{"id":25502,"date":"2026-06-11T02:01:28","date_gmt":"2026-06-11T02:01:28","guid":{"rendered":"https:\/\/www.insentragroup.com\/us\/insights\/uncategorized\/how-azure-files-entra-only-authentication-could-finally-enable-active-directory-retirement\/"},"modified":"2026-06-11T05:38:37","modified_gmt":"2026-06-11T05:38:37","slug":"how-azure-files-entra-only-authentication-could-finally-enable-active-directory-retirement","status":"publish","type":"post","link":"https:\/\/www.insentragroup.com\/us\/insights\/geek-speak\/modern-workplace\/how-azure-files-entra-only-authentication-could-finally-enable-active-directory-retirement\/","title":{"rendered":"How Azure Files Entra-Only Authentication Could Finally Enable Active Directory Retirement"},"content":{"rendered":"\n<div style=\"padding: 19px 15px 7px 22px; border: 1px solid #f37237; background-color: #f7f7f7;\">\n\n<p>Microsoft&#8217;s new Azure Files Entra-Only Authentication capability enables organisations to provide SMB file access using cloud-only Microsoft Entra ID identities. For many organisations, this removes one of the final technical dependencies preventing Active Directory retirement while simplifying identity, governance, and security operations.\u00a0<\/p>\n<p>\nWhile the technology itself is significant, the real opportunity lies in using it as a catalyst to simplify identity architecture, strengthen governance, reduce operational overhead, and accelerate broader cloud transformation initiatives.<\/p>\n\n<\/div><br>\n\n\n\n<p>For years,&nbsp;we&#8217;ve&nbsp;worked with organisations that wanted to retire Active Directory but couldn&#8217;t.<\/p>\n\n\n\n<p>They had modernised applications, migrated workloads to Azure, adopted Microsoft 365, implemented Microsoft Entra ID, and embraced cloud-first operating models. Yet despite significant investment in transformation initiatives, one dependency consistently remained.&nbsp;<\/p>\n\n\n\n<p>File shares.&nbsp;<\/p>\n\n\n\n<p>Time and again, we see organisations&nbsp;maintaining&nbsp;domain controllers, identity synchronisation platforms, and supporting infrastructure for one reason only. Their file services still depend on Active Directory.&nbsp;<\/p>\n\n\n\n<p>This challenge has delayed countless Active Directory retirement programmes, increased operational costs, and introduced unnecessary complexity into otherwise modern environments.&nbsp;<\/p>\n\n\n\n<p>Microsoft&#8217;s recent general availability announcement of Entra-Only Authentication for Azure Files may finally change that.&nbsp;<\/p>\n\n\n\n<p>More importantly, it presents organisations with an opportunity to revisit transformation initiatives that have stalled and accelerate their journey towards a truly cloud-native identity model.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The Reality of Active Directory Retirement&nbsp;<\/h2>\n\n\n\n<p>Retiring Active Directory has never been as simple as switching off domain controllers.&nbsp;<\/p>\n\n\n\n<p>For most organisations, Active Directory sits at the centre of a complex web of dependencies built over many years. Applications, authentication workflows, legacy permissions models, governance processes, and file services all need to be carefully considered before infrastructure can be decommissioned.&nbsp;<\/p>\n\n\n\n<p>While many of these dependencies now have modern cloud alternatives, file services have&nbsp;remained&nbsp;one of the most persistent challenges.&nbsp;<\/p>\n\n\n\n<p>Even organisations that have successfully modernised identity and adopted Microsoft Entra ID often find themselves&nbsp;retaining&nbsp;Active Directory purely to support SMB file access.&nbsp;<\/p>\n\n\n\n<p>The result is an uncomfortable reality.&nbsp;<\/p>\n\n\n\n<p>Critical identity infrastructure&nbsp;remains&nbsp;in place, not because it continues to deliver strategic value, but because organisations lack&nbsp;a viable&nbsp;path forward for file services.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why This Announcement Matters<\/h2>\n\n\n\n<p>Microsoft&#8217;s Entra-Only Authentication for Azure Files removes what has historically been one of the most significant barriers to Active Directory retirement.&nbsp;<\/p>\n\n\n\n<p>For the first time, organisations can provide identity-based SMB access using cloud-only Microsoft Entra ID identities without requiring:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Active Directory Domain Services<\/li>\n\n\n\n<li>Microsoft Entra Domain Services<\/li>\n\n\n\n<li>Hybrid identity synchronisation for file access<\/li>\n\n\n\n<li>Traditional domain controller infrastructure&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Microsoft Entra ID now acts as the Kerberos authority for supported Azure Files workloads, allowing users to authenticate directly through cloud-native identities.<\/p>\n\n\n\n<p>From an end-user perspective, the experience&nbsp;remains&nbsp;largely unchanged.<\/p>\n\n\n\n<p>From an infrastructure perspective, however, the implications are significant.&nbsp;<\/p>\n\n\n\n<p>The dependency on traditional domain services for SMB authentication can finally be removed.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Azure Files Entra-Only Authentication Requirements and Limitations&nbsp;<\/h2>\n\n\n\n<p>While the announcement is significant, organisations should understand several important requirements before incorporating Azure Files Entra-Only Authentication into their Active Directory retirement strategy.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td style=\"color: #fff; background-color: #F35905;\"><strong>Requirement<\/strong><strong>\u202f<\/strong>&nbsp;<\/td><td style=\"color: #fff; background-color: #F35905;\"><strong>Detail<\/strong><strong>\u202f<\/strong>&nbsp;<\/td><\/tr><tr><td><strong>Supported Clients<\/strong>\u202f&nbsp;<\/td><td>Windows 11 24H2+, Windows Server 2025; macOS in limited preview\u202f\u202f&nbsp;<\/td><\/tr><tr><td><strong>Device Join<\/strong>\u202f&nbsp;<\/td><td>Entra-joined or Hybrid-joined devices\u202f\u202f&nbsp;<\/td><\/tr><tr><td><strong>Authentication<\/strong>\u202f&nbsp;<\/td><td>Entra Kerberos (cloud-issued tickets)\u202f\u202f&nbsp;<\/td><\/tr><tr><td><strong>Permissions<\/strong>\u202f&nbsp;<\/td><td>Azure RBAC (share-level)\u202fwith\u202fNTFS ACLs (file\/folder-level)\u202f\u202f&nbsp;<\/td><\/tr><tr><td><strong>MFA<\/strong>\u202f&nbsp;<\/td><td>Supported, but must be excluded from the storage account app registration\u202f\u202f&nbsp;<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">What This Means in Practice&nbsp;<\/h2>\n\n\n\n<p>Although Azure Files Entra-Only Authentication removes the need for traditional domain services, organisations should&nbsp;validate&nbsp;client compatibility, device management standards, permission models, and Conditional Access configurations before migration.&nbsp;<\/p>\n\n\n\n<p>These considerations should form part of a broader Active Directory retirement assessment rather than being treated as a standalone technical deployment.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Completing the Active Directory Retirement Projects That Have Stalled&nbsp;<\/h2>\n\n\n\n<p>Many organisations have already completed 80 to 90 per cent of their Active Directory retirement journey.&nbsp;<\/p>\n\n\n\n<p>Applications have been modernised.&nbsp;<\/p>\n\n\n\n<p>Devices are managed through Intune.&nbsp;<\/p>\n\n\n\n<p>Users authenticate through Microsoft Entra ID.&nbsp;<\/p>\n\n\n\n<p>Yet domain controllers&nbsp;remain&nbsp;operational because file services have not evolved at the same pace.&nbsp;<\/p>\n\n\n\n<p>Azure Files Entra-Only Authentication creates a practical pathway for organisations to finally address that gap.&nbsp;<\/p>\n\n\n\n<p>This allows organisations to:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Reduce or&nbsp;eliminate&nbsp;domain controller dependencies&nbsp;<\/li>\n\n\n\n<li>Simplify identity architecture&nbsp;<\/li>\n\n\n\n<li>Reduce infrastructure costs&nbsp;<\/li>\n\n\n\n<li>Remove legacy authentication services&nbsp;<\/li>\n\n\n\n<li>Progress long-delayed retirement initiatives&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>For many organisations, this capability could become the catalyst that finally enables full Active Directory retirement.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What We&#8217;re Seeing in the Market&nbsp;<\/h2>\n\n\n\n<p>Across our customer engagements, several common themes continue to&nbsp;emerge.<\/p>\n\n\n\n<p>Organisations are under pressure to:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Reduce operational costs&nbsp;<\/li>\n\n\n\n<li>Simplify identity architecture&nbsp;<\/li>\n\n\n\n<li>Strengthen security controls&nbsp;<\/li>\n\n\n\n<li>Improve governance and compliance outcomes&nbsp;<\/li>\n\n\n\n<li>Accelerate cloud transformation programmes&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>At the same time, many continue to&nbsp;operate&nbsp;hybrid identity environments that are significantly more complex than they need to be.&nbsp;<\/p>\n\n\n\n<p>It&#8217;s&nbsp;not uncommon&nbsp;to find:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Domain controllers&nbsp;maintained&nbsp;solely for file access&nbsp;<\/li>\n\n\n\n<li>Legacy synchronisation infrastructure supporting a shrinking number of workloads&nbsp;<\/li>\n\n\n\n<li>Multiple identity management processes&nbsp;<\/li>\n\n\n\n<li>Duplicate governance controls across on-premises and cloud environments&nbsp;<\/li>\n\n\n\n<li>Security teams&nbsp;monitoring&nbsp;infrastructure that organisations would otherwise prefer to retire&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>These challenges create ongoing operational overhead and can slow broader modernisation efforts.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The Governance Opportunity Is Just as Important&nbsp;<\/h2>\n\n\n\n<p>While much of the attention surrounding this announcement focuses on infrastructure simplification, we believe the governance implications may be even more valuable.&nbsp;<\/p>\n\n\n\n<p>Many organisations today manage governance across multiple identity platforms, making access management, auditing, and compliance reporting more complex than necessary.&nbsp;<\/p>\n\n\n\n<p>By&nbsp;consolidating&nbsp;identities and access controls within Microsoft Entra ID, organisations gain the opportunity to simplify governance while improving visibility and control.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Centralised Access Management<\/h2>\n\n\n\n<p>Azure RBAC provides share-level access control while NTFS ACLs continue to provide granular file and folder permissions.&nbsp;<\/p>\n\n\n\n<p>This allows organisations to&nbsp;maintain&nbsp;familiar permission models while adopting cloud-native administration practices.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Stronger Zero Trust Alignment<\/h2>\n\n\n\n<p>Access decisions can be governed through:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Conditional Access policies&nbsp;<\/li>\n\n\n\n<li>Device compliance requirements&nbsp;<\/li>\n\n\n\n<li>Risk-based authentication controls&nbsp;<\/li>\n\n\n\n<li>Location-aware access restrictions&nbsp;<\/li>\n\n\n\n<li>Passwordless&nbsp;authentication methods&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>These capabilities support a more mature and consistent security posture.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Unified Identity Governance <\/h2>\n\n\n\n<p>With identities managed through Microsoft Entra ID, organisations can streamline:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Access reviews&nbsp;<\/li>\n\n\n\n<li>Entitlement management&nbsp;<\/li>\n\n\n\n<li>Lifecycle governance&nbsp;<\/li>\n\n\n\n<li>Audit reporting&nbsp;<\/li>\n\n\n\n<li>Compliance monitoring&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>The result is a governance model that is simpler to manage and easier to&nbsp;demonstrate&nbsp;to auditors and stakeholders.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The Hidden Benefit Is Operational Simplicity <\/h2>\n\n\n\n<p>Many organisations focus on the infrastructure savings associated with Active Directory retirement.<\/p>\n\n\n\n<p>In our experience, the larger benefit often comes from reducing operational complexity.&nbsp;<\/p>\n\n\n\n<p>When organisations remove unnecessary domain controllers, identity synchronisation services, legacy management processes, and duplicate governance controls, they free technical teams to focus on higher-value transformation initiatives rather than maintaining infrastructure that no longer supports strategic&nbsp;objectives.&nbsp;<\/p>\n\n\n\n<p>This often delivers benefits that extend far beyond cost reduction.&nbsp;<\/p>\n\n\n\n<p>It improves agility, accelerates change, simplifies support models, and reduces the operational burden placed on internal IT teams.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What This Doesn&#8217;t Solve&nbsp;<\/h2>\n\n\n\n<p>As significant as this announcement is, organisations should avoid assuming it automatically enables immediate Active Directory retirement. <\/p>\n\n\n\n<p>There are still many environments where Active Directory dependencies remain outside of file services. <\/p>\n\n\n\n<p>Examples may include:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Legacy applications that rely on LDAP authentication&nbsp;<\/li>\n\n\n\n<li>Group Policy dependencies&nbsp;<\/li>\n\n\n\n<li>Certificate services integrations&nbsp;<\/li>\n\n\n\n<li>Legacy line-of-business applications&nbsp;<\/li>\n\n\n\n<li>On-premises file servers&nbsp;<\/li>\n\n\n\n<li>Workloads that have not yet been modernised&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Understanding these dependencies&nbsp;remains&nbsp;a critical part of any retirement strategy.&nbsp;<\/p>\n\n\n\n<p>The most successful organisations approach Azure Files Entra-Only Authentication as one&nbsp;component&nbsp;of a broader transformation programme rather than a standalone solution.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why Technology Alone Isn&#8217;t Enough<\/h2>\n\n\n\n<p>One of the biggest mistakes organisations make is assuming that enabling a new feature automatically delivers business outcomes.&nbsp;<\/p>\n\n\n\n<p>In reality, successful&nbsp;modernisation requires careful planning.&nbsp;<\/p>\n\n\n\n<p>Questions organisations should be asking include:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Which workloads still depend on Active Directory?&nbsp;<\/li>\n\n\n\n<li>What file share permissions need to be preserved?&nbsp;<\/li>\n\n\n\n<li>How will governance processes evolve?&nbsp;<\/li>\n\n\n\n<li>What Conditional Access controls should be implemented?&nbsp;<\/li>\n\n\n\n<li>How should Azure Virtual Desktop and&nbsp;FSLogix&nbsp;environments be addressed?&nbsp;<\/li>\n\n\n\n<li>Where does Microsoft Purview fit into the future operating model?&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Without a clear strategy, organisations risk carrying legacy complexity into their cloud environment rather than&nbsp;eliminating&nbsp;it.&nbsp;<\/p>\n\n\n\n<p>This is where experienced guidance becomes critical.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why Organisations Engage Insentra<\/h2>\n\n\n\n<p>At&nbsp;Insentra, we view Active Directory retirement as far more than an infrastructure project.&nbsp;<\/p>\n\n\n\n<p>It is an opportunity to simplify operations, strengthen governance, improve security, and accelerate cloud transformation.&nbsp;<\/p>\n\n\n\n<p>Our consultants help organisations develop practical roadmaps that balance technical requirements with business outcomes.&nbsp;<\/p>\n\n\n\n<p>We work with customers to:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Identify&nbsp;dependencies preventing Active Directory retirement&nbsp;<\/li>\n\n\n\n<li>Assess file services and identity architectures&nbsp;<\/li>\n\n\n\n<li>Develop phased transition strategies&nbsp;<\/li>\n\n\n\n<li>Implement Azure Files and Entra-Only Authentication&nbsp;<\/li>\n\n\n\n<li>Design governance and security frameworks&nbsp;<\/li>\n\n\n\n<li>Establish access review and compliance processes&nbsp;<\/li>\n\n\n\n<li>Integrate Microsoft Purview capabilities for information protection and data governance&nbsp;<\/li>\n\n\n\n<li>Reduce operational complexity while&nbsp;maintaining&nbsp;business continuity&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Most importantly, we help organisations avoid the common pitfalls that delay transformation initiatives and increase risk.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The Opportunity to Finally Retire Active Directory&nbsp;<\/h2>\n\n\n\n<p>For many organisations, file shares have been the final barrier preventing a truly cloud-native identity strategy.&nbsp;<\/p>\n\n\n\n<p>Microsoft&#8217;s Entra-Only Authentication for Azure Files removes that barrier.&nbsp;<\/p>\n\n\n\n<p>The organisations that will realise the greatest value, however, will be those that approach this capability as part of a broader identity, governance, security, and transformation strategy rather than simply a technical feature deployment.&nbsp;<\/p>\n\n\n\n<p>Active Directory retirement is no longer a question of whether it is possible.&nbsp;<\/p>\n\n\n\n<p>For many organisations, the question is now how quickly they can achieve it.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Frequently Asked Questions About Azure Files Entra-Only Authentication and Active Directory Retirement<\/h2>\n\n\n\n<div data-wp-context=\"{ &quot;autoclose&quot;: false, &quot;accordionItems&quot;: [] }\" data-wp-interactive=\"core\/accordion\" role=\"group\" class=\"wp-block-accordion is-layout-flow wp-block-accordion-is-layout-flow\">\n<div data-wp-class--is-open=\"state.isOpen\" data-wp-context=\"{ &quot;id&quot;: &quot;accordion-item-1&quot;, &quot;openByDefault&quot;: false }\" data-wp-init=\"callbacks.initAccordionItems\" data-wp-on-window--hashchange=\"callbacks.hashChange\" class=\"wp-block-accordion-item is-layout-flow wp-block-accordion-item-is-layout-flow\">\n<h3 class=\"wp-block-accordion-heading\"><button aria-expanded=\"false\" aria-controls=\"accordion-item-1-panel\" data-wp-bind--aria-expanded=\"state.isOpen\" data-wp-on--click=\"actions.toggle\" data-wp-on--keydown=\"actions.handleKeyDown\" id=\"accordion-item-1\" type=\"button\" class=\"wp-block-accordion-heading__toggle\"><span class=\"wp-block-accordion-heading__toggle-title\">Can Azure Files Entra-Only Authentication replace Active Directory?<\/span><span class=\"wp-block-accordion-heading__toggle-icon\" aria-hidden=\"true\">+<\/span><\/button><\/h3>\n\n\n\n<div inert aria-labelledby=\"accordion-item-1\" data-wp-bind--inert=\"!state.isOpen\" id=\"accordion-item-1-panel\" role=\"region\" class=\"wp-block-accordion-panel is-layout-flow wp-block-accordion-panel-is-layout-flow\">\n<p>For many organisations, yes. Azure Files now supports identity-based SMB access using Microsoft Entra ID as the Kerberos authority, removing the requirement for Active Directory Domain Services or Microsoft Entra Domain Services for supported Azure Files workloads. However, organisations should first assess any remaining applications, legacy systems, or services that still depend on Active Directory.&nbsp;<\/p>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<div data-wp-context=\"{ &quot;autoclose&quot;: false, &quot;accordionItems&quot;: [] }\" data-wp-interactive=\"core\/accordion\" role=\"group\" class=\"wp-block-accordion is-layout-flow wp-block-accordion-is-layout-flow\">\n<div data-wp-class--is-open=\"state.isOpen\" data-wp-context=\"{ &quot;id&quot;: &quot;accordion-item-2&quot;, &quot;openByDefault&quot;: false }\" data-wp-init=\"callbacks.initAccordionItems\" data-wp-on-window--hashchange=\"callbacks.hashChange\" class=\"wp-block-accordion-item is-layout-flow wp-block-accordion-item-is-layout-flow\">\n<h3 class=\"wp-block-accordion-heading\"><button aria-expanded=\"false\" aria-controls=\"accordion-item-2-panel\" data-wp-bind--aria-expanded=\"state.isOpen\" data-wp-on--click=\"actions.toggle\" data-wp-on--keydown=\"actions.handleKeyDown\" id=\"accordion-item-2\" type=\"button\" class=\"wp-block-accordion-heading__toggle\"><span class=\"wp-block-accordion-heading__toggle-title\">What&nbsp;is&nbsp;Azure Files Entra-Only Authentication?&nbsp;<\/span><span class=\"wp-block-accordion-heading__toggle-icon\" aria-hidden=\"true\">+<\/span><\/button><\/h3>\n\n\n\n<div inert aria-labelledby=\"accordion-item-2\" data-wp-bind--inert=\"!state.isOpen\" id=\"accordion-item-2-panel\" role=\"region\" class=\"wp-block-accordion-panel is-layout-flow wp-block-accordion-panel-is-layout-flow\">\n<p>Azure Files Entra-Only Authentication allows users to access Azure file shares using cloud-only Microsoft Entra ID identities. This eliminates the need for traditional domain controllers, hybrid identity synchronisation, or Active Directory-based authentication for supported Azure Files environments.&nbsp;<\/p>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<div data-wp-context=\"{ &quot;autoclose&quot;: false, &quot;accordionItems&quot;: [] }\" data-wp-interactive=\"core\/accordion\" role=\"group\" class=\"wp-block-accordion is-layout-flow wp-block-accordion-is-layout-flow\">\n<div data-wp-class--is-open=\"state.isOpen\" data-wp-context=\"{ &quot;id&quot;: &quot;accordion-item-3&quot;, &quot;openByDefault&quot;: false }\" data-wp-init=\"callbacks.initAccordionItems\" data-wp-on-window--hashchange=\"callbacks.hashChange\" class=\"wp-block-accordion-item is-layout-flow wp-block-accordion-item-is-layout-flow\">\n<h3 class=\"wp-block-accordion-heading\"><button aria-expanded=\"false\" aria-controls=\"accordion-item-3-panel\" data-wp-bind--aria-expanded=\"state.isOpen\" data-wp-on--click=\"actions.toggle\" data-wp-on--keydown=\"actions.handleKeyDown\" id=\"accordion-item-3\" type=\"button\" class=\"wp-block-accordion-heading__toggle\"><span class=\"wp-block-accordion-heading__toggle-title\">Why have file shares traditionally prevented Active Directory retirement?&nbsp;<\/span><span class=\"wp-block-accordion-heading__toggle-icon\" aria-hidden=\"true\">+<\/span><\/button><\/h3>\n\n\n\n<div inert aria-labelledby=\"accordion-item-3\" data-wp-bind--inert=\"!state.isOpen\" id=\"accordion-item-3-panel\" role=\"region\" class=\"wp-block-accordion-panel is-layout-flow wp-block-accordion-panel-is-layout-flow\">\n<p>File shares have historically relied on SMB authentication backed by Active Directory. Even after organisations modernised applications, devices, and user authentication, many were forced to&nbsp;retain&nbsp;domain controllers solely to support file access.&nbsp;<\/p>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<div data-wp-context=\"{ &quot;autoclose&quot;: false, &quot;accordionItems&quot;: [] }\" data-wp-interactive=\"core\/accordion\" role=\"group\" class=\"wp-block-accordion is-layout-flow wp-block-accordion-is-layout-flow\">\n<div data-wp-class--is-open=\"state.isOpen\" data-wp-context=\"{ &quot;id&quot;: &quot;accordion-item-4&quot;, &quot;openByDefault&quot;: false }\" data-wp-init=\"callbacks.initAccordionItems\" data-wp-on-window--hashchange=\"callbacks.hashChange\" class=\"wp-block-accordion-item is-layout-flow wp-block-accordion-item-is-layout-flow\">\n<h3 class=\"wp-block-accordion-heading\"><button aria-expanded=\"false\" aria-controls=\"accordion-item-4-panel\" data-wp-bind--aria-expanded=\"state.isOpen\" data-wp-on--click=\"actions.toggle\" data-wp-on--keydown=\"actions.handleKeyDown\" id=\"accordion-item-4\" type=\"button\" class=\"wp-block-accordion-heading__toggle\"><span class=\"wp-block-accordion-heading__toggle-title\">Do organisations still need Microsoft Entra Connect?&nbsp;<\/span><span class=\"wp-block-accordion-heading__toggle-icon\" aria-hidden=\"true\">+<\/span><\/button><\/h3>\n\n\n\n<div inert aria-labelledby=\"accordion-item-4\" data-wp-bind--inert=\"!state.isOpen\" id=\"accordion-item-4-panel\" role=\"region\" class=\"wp-block-accordion-panel is-layout-flow wp-block-accordion-panel-is-layout-flow\">\n<p>Not for Azure Files authentication itself. However, organisations may still require synchronisation for other workloads that have not yet been modernised.&nbsp;<\/p>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<div data-wp-context=\"{ &quot;autoclose&quot;: false, &quot;accordionItems&quot;: [] }\" data-wp-interactive=\"core\/accordion\" role=\"group\" class=\"wp-block-accordion is-layout-flow wp-block-accordion-is-layout-flow\">\n<div data-wp-class--is-open=\"state.isOpen\" data-wp-context=\"{ &quot;id&quot;: &quot;accordion-item-5&quot;, &quot;openByDefault&quot;: false }\" data-wp-init=\"callbacks.initAccordionItems\" data-wp-on-window--hashchange=\"callbacks.hashChange\" class=\"wp-block-accordion-item is-layout-flow wp-block-accordion-item-is-layout-flow\">\n<h3 class=\"wp-block-accordion-heading\"><button aria-expanded=\"false\" aria-controls=\"accordion-item-5-panel\" data-wp-bind--aria-expanded=\"state.isOpen\" data-wp-on--click=\"actions.toggle\" data-wp-on--keydown=\"actions.handleKeyDown\" id=\"accordion-item-5\" type=\"button\" class=\"wp-block-accordion-heading__toggle\"><span class=\"wp-block-accordion-heading__toggle-title\">How does Azure Files Entra-Only Authentication support Zero Trust?&nbsp;<\/span><span class=\"wp-block-accordion-heading__toggle-icon\" aria-hidden=\"true\">+<\/span><\/button><\/h3>\n\n\n\n<div inert aria-labelledby=\"accordion-item-5\" data-wp-bind--inert=\"!state.isOpen\" id=\"accordion-item-5-panel\" role=\"region\" class=\"wp-block-accordion-panel is-layout-flow wp-block-accordion-panel-is-layout-flow\">\n<p>Because authentication is performed through Microsoft Entra ID, organisations can apply Conditional Access policies, device compliance requirements, risk-based authentication controls, passwordless authentication, and location-aware access restrictions to file access.&nbsp;<\/p>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<div data-wp-context=\"{ &quot;autoclose&quot;: false, &quot;accordionItems&quot;: [] }\" data-wp-interactive=\"core\/accordion\" role=\"group\" class=\"wp-block-accordion is-layout-flow wp-block-accordion-is-layout-flow\">\n<div data-wp-class--is-open=\"state.isOpen\" data-wp-context=\"{ &quot;id&quot;: &quot;accordion-item-6&quot;, &quot;openByDefault&quot;: false }\" data-wp-init=\"callbacks.initAccordionItems\" data-wp-on-window--hashchange=\"callbacks.hashChange\" class=\"wp-block-accordion-item is-layout-flow wp-block-accordion-item-is-layout-flow\">\n<h3 class=\"wp-block-accordion-heading\"><button aria-expanded=\"false\" aria-controls=\"accordion-item-6-panel\" data-wp-bind--aria-expanded=\"state.isOpen\" data-wp-on--click=\"actions.toggle\" data-wp-on--keydown=\"actions.handleKeyDown\" id=\"accordion-item-6\" type=\"button\" class=\"wp-block-accordion-heading__toggle\"><span class=\"wp-block-accordion-heading__toggle-title\">Can existing NTFS permissions still be used?<\/span><span class=\"wp-block-accordion-heading__toggle-icon\" aria-hidden=\"true\">+<\/span><\/button><\/h3>\n\n\n\n<div inert aria-labelledby=\"accordion-item-6\" data-wp-bind--inert=\"!state.isOpen\" id=\"accordion-item-6-panel\" role=\"region\" class=\"wp-block-accordion-panel is-layout-flow wp-block-accordion-panel-is-layout-flow\">\n<p>Yes. Azure Files continues to support NTFS ACLs for granular file and folder permissions while Azure RBAC manages share-level access.&nbsp;<\/p>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<div data-wp-context=\"{ &quot;autoclose&quot;: false, &quot;accordionItems&quot;: [] }\" data-wp-interactive=\"core\/accordion\" role=\"group\" class=\"wp-block-accordion is-layout-flow wp-block-accordion-is-layout-flow\">\n<div data-wp-class--is-open=\"state.isOpen\" data-wp-context=\"{ &quot;id&quot;: &quot;accordion-item-7&quot;, &quot;openByDefault&quot;: false }\" data-wp-init=\"callbacks.initAccordionItems\" data-wp-on-window--hashchange=\"callbacks.hashChange\" class=\"wp-block-accordion-item is-layout-flow wp-block-accordion-item-is-layout-flow\">\n<h3 class=\"wp-block-accordion-heading\"><button aria-expanded=\"false\" aria-controls=\"accordion-item-7-panel\" data-wp-bind--aria-expanded=\"state.isOpen\" data-wp-on--click=\"actions.toggle\" data-wp-on--keydown=\"actions.handleKeyDown\" id=\"accordion-item-7\" type=\"button\" class=\"wp-block-accordion-heading__toggle\"><span class=\"wp-block-accordion-heading__toggle-title\">Is Active Directory retirement only a technology project?&nbsp;<\/span><span class=\"wp-block-accordion-heading__toggle-icon\" aria-hidden=\"true\">+<\/span><\/button><\/h3>\n\n\n\n<div inert aria-labelledby=\"accordion-item-7\" data-wp-bind--inert=\"!state.isOpen\" id=\"accordion-item-7-panel\" role=\"region\" class=\"wp-block-accordion-panel is-layout-flow wp-block-accordion-panel-is-layout-flow\">\n<p>No. Successful retirement requires consideration of governance, security, compliance, operational processes, application dependencies, and user experience.&nbsp;<\/p>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<div data-wp-context=\"{ &quot;autoclose&quot;: false, &quot;accordionItems&quot;: [] }\" data-wp-interactive=\"core\/accordion\" role=\"group\" class=\"wp-block-accordion is-layout-flow wp-block-accordion-is-layout-flow\">\n<div data-wp-class--is-open=\"state.isOpen\" data-wp-context=\"{ &quot;id&quot;: &quot;accordion-item-8&quot;, &quot;openByDefault&quot;: false }\" data-wp-init=\"callbacks.initAccordionItems\" data-wp-on-window--hashchange=\"callbacks.hashChange\" class=\"wp-block-accordion-item is-layout-flow wp-block-accordion-item-is-layout-flow\">\n<h3 class=\"wp-block-accordion-heading\"><button aria-expanded=\"false\" aria-controls=\"accordion-item-8-panel\" data-wp-bind--aria-expanded=\"state.isOpen\" data-wp-on--click=\"actions.toggle\" data-wp-on--keydown=\"actions.handleKeyDown\" id=\"accordion-item-8\" type=\"button\" class=\"wp-block-accordion-heading__toggle\"><span class=\"wp-block-accordion-heading__toggle-title\">What should organisations assess before retiring Active Directory?&nbsp;<\/span><span class=\"wp-block-accordion-heading__toggle-icon\" aria-hidden=\"true\">+<\/span><\/button><\/h3>\n\n\n\n<div inert aria-labelledby=\"accordion-item-8\" data-wp-bind--inert=\"!state.isOpen\" id=\"accordion-item-8-panel\" role=\"region\" class=\"wp-block-accordion-panel is-layout-flow wp-block-accordion-panel-is-layout-flow\">\n<p>Key areas include file service dependencies, legacy applications, authentication requirements, Group Policy dependencies, governance processes, access management controls, Azure Virtual Desktop requirements, and information protection strategies.&nbsp;<\/p>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<div data-wp-context=\"{ &quot;autoclose&quot;: false, &quot;accordionItems&quot;: [] }\" data-wp-interactive=\"core\/accordion\" role=\"group\" class=\"wp-block-accordion is-layout-flow wp-block-accordion-is-layout-flow\">\n<div data-wp-class--is-open=\"state.isOpen\" data-wp-context=\"{ &quot;id&quot;: &quot;accordion-item-9&quot;, &quot;openByDefault&quot;: false }\" data-wp-init=\"callbacks.initAccordionItems\" data-wp-on-window--hashchange=\"callbacks.hashChange\" class=\"wp-block-accordion-item is-layout-flow wp-block-accordion-item-is-layout-flow\">\n<h3 class=\"wp-block-accordion-heading\"><button aria-expanded=\"false\" aria-controls=\"accordion-item-9-panel\" data-wp-bind--aria-expanded=\"state.isOpen\" data-wp-on--click=\"actions.toggle\" data-wp-on--keydown=\"actions.handleKeyDown\" id=\"accordion-item-9\" type=\"button\" class=\"wp-block-accordion-heading__toggle\"><span class=\"wp-block-accordion-heading__toggle-title\">How can organisations accelerate Active Directory retirement?&nbsp;<\/span><span class=\"wp-block-accordion-heading__toggle-icon\" aria-hidden=\"true\">+<\/span><\/button><\/h3>\n\n\n\n<div inert aria-labelledby=\"accordion-item-9\" data-wp-bind--inert=\"!state.isOpen\" id=\"accordion-item-9-panel\" role=\"region\" class=\"wp-block-accordion-panel is-layout-flow wp-block-accordion-panel-is-layout-flow\">\n<p>The most successful organisations begin with a dependency assessment,&nbsp;establish&nbsp;a target identity architecture, modernise remaining workloads, and implement governance controls early in the process.&nbsp;<\/p>\n\n\n\n<p>For organisations that have spent years trying to remove Active Directory from their environment, Azure Files Entra-Only Authentication may&nbsp;represent&nbsp;the missing piece of the puzzle. The opportunity now is not simply to modernise file services, but to complete the broader identity transformation initiatives that have&nbsp;remained&nbsp;just out of reach.&nbsp;<\/p>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<div data-wp-context=\"{ &quot;autoclose&quot;: false, &quot;accordionItems&quot;: [] }\" data-wp-interactive=\"core\/accordion\" role=\"group\" class=\"wp-block-accordion is-layout-flow wp-block-accordion-is-layout-flow\">\n<div data-wp-class--is-open=\"state.isOpen\" data-wp-context=\"{ &quot;id&quot;: &quot;accordion-item-10&quot;, &quot;openByDefault&quot;: false }\" data-wp-init=\"callbacks.initAccordionItems\" data-wp-on-window--hashchange=\"callbacks.hashChange\" class=\"wp-block-accordion-item is-layout-flow wp-block-accordion-item-is-layout-flow\">\n<h3 class=\"wp-block-accordion-heading\"><button aria-expanded=\"false\" aria-controls=\"accordion-item-10-panel\" data-wp-bind--aria-expanded=\"state.isOpen\" data-wp-on--click=\"actions.toggle\" data-wp-on--keydown=\"actions.handleKeyDown\" id=\"accordion-item-10\" type=\"button\" class=\"wp-block-accordion-heading__toggle\"><span class=\"wp-block-accordion-heading__toggle-title\">Ready to Assess Your Active Directory Retirement Strategy?&nbsp;<\/span><span class=\"wp-block-accordion-heading__toggle-icon\" aria-hidden=\"true\">+<\/span><\/button><\/h3>\n\n\n\n<div inert aria-labelledby=\"accordion-item-10\" data-wp-bind--inert=\"!state.isOpen\" id=\"accordion-item-10-panel\" role=\"region\" class=\"wp-block-accordion-panel is-layout-flow wp-block-accordion-panel-is-layout-flow\">\n<p>If&nbsp;you&#8217;re&nbsp;evaluating Active Directory retirement, modernising file services, simplifying your identity architecture, or strengthening governance across your Microsoft environment,&nbsp;Insentra&nbsp;can help.<\/p>\n\n\n\n<p>Our specialists can assess your current dependencies, identify opportunities for simplification, and develop a practical roadmap that reduces risk while accelerating outcomes.&nbsp;&nbsp;<\/p>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<br>\n\n\n\n<p><a href=\"https:\/\/www.insentragroup.com\/us\/contact\/\" target=\"_blank\" rel=\"noreferrer noopener\">Contact\u00a0Insentra<\/a> today to discuss how Azure Files Entra-Only Authentication can support your broader transformation goals and help your organisation move confidently towards a cloud-native future.<\/p>\n\n\n\n<style>\n.wp-block-accordion-heading__toggle-title {\n    text-transform: none;\n    color: #373737;\n}\n\n.wp-block-accordion-item.is-open>.wp-block-accordion-heading .wp-block-accordion-heading__toggle-icon {\n    color: #373737;\n}\n\n.wp-block-accordion-heading__toggle-icon {\n    color: #373737;\n}\n\n.elementor-kit-36 button{\n    background-color: transparent;\n    border-bottom: 1px solid #ccc;\n}\n<\/style>\n","protected":false},"excerpt":{"rendered":"<p>Azure Files Entra-Only identities remove a key barrier to Active Directory retirement. Learn how to simplify identity and governance.<\/p>\n","protected":false},"author":199,"featured_media":25503,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[19],"tags":[],"class_list":["post-25502","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-modern-workplace","entry"],"_links":{"self":[{"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/posts\/25502","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/users\/199"}],"replies":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/comments?post=25502"}],"version-history":[{"count":1,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/posts\/25502\/revisions"}],"predecessor-version":[{"id":25504,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/posts\/25502\/revisions\/25504"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/media\/25503"}],"wp:attachment":[{"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/media?parent=25502"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/categories?post=25502"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/tags?post=25502"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}