Generally Available: Entra-only identities with Azure Files

Azure Files announces general availability of Entra-only identities for SMB access, enabling organizations to securely access file shares using cloud-native identities without requiring Active Directory or hybrid identity infrastructure. With Microsoft Entra ID as the authentication authority, users can access Azure Files using Kerberos-based authentication backed entirely by cloud identities - eliminating dependency on domain controllers and simplifying storage and identity architecture. Key capabilities * Cloud-native authentication with Entra ID: Secure SMB access using Kerberos without Active Directory or domain controllers * Simplified permissions management: Configure granular NTFS ACLs for Entra users and groups directly through the Azure portal * Role-based access control (RBAC): Assign share-level access using built-in roles for least-privilege administration * Secure access from anywhere: Enable identity-based access over the internet without VPN dependencies * Support for modern workloads: Power Azure Virtual Desktop (AVD), general-purpose file sharing, and distributed collaboration scenarios Please reach out to azurefiles@microsoft.com if you have any questions about adopting Entra-only Identities for secure SMB access with Azure Files. [Learn more](https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-hybrid-identities-enable?tabs=azure-portal%2Cintune#enable-cloud-only-groups-support-mandatory-for-cloud-only-identities).