Create and Manage Configured Azure Files Shares

The Azure Files page contains a list of all the configured and linked Azure Files shares. You can perform various actions on the Azure Files shares such as creating, linking, or managing shares. This includes options such as auto-scale, unlink, setting/changing permissions, closing file handles, and copy the Azure Files UNC path.

To link to an existing Azure Files file share:

Navigate to Storage > Azure Files.
Select Link Azure Files.
Enter the following information:
- Storage Account: From the drop-down list, select the storage account.
- File Share: From the drop-down list, select the file share.
Once you have entered all the desired information, select OK.

After a few moments, the Azure Files file share is added to Nerdio Manager.

To create a new Azure Files file share and/or storage account:

Navigate to Storage > Azure Files.
Select Add Azure Files.
Enter the following information:
- Storage Account: From the drop-down list, select the storage account.
- Storage Account Description: Type the description of the storage account.
- Resource Group: From the drop-down list, select resource group for the storage account and Azure Files share.
- Performance: From the drop-down list, select performance tier for the share.
  
  Tip: It is strongly recommended that you select Premium for the best user experience.
- Replication: From the drop-down list, select the type of storage replication.
  
  Note: See this Microsoft article for more information about Azure storage redundancy.
- File Share Name: Type the share's name.
- File Share Description: Type the share's description.
- Provisioned Capacity (GiB): Type the size of the provisioned capacity.
- Share-level permissions: Select this option to set default share-level permissions on storage account.
  Note:
  - SMB Share Contributor permission can be used to allow all authenticated users read/write access to the share.
  - SMB Share Reader can be used to allow all authenticated users read-only access to the share (for example, MSIX app attach).
  See this Microsoft article for additional information.
- Permissions (SMB Share Contributors): Specify users/groups that have Storage File Data SMB Share Contributor role on the share.
  
  Note: This is required for read/write access to the share.
- Add users / groups from host pools: From the drop-down list, select users/groups currently assigned to these host pools to be given Storage File Data SMB Share Contributor role on the share.
- Join to AD or Entra ID: Select this option and then from the drop-down list, select an Entra ID or an AD profile to directly join the share.
  
  Note: To use an Azure Files share as a storage location for FSLogix profiles and MSIX App Attach images, the storage account must be integrated with Active Directory, Entra Domain Services, or Entra ID. If you select not to join the storage account to AD or Entra ID, you can do so later. Joining the storage account to AD creates a temporary VM and uses the AD profile credentials to add the storage account as a Computer object in selected AD. Integrating storage account with Entra Domain Services sets the appropriate flag in Azure. Entra Domain Services admin profile credentials are necessary to create a temporary VM to be domain-joined and enable AES-256 encryption. Joining the storage account with Entra ID creates the necessary app registration and provides you with an option to grant needed consents.
- Create a computer-joined file share: Select this option to join Azure Files storage accounts to AD by creating either a user object or a computer object in Active Directory.
  
  Note: It is recommended that a user object is used for the domain join process. Please ensure that no policies are in effect that may disable or remove this account or reset its password. If a computer object is selected, ensure this account is excluded from any automated cleanup process. All file shares are created with AES256 encryption enabled.
- Assign NTFS file-level permissions: Select this option to have Nerdio Manager assign NTFS file-level permissions to newly created file shares.
  Notes:
  - This is in addition to assigning Azure RBAC roles selected above.
  - This process automatically creates a temporary VM to perform the permission assignment task.
  - See this Microsoft article for information about default file permissions used on new Azure Files shares.
- Show advanced settings: To join Azure Files to the Active Directory Nerdio Manager creates a temporary VM to perform the operation. Select the settings to be used for this temporary VM.
  
  Tip: It is strongly recommended that you allow Nerdio Manager to use the default settings when creating the temporary VM. That is, we recommend that you do not use the advanced settings.
- Enable SMB Multichannel: Select this option to improve the Azure Files Premium performance.
- Apply tags: Optionally, type the Name and Value of the Azure tag to apply to the Azure Files share.
  
  Note: You may specify multiple tags. See this Microsoft article for details about using tags to organize your Azure resources.
Once you have entered all the desired information, select OK.

To manage configured Azure Files shares:

Navigate to Storage > Azure Files.
Locate the Azure Files share you want to manage.
The action menu allows you to perform the following functions:
- Manage: Manage the file share's configuration.
- Auto-scale: See Auto-scale for Azure Files Storage Premium for more information.
- File handles: Unlock files/Close open file handles.
- Copy UNC Path: Copy the UNC path to the clipboard.
- Unlink: Remove the Azure Files file share from Nerdio Manager.
- Delete FSLogix Profiles: Delete a selected FSLogix profile.
- Restore FSLogix Profiles: Restore a selected FSLogix profile that was previously deleted.
From the action menu, select Manage to change the Azure Files share's parameters and permissions.