Azure: Services & Architecture
by Sergey Okinchuk
Managed DisksNetApp Files
Azure Files
Service 11

Azure Files

File

Azure Files provides fully managed file shares in the cloud, accessible over SMB and NFS and mountable from Azure VMs, on-premises machines, and containers. It is a shared file system you do not run — no file server to patch, no disk to grow by hand — addressed by a UNC path or a mount point.

Files is the lift-and-shift answer for applications that expect a file system and a shared mount, where rewriting them to use object storage is not worth it. The main decisions are the protocol, the performance tier, and how identity-based access is wired.

Protocols

An SMB share serves Windows and cross-platform clients and supports identity-based access through Active Directory or Entra. An NFS share serves Linux workloads and POSIX semantics but authenticates by network rules, not identity, and requires the Premium tier. The protocol is chosen per share and shapes both the client story and the security model.

Tiers

Standard shares run on HDD-backed storage with transaction-optimized, hot, and cool variants, billed per gigabyte plus per transaction. Premium shares run on SSD with provisioned capacity and consistent low latency, for databases, line-of-business apps, and latency-sensitive workloads. As with disks, the wrong tier shows up as latency long before it shows up as a feature gap.

Identity-Based Access

SMB shares can authenticate users against Active Directory Domain Services or Microsoft Entra, enforcing NTFS-style permissions so access follows the user's identity rather than a shared key. This is what makes Azure Files a credible replacement for an on-premises file server, where per-user permissions are the whole point.

Azure File Sync

Azure File Sync turns a Windows file server into a fast local cache of an Azure file share, tiering cold files to the cloud while keeping hot files local. It is how organizations keep on-premises file-server performance while centralizing the authoritative copy in Azure and shrinking local storage — and a common first step in a cloud migration.

Azure Files vs Azure NetApp Files vs Blob Storage

Azure Files — Managed SMB/NFS shares for general-purpose file workloads and lift-and-shift. The default when an app needs a shared file system.

Azure NetApp Files — Enterprise NFS/SMB with sub-millisecond latency for SAP, HPC, and databases. Choose it when Premium Files is not fast enough.

Blob Storage — Object storage for whole objects by URL. Choose it for unstructured data, not for apps that expect a file system.

Common Mistakes
  • Choosing an NFS share and then discovering it needs the Premium tier and authenticates by network rules, not identity.
  • Running a latency-sensitive app on a Standard share and blaming the app when the HDD-backed tier is the limit.
  • Using a shared account key for SMB access instead of wiring identity-based access through AD or Entra.
  • Reaching for Azure Files when the workload stores whole objects that belong in Blob Storage — paying file-share prices for object data.
  • Mounting a share over the public internet without private endpoints, exposing SMB to the network.
  • Expecting Premium-Files latency for a database that actually needs Azure NetApp Files.
Best Practices
  • Pick the protocol by client: SMB for Windows and identity-based access, NFS (Premium) for Linux POSIX workloads.
  • Use Premium shares for databases and latency-sensitive apps; Standard for general file sharing and archival.
  • Wire SMB shares to AD or Entra for per-user permissions instead of a shared key.
  • Use Azure File Sync to keep on-premises file-server performance while centralizing the authoritative copy in Azure.
  • Reach shares through private endpoints rather than the public internet.
  • Escalate to Azure NetApp Files when Premium Files cannot meet the latency or throughput requirement.
Comparable servicesAWS EFS / FSx for WindowsGCP Filestore

Knowledge Check

A team needs identity-based, per-user permissions on a cloud file share for Windows clients. Which protocol and configuration fits?

  • An SMB share authenticated against Active Directory or Entra
  • An NFS share secured by network firewall rules per subnet
  • A Blob container handing out a separate SAS token to each user
  • A page blob mounted as a single-attach disk

What does Azure File Sync provide?

  • A local file-server cache of an Azure file share, tiering cold files to the cloud
  • Synchronous replication of a file share between two Azure regions for cross-region failover
  • In-place conversion of SMB file shares into Blob containers
  • Automatic encryption at rest of on-premises server disks

When should you choose Azure NetApp Files over Azure Files?

  • When Premium Files cannot meet the sub-millisecond latency or throughput a workload like SAP or a database needs
  • When you want the cheapest possible file storage for an archive of cold, rarely read files that almost never change
  • When the workload stores whole immutable objects fetched individually by URL
  • When you need an append-only target for a high-volume log stream

You got correct