![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 16%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECF%3C/text%3E%3C/svg%3E)
Azure Files
An Azure service that offers file shares in the cloud.
1,381 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 2%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHB%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 6%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKD%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 95%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
To apply ACLs to a folder in a mounted Azure file share, you need to ensure that you are using the correct credentials and that the necessary permissions are assigned. Since you mentioned that your Entra ID has the role of Storage File Data SMB Share Elevated Contributor, this role should allow you to assign permissions on new files or directories created under that share and ensure assigned at share level permission.
- If Entra ID Kerberos authentication is not set up, Windows might prompt for credentials. Ensure that Azure AD DS (Domain Services) or Hybrid AD Join is enabled for your environment.
If you intend to use a specific Microsoft Entra user or group to access Azure file share resources, that identity must be a hybrid identity that exists in both on-premises AD DS and Microsoft Entra ID. For example, say you have a user in your AD that is ******@onprem.contoso.com and you have synced to Microsoft Entra ID as ******@contoso.com using Microsoft Entra Connect Sync or Microsoft Entra Connect cloud sync. For this user to access Azure Files, you must assign the share-level permissions to ******@contoso.com. The same concept applies to groups and service principals.
Configure ACLs with icacls:
If your AD source is Microsoft Entra Domain Services, then <user-upn> will be <user-email>.
icacls <mapped-drive-letter>: /grant <user-upn>:(f)
Reference:
- Assign share-level permissions for Azure Files | Microsoft Learn
- Troubleshoot Azure Files identity-based authentication and authorization issues (SMB) - Azure | Microsoft Learn
- Azure Files - AD permissions not working - Microsoft Q&A by Sumanth
- Configure directory and file level permissions for Azure Files | Microsoft Learn
Check all the reference links I shared above; they will be useful, and you can resolve the issue by applying ACLs to your Azure file share.
Hope the above answer helps! Please let us know do you have any further queries.
Please do consider to “up-vote” wherever the information provided helps you, this can be beneficial to other community members.