:heavy_check_mark: SMB file shares
18
18
19
-
This article explains how you can use [managed identities](/entra/identity/managed-identities-azure-resources/overview) to allow Windows and Linux virtual machines (VMs) to access SMB Azure file shares by using identity-based authentication with Microsoft Entra ID (preview).
19
+
This article explains how you can use [managed identities](/entra/identity/managed-identities-azure-resources/overview) to allow Windows and Linux virtual machines (VMs) to access SMB Azure file shares by using identity-based authentication with Microsoft Entra ID.
20
20
21
-
A managed identity is an identity in Entra ID that Azure automatically manages. Typically, you use managed identities when developing cloud applications to manage the credentials for authenticating to Azure services.
21
+
A managed identity is an identity in Microsoft Entra ID that Azure automatically manages. Typically, you use managed identities when developing cloud applications to manage the credentials for authenticating to Azure services. Azure Files now supports both application managed identities and end‑user identity-based access on the same storage account. Applications and users are independently authenticated via Microsoft Entra ID and authorized through a shared permissions model.
22
22
23
23
By the end of this guide, you create a storage account that's ready to access with a managed identity. You also learn how to create a managed identity for a VM and generate an OAuth token for it. Then you mount a file share by using managed identity-based authentication and authorization. Using a managed identity eliminates the need to use a storage account key.
24
24
@@ -34,7 +34,7 @@ Benefits include:
34
34
35
35
-**Fine-grained access control**: Role-based access at the identity level.
36
36
37
-
-**Automation friendly**: Easy to integrate with continuous integration and continuous delivery (CI/CD) pipelines, Azure Kubernetes Service (AKS) workloads, and customer applications.
37
+
-**Automation friendly**: Easy to integrate with continuous integration and continuous delivery (CI/CD) pipelines, [Azure Kubernetes Service (AKS)](/azure/aks/create-volume-azure-files#use-managed-identity-to-access-azure-files-storage-preview) workloads, and customer applications.
38
38
39
39
-**Cost effective**: No extra storage cost for managed identities.
40
40
@@ -56,7 +56,7 @@ The clients that need to authenticate by using a managed identity shouldn't be j
56
56
57
57
## Configure the managed identity's access property on your storage account
58
58
59
-
To authenticate a managed identity, you must enable the `SMBOAuth` property on the storage account that contains the Azure file share you want to access. We recommend creating a new storage account for this purpose. You can use an existing storage account only if it doesn't have any other identity source configured.
59
+
To authenticate a managed identity, you must enable the `SMBOAuth` property on the storage account that contains the Azure file share you want to access. We recommend creating a new storage account for this purpose, although you can use an existing storage account.
60
60
61
61
To enable the `SMBOAuth` property on your storage account, use either the Azure portal or Azure PowerShell. For instructions, select the appropriate tab.
62
62
@@ -66,7 +66,7 @@ To create a new storage account with the `SMBOAuth` property enabled by using th
66
66
67
67
:::image type="content" source="media/managed-identities/enable-managed-identity.png" alt-text="Screenshot that shows how to enable a managed identity for SMB when creating a new storage account by using the Azure portal." border="true":::
68
68
69
-
Alternatively, you can enable the `SMBOAuth` property on an existing storage account, as long as the storage account doesn't have any other identity source configured.
69
+
Alternatively, you can enable the `SMBOAuth` property on an existing storage account.
70
70
71
71
Go to the storage account. On the service menu, under **Settings**, select **Configuration**. Under **Managed Identity for SMB**, select **Enabled**, and then select **Save**.
0 commit comments