Microsoft has announced the general availability of Entra-Only identities for Azure Files SMB, enabling organizations to authenticate users via Microsoft Entra ID without requiring on-premises Active Directory, hybrid sync, or managed domain controllers. The feature uses Entra ID as the Kerberos Key Distribution Center, issuing tickets with cloud-based SIDs for SMB sessions. Key capabilities include portal-based NTFS ACL management, expanded RBAC support, co-existence with hybrid identity setups, and limited preview support for macOS clients via Platform SSO. Primary use cases highlighted include Azure Virtual Desktop (AVD) with FSLogix profile containers, general-purpose file sharing for distributed workforces, and remote access for energy sector workloads. Managed Identities for keyless application access is also now GA. The feature is available at no additional cost across HDD and SSD shares.
Table of contents
Why choose Entra-Only identities with Azure FilesWhat’s new with Entra-Only identitiesHow Entra-Only identities work with Azure FilesHero workloads modernized with Entra-Only identitiesContinued investments in Azure Files identityWhat’s next with Azure Files Entra-Only IdentitiesGet started with Entra-Only identities and other Azure Files investmentsExplore the documentationSort: