![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 20%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENW%3C/text%3E%3C/svg%3E)
Azure Files
An Azure service that offers file shares in the cloud.
1,207 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 64%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENR%3C/text%3E%3C/svg%3E)
Hello N Wakchaure, Jagdish,
Greetings! Welcome to Microsoft Q&A Platform.
Set ACLs for the Root Directory: Before copying a large number of files, configure the access control lists (ACLs) for the root directory of the Azure file share. Changes to root ACLs can take time to propagate if done after a large file migration.
Configure Windows ACLs (NTFS Permissions): After migrating data to Azure Files, you can set up NTFS permissions just like you would for traditional file servers. These permissions operate at a granular level, controlling access at the directory or file level. Both share-level permissions and NTFS permissions are enforced when a user accesses a file or directory. If there’s a difference between them, the most restrictive one applies. For example:
If a user has read/write access at the file level but only read at the share level, they can only read that file.
- If a user has read/write access at the share level but only read at the file level, they can still only read the file. Ensure you have a client machine running Windows with unimpeded network connectivity to the domain controller or Azure AD if using Active Directory Domain Services (AD DS) or Microsoft Entra Kerberos.
The permissions on the files and folders will remain when you migrate the data, the share permissions have to be configured using the RBAC roles. We have three Azure built-in roles for granting share-level permissions to users:
Storage File Data SMB Share Reader allows read access in Azure Storage file shares over SMB.
Storage File Data SMB Share Contributor allows read, write, and delete access in Azure Storage file shares over SMB.
Storage File Data SMB Share Elevated Contributor allows read, write, delete and modify NTFS permissions in Azure Storage file shares over SMB.
To change, add or remove security permissions on the files or folder using PowerShell you can use the Set-Acl command. The best way to set the permission is to copy the permissions from another file or folder if you need the same permissions on the destination path.
To migrate the permissions on the files and folders, you need to use a tool like Azure Storage mover, AzCopy or Robocopy
All of these support full fidelity copies and allow copying the folder structure.
Migrate to SMB Azure file shares using Azure Storage Mover | Microsoft Learn
Migrate to Azure file shares using RoboCopy | Microsoft Learn
Transfer data to or from Azure Files by using AzCopy v10 | Microsoft Learn
Copying data using the migration tools is a multi-step process and involves downtime for cut over. When it comes to authentication, there are multiple authentication options supported by Azure Files, you can use Microsoft Entra Domain Services identity-based authentication
Hope this answer helps! Please let us know if you have any further queries. I’m happy to assist you further.
Please "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.