Migrate to Azure Files

Posted by SisterLakesMI@reddit | sysadmin | View on Reddit | 18 comments

Hey Guys/Gals,

I am slowly working to get our company off of a server.

At this point in time I have all of our company computers Entra Joined (not hybrid). We still have AD sync to Entra for users, but I'd like to eventually get rid of AD and make all the users just Entra only. We have a mapped drive to our file server. (If I just turn off my AD at some point will those Entra Synced users have any issues?)

Main hangup is our data.

It's not a ton of data (under 700 GB) and I've been wanting to move it to department based Sharepoint sites, but getting the department heads to cleanup their data has been a challenge. I extended our warranty on our server one more year, but really would like it to be gone by the time we move to a new building this winter.

I'd really like to be able to just lift and shift my data up into Azure File Shares and then have users authenticate with their Entra logins.

From what I understand with Azure Files I can sync the data to the Azure Files storage from my server, assign it a drive letter and it will essentially show up exactly the same as our current mapped drive. Once everyone is onboarded and it's working, I can just turn off the server. Or at least that's how I'd like this too work.

Concerns or questions.

SMB uses port 445 which most IP's block. It sounds like there is a way I can push out an Azure Endpoint to my devices via Intune that will essentially allow an always on vpn/connection to the tunnel so my staff won't even have to do anything to access the mapped drive regardless of their locaiton/network. Any guides or details on that? Ideally I'd like it to be the same experience for in office as remote staff. Also our data is not huge, we are a specialized vehicle dealer, so mainly just pdfs and documents. No crazy large files like CAD drawings or anything.
It seems up until recently it still required some sort of entra/hybrid environment with traditional AD still involved. While my users are currently synced with local AD. I hope to cut that off at some point soon and be 100% Entra only. This is a generally open share with no permissions within the structure so I'm not too worried about permissions or things coming over from AD.
What is the backup situation cost like. It looks like with the calculators, I can get 1000 TB of storage for $90-120 a month, but not sure how much the backup tacks on top of that. Also I use Ninja365 backup for my Sharepoint/Outlook/Onedrive backups at the moment. Is there a third party backup solution?

If anyone knows of any guides that can help with this including primarly the setting up of the secure connection and the Azure File blob correctly, I'd appreciate it.

[-]

Master-IT-All@reddit

You can setup now, and connect the Azure Files to ADDS and make use of NTFS permissions assigned to AD users and groups for the SMB connection. When you flip to no AD, you'll have to add permissions based on Entra objects and then clean out the AD groups/users.

For access to data, I would recommend using a local cache server. This will bypass the question for most cases. For automated failover you'd want to add Distributed File System (DFS) Name space and leaf objects.
I also strongly recommend allowing only Private endpoint connections, not public. So all connections would need to be from onprem over a Site-to-Site VPN or users connect the Azure VPN client to the Peer-to-Site VPN.
You don't need to go Hybrid unless you want to use the same groups for access to the IAM layer in Entra. You do need to connect Azure Files to your AD in order to use AD Users and Groups for SMB layer access.
Backup using Azure Backup, looks about 1/6th the cost of the storage.

One thing I will say about COST with Azure Files. ALL CAPS TOO.

THE COST IS BASED ON THE PROVISIONED SIZE, NOT THE USED.

So when you're creating shares, create shares that are sized correctly. So if \Budget has only 15GB of data in it, create a 32GB (smallest) File Share.

I would avoid creating a single monolith share and create many small shares. This gives more options.

[-]

Lord_Raiden@reddit

Recommend "Provisioned_V2" storage/shares for Azure Files. This lets you independently scale Capacity/IOPS/Bandwidth to be able to adjust for your specific needs. No more having to scale to massive size if you need high IOPS performance.

[-]

Adam_Kearn@reddit

This.

I’ve heard some stories about azure files being a bit slow.

This really depends on what files you are storing on it too. If it’s just documents then it would be fine.

But large CAD/photoshop files you might struggle a little with the bandwidth.

Alternatively what I’ve seen done at some places is they get a NAS (synology is a good brand) to replace the file server. Then setup azure files and have the NAS as a “cache” server locally.

You can set the DNS so it puts you on the right one automatically without the user knowing.

Then when they are at home it will use the Azure side too.

The NTFS permissions are going to be the biggest pain for you when you do decided to move away from having an on-prem ADDS server.

Instead you can use something like “Entra Domain Services” this will give you the NTFS permissions like before and also allow for LDAP for legacy applications.

[-]

Valdaraak@reddit

Yea, caching is the way to go if you're replacing file servers. It'll keep the most commonly used files local and everything else in the cloud.

cyr0nk0r@reddit

Ditch Azure files and go with something like egnyte or. Lucidlink. You will get exactly what your users are used to with all the modern protocols baked in.

You can still Auth via entra sso. But services like egnyte actually work as advertised. What's Microsoft's record for products?

SisterLakesMI@reddit (OP)

IDK about LucidLink, but Egnyte is not cheap.

structured_triage@reddit

Honestly, forcing SMB over an Intune-deployed VPN tunnel just to keep a mapped drive vibe usually creates way more support tickets than it solves. Pushing the department heads to accept SharePoint document libraries is painful culturally, but technically much cleaner for just 700GB of PDFs. Regarding your backup situation: whatever third-party tool you end up picking, make sure it stores the data completely outside the Azure/Entra ecosystem. Relying on native Microsoft retention or a tool tied to your exact same identity layer means a compromised admin account wipes out your production data and your recovery console simultaneously. You need true architectural isolation, not just a snapshot tool bolted onto the same cloud.

Im concernred with the file limit. With our 700 Gig's of data we close to 300k files already which won't play nice with syncing a shortcut into Onedrives

SysAdminNonProphet@reddit

You will never get department heads to clean up their old data if that's what you're waiting for. 700GB is nothing, push it to SharePoint using the migration tool. Maybe run DFD7 or Windirstat to deal with the bulk first

700 GB is just under 300k files. If they want to sync to Onedrive that a potential for problems.

Yea, maybe thats what I'll do. Sometime you just get tunnel vision. I do have Sharepoint nightmares from my msp data with folder count limits for syncing and character path limits etc that makes me hesistate with Sharepoint along with a very non techy company. Any change is a challenge especially for the guys in the shop on the computers with frequesnt user changes.

mcgeeky@reddit

If the organisation wants to keep the feel of the file server (i.e. they don't want to use the sync tool) check out a SharePoint drive mapping tool like our product ZeeDrive: Map OneDrive and SharePoint as a Virtual Network Drive with ZeeDrive

zaphod777@reddit

Be sure to check the SharePoint file sync limits. It's a hard limit on all files in all libraries you have synced to OneDrive, even if you don't have them set to offline.

Funny_Wing3136@reddit

Please, can you guide me? Can I get a fully accurate, highly secure, and up-to-date WBA OpenRoaming profile? Do you think this file will allow my phone or computer to automatically connect to any network in my country and around the world? If you think it’s reliable, could you provide me with links to access it, and explain the best practical methods for implementing it? I look forward to your response. Thank you.

I would not under any circumstances push 700 GB of files into Sharepoint without a plan on how people's workflows need to change. That's a recipe for disaster that I've seen happen plenty of times.

Sharepoint is not a 1:1 file server replacement. It requires planning and changing old habits and processes. Azure Files is way more 1:1.

BeAdaptiveIT@reddit

You're solving a 2010 problem with 2026 plumbing. For 700 GB of PDFs and documents, the right destination is SharePoint and OneDrive, not Azure Files.

A few specifics, having done this transition for a number of clients:

Azure Files exists for the case where you have a line-of-business app that genuinely needs a Windows file share (Sage, an old AutoCAD setup, scanner software, whatever). PDFs and Word documents are not that case. Search, version history, retention, mobile, external sharing, link-based permissions. Mapped drives don't get any of that.
The SMB port 445 and VPN gymnastics you're working around are happening because Windows file sharing over WAN was never the design intent. You can make it work with private endpoints and Always-On VPN, but you're paying real money and ongoing complexity to keep using a tool that doesn't fit the job anymore.
The department-heads-clean-up trap. They will never do it. Migrate the live working set (last 12 to 24 months of touched files) into clean department SharePoint sites. Park the rest in an archive site with a long retention label. The SharePoint Migration Tool handles 700 GB without issue.
On the AD question. Once the data is in SharePoint, your AD becomes a sync source for Entra users and nothing else. You can sunset it cleanly. Don't bring AD-style permissions into the new world.

If you tell me what vehicle dealer software you're running, I can usually tell you whether there's an SMB-share dependency lurking that would force you back to Azure Files.

JeroenPot@reddit

Exaactly this.

Previous-Low4715@reddit

Azure files is only really good for data which cannot live in SharePoint. You need to force that change culturally with buy in from execs.