0

Is it possible to enable Access Based Enumeration in Azure Files?

We're using Azure Files with the AADDS integration enabled (per the setup discussed here - though with just the Azure Files; no local fileshares or file sync in play). We've successfully setup all pieces, and replicated permissions exactly between the old file share and the new, so things work as expected. However, users see lots more content than they're expecting/used to, because of the lack of Access Based Enumeration.

I've hunted through the MS Docs site and various YouTube / Channel9 videos but so far can't find mention of whether this feature's supported; so am coming to the conclusion that it's probably not.
I've found another person wanting this feature / it seems they've reached the same conclusion that I'm reaching.

JohnLBevan
  • 1,134
  • 7
  • 20
  • 44
  • I have exactly the same question. There is no such option and the synced folders that were hidden on a classic server file share are now visible – Niels Ziegler May 29 '20 at 08:50
  • My conclusion was that it's not supported. My solution was to run a script which to analyse the ACLs to work out which individual (ignoring admin/support teams) had access to each item at the root, then move it into a folder for that user. Doesn't fix all use cases, but it was a cleaner solution for our scenario (where the structure was badly setup in the first place / this cleanup made sense functionally) – JohnLBevan May 29 '20 at 13:01

1 Answers1

0

Under their FAQs section, MS now say the following:

Q. Does Azure Files support using Access-Based Enumeration (ABE) to control the visibility of the files and folders in SMB Azure file shares?

A. Using ABE with Azure Files isn't currently supported, but you can use DFS-N with SMB Azure file shares.

At time of writing, their roadmap doesn't show any signs of ABE being added in the near future.

JohnLBevan
  • 1,134
  • 7
  • 20
  • 44