![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 6%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFL%3C/text%3E%3C/svg%3E)
Azure Files
An Azure service that offers file shares in the cloud.
1,312 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 31%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVK%3C/text%3E%3C/svg%3E)
Welcome to Microsoft Q&A, thanks for posting your query.
Setting up cross-tenant SMB access for Azure Files between Tenant A and Tenant B need to consider several steps.
Here are the few steps that may solve your issue.
How will the shared file system appear on Tenant A?
The shared file share hosted in Tenant B will appear as a network drive to users in Tenant A after a proper configuration and authentication is done.
You can use Azure Files share using SMB on Windows, Azure File share can be mapped to a drive letter, such as Z:\ or any other available letter. On Linux and macOS, share can be mounted as a directory using the SMB protocol, making it accessible like any local or network directory.
What are the recommended steps for securely setting up this SMB access across tenants?
Azure SMB file shares are designed for use within a single tenant's environment, and access control is managed through Azure AD authentication and authorization mechanisms.
However, you can invite users from other Azure AD tenants to collaborate with your tenant using Azure AD B2B collaboration. This allows external users to access resources within your tenant, but it doesn't directly share the SMB file shares across tenants. Users from other tenants would need to authenticate as guest users in your tenant and be granted appropriate access to the SMB file shares.
Secure the connection by creating private endpoints for the Azure File Share in Tenant B. This ensures that SMB traffic between Tenant A and Tenant B flows over a private network instead of the public internet.
- Authenticate users and grant access to the shared file system using Microsoft Azure AD authentication.
- Invite users from Tenant A to access the shared file system in Tenant B via Azure AD B2B.
- Ensure secure access to the shared file system over a private connection using Azure Private Link.
- Use Azure Firewall or Network Security Groups to restrict access to only authorized IP addresses.
Are there any considerations or limitations we need to be aware of when implementing this cross-tenant SMB access for data delivery?
To enable secure cross-tenant authentication and manage access effectively, advanced licenses such as Entra ID Premium are required. Tenant A must be able to access the private endpoint of the Azure File Share in Tenant B. This may involve configuring a VPN, Azure Virtual WAN, or enabling cross-tenant virtual network peering. Be aware that data movement between tenants in different Azure regions might experience slower speeds due to network delays or limited bandwidth. Ensure that systems in Tenant A can utilize the SMB protocol and that firewalls allow connections through port 445. Tools like Azure Monitor and Microsoft Defender for Storage can help monitor the shared file system in Tenant B, detecting and preventing unauthorized activity.
Mount Azure file share on Windows | Microsoft Learn
https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-external-users
Cross-Tenant Migration - FastTrack – Microsoft 365 | Microsoft Learn
Please feel free to contact if the issue persists, we will be glad to assist you closely. Please do consider clicking on "Accept Answer" and "Up-vote" on the post that helps you, as it can be beneficial to other community members.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)