
No-Faffing Managed IT Support & Cyber Security Support. Made in Yorkshire, built for the UK.
The YouTube video by Jonathan Edwards explains how to set up Azure Files with Microsoft Entra native permissions without using Active Directory. It aims to give IT teams a production-ready path that removes the need for domain controllers while keeping file-level control. Moreover, the presentation balances practical steps with explanations about pricing and redundancy choices.
In addition, the presenter walks viewers through real-world decisions for a fictional law firm, which helps illustrate common administrative concerns. He also uses clear demos to show how permissions and access behave in practice. As a result, the guidance feels applicable to both cloud-first organizations and teams migrating from on-premises file servers.
Finally, the video includes structured chapters that break the setup into manageable tasks such as storage creation, key management, and device configuration. This chapter structure aids viewers who want to follow the process step by step. Consequently, the tutorial supports both quick reference and deeper review.
First, Jonathan shows how to create a StorageV2 account and recommends performance tiers based on latency needs. Then he explains how to create separate file shares for departments to keep data organized and manageable. Next, he demonstrates disabling storage account key access and enabling identity-based authentication to reduce static credential exposure.
Following that, the video covers turning on Entra ID Kerberos for SMB access and granting the appropriate roles through the portal. He also assigns specific RBAC roles such as Storage File Data SMB Share Contributor to control share-level permissions. Finally, he shows how to configure Intune device policies so managed devices can acquire Kerberos tickets for seamless access.
Testing completes the workflow when the presenter mounts the share from a Windows device and walks through an access-denied demo before and after permissions are applied. This hands-on test highlights how identity-based access differs from key-based or AD-joined models. Therefore, teams get both the configuration steps and the verification method in one run-through.
The video emphasizes that identity-based SMB access lets organizations leverage modern controls like multi-factor authentication and conditional access. In particular, replacing storage keys with Entra authentication reduces long-lived secrets and improves auditability. As a result, security teams can apply centralized policies across file access in a familiar way.
Moreover, the presenter notes that Windows ACLs still work, so administrators can maintain granular directory and file permissions. However, he also points out the need to map Entra groups carefully to avoid over-permissioning. Thus, administrators must plan group membership and role assignments to keep the principle of least privilege.
Backup and redundancy are also covered, with suggestions to evaluate service tiers and geo-replication based on business continuity needs. He demonstrates using Azure Backup for Files to protect against accidental deletions and ransomware. Consequently, teams should pair the identity model with robust backup policies to balance agility and risk.
Removing Active Directory simplifies architecture but introduces tradeoffs in hybrid scenarios that still rely on on-prem identities. For example, organizations that depend on legacy NTFS tools or complex AD group nesting will face migration tasks and possible permission gaps. Therefore, planning the cutover and mapping ACLs requires careful testing and possibly migration tooling.
Another challenge is client compatibility and Kerberos ticketing behavior across VPNs and non-managed endpoints. While Intune-managed devices work smoothly in the demo, unmanaged or third-party clients may need additional configuration. Consequently, teams must evaluate their device mix and possibly enforce managed-device access through conditional access policies.
Finally, scaling and monitoring can create operational overhead when many shares and groups exist, because RBAC assignment and auditing become more complex. He recommends naming conventions and tag-based organization to simplify management. Thus, operations teams should invest in documentation and monitoring to keep the environment sustainable.
Jonathan encourages testing in a development subscription before rolling out to production to validate access flows and backup restores. He also suggests disabling storage account keys early in the process to force identity-based access and reduce accidental key exposure. As a result, teams gain confidence that permissions behave as intended under real conditions.
Furthermore, he advises using separate shares per department and assigning RBAC roles at the appropriate scope to limit blast radius. In addition, pairing Entra conditional access with Intune device compliance helps ensure that only authorized, managed devices can mount shares. Therefore, organizations should combine identity, device, and data controls for a layered defense.
In conclusion, the video by Jonathan Edwards provides a clear, actionable path to run Azure Files without Active Directory, while acknowledging the tradeoffs and operational work needed for hybrid and large-scale environments. By following his step-by-step configuration and testing guidance, IT teams can adopt a modern file access model that reduces key management and leverages Entra security features. Ultimately, the approach works well for cloud-first organizations that are ready to plan for migration and governance.
Azure Files setup, Azure Files without Active Directory, Configure Azure file share, Mount Azure file share Windows, Mount Azure file share Linux, Azure Files SMB setup, Azure Files NFS setup, Azure Files authentication options