Mark is leading a comprehensive Azure Files security workshop for Claire, the Identity and Access Management Trainee at MDFT Pro educational institute. During their advanced certification training session, they’re exploring authentication mechanisms for Azure Storage services, specifically focusing on how Azure Active Directory integration works with file shares.
The scenario involves understanding whether global administrators can leverage their existing Azure AD credentials to directly access file shares without additional configuration. Mark has deployed a standard storage account using an ARM template, and Claire needs to determine the authentication capabilities available for the Azure Files service.
The ARM template shows the following configuration for storageaccount1:
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2019-06-01",
"name": "storageaccount1",
"location": "eastus",
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"kind": "StorageV2",
"properties": {
"networkAcls": {
"bypass": "AzureServices",
"virtualNetworkRules": [],
"ipRules": [],
"defaultAction": "Allow"
},
"supportsHttpsTrafficOnly": true,
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keySource": "Microsoft.Storage"
},
"accessTier": "Hot"
}
}
Mark needs to show Claire whether Global administrators in Azure Active Directory (Azure AD) can access a file share hosted in storageaccount1 by using their Azure AD credentials.
Can Global administrators access the file share using Azure AD authentication?
Choose the correct answer from the options below.
Explanations for each answer: