Hello Shane,
Thank you for posting your query here!
To restrict a specific file share in Azure from being mapped on Windows Explorer and limit the ability to map a specific file share to a specific AD group, you can follow these steps:
Assign share-level permissions to specific Microsoft Entra users or groups. This is the most stringent and secure configuration. You can assign them to specific Microsoft Entra users/groups, and you can assign them to all authenticated identities as a default share-level permission.
After you assign share-level permissions, you can configure Windows access control lists (ACLs), also known as NTFS permissions, at the root, directory, or file level. While share-level permissions act as a high-level gatekeeper that determines whether a user can access the share, Windows ACLs operate at a more granular level to control what operations the user can do at the directory or file level.
Also, if your organization uses Active Directory, you can use Group Policy to map network drives and configure restrictions. This allows you to control which AD groups can map specific file shares.
I hope this helps! Please let me know if you have any other questions or need further clarification.
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.