Merge pull request #248696 from normesta/normesta-reg-updates-12

Updating as per some discussions with PM

Author: prmerger-automator[bot]

articles/storage/blobs/network-file-system-protocol-known-issues.md

@@ -6,9 +6,9 @@ author: normesta
 
 ms.service: azure-data-lake-storage
 ms.topic: conceptual
-ms.date: 06/23/2021
+ms.date: 08/18/2023
 ms.author: normesta
-ms.reviewer: yzheng
+
 ---
 
 # Known issues with Network File System (NFS) 3.0 protocol support for Azure Blob Storage
@@ -26,6 +26,8 @@ This article describes limitations and known issues of Network File System (NFS)
 
 - GRS, GZRS, and RA-GRS redundancy options aren't supported when you create an NFS 3.0 storage account.
 
+- Access control lists (ACLs) can't be used to authorize an NFS 3.0 request. In fact, if the ACL or a blob or directory contains an entry for a named user or group, that file becomes inaccessible on the client for non-root users. You'll have to remove these entries to restore access to non-root users on the client.  For information about how to remove an ACL entry for named users and groups, see [How to set ACLs](data-lake-storage-access-control.md#how-to-set-acls).
+
 ## NFS 3.0 features
 
 The following NFS 3.0 features aren't yet supported.

articles/storage/blobs/network-file-system-protocol-support-how-to.md

@@ -6,9 +6,9 @@ author: normesta
 
 ms.service: storage
 ms.topic: conceptual
-ms.date: 06/21/2023
+ms.date: 08/18/2023
 ms.author: normesta
-ms.reviewer: yzheng
+
 ---
 
 # Mount Blob Storage by using the Network File System (NFS) 3.0 protocol
@@ -24,9 +24,9 @@ Your storage account must be contained within a virtual network. A virtual netwo
 
 ## Step 2: Configure network security
 
-Currently, the only way to secure the data in your storage account is by using a virtual network and other network security settings. Any other tools used to secure data, including account key authorization, Azure Active Directory (Azure AD) security, and access control lists (ACLs), are not yet supported in accounts that have the NFS 3.0 protocol support enabled on them.
+Currently, the only way to secure the data in your storage account is by using a virtual network and other network security settings. See [Network security recommendations for Blob storage](security-recommendations.md#networking).
 
-To secure the data in your account, see these recommendations: [Network security recommendations for Blob storage](security-recommendations.md#networking).
+Any other tools used to secure data, including account key authorization, Azure Active Directory (Azure AD) security, and access control lists (ACLs) can't be used to authorize an NFS 3.0 request. In fact, if you add an entry for a named user or group to the ACL of a blob or directory, that file becomes inaccessible on the client for non-root users. You would have to remove that entry to restore access to non-root users on the client.
 
 > [!IMPORTANT]
 > The NFS 3.0 protocol uses ports 111 and 2048. If you're connecting from an on-premises network, make sure that your client allows outgoing communication through those ports. If you have granted access to specific VNets, make sure that any network security groups associated with those VNets don't contain security rules that block incoming communication through those ports.

articles/storage/blobs/network-file-system-protocol-support.md

@@ -6,9 +6,9 @@ author: normesta
 
 ms.service: storage
 ms.topic: conceptual
-ms.date: 02/14/2023
+ms.date: 08/18/2023
 ms.author: normesta
-ms.reviewer: yzheng
+
 ---
 
 # Network File System (NFS) 3.0 protocol support for Azure Blob Storage
@@ -54,7 +54,7 @@ For step-by-step guidance, see [Mount Blob storage by using the Network File Sys
 
 ## Network security
 
-Traffic must originate from a VNet. A VNet enables clients to securely connect to your storage account. The only way to secure the data in your account is by using a VNet and other network security settings. Any other tool used to secure data including account key authorization, Azure Active Directory (AD) security, and access control lists (ACLs) are not yet supported in accounts that have the NFS 3.0 protocol support enabled on them.
+Traffic must originate from a VNet. A VNet enables clients to securely connect to your storage account. The only way to secure the data in your account is by using a VNet and other network security settings. Any other tool used to secure data including account key authorization, Azure Active Directory (AD) security, and access control lists (ACLs) can't be used to authorize an NFS 3.0 request.
 
 To learn more, see [Network security recommendations for Blob storage](security-recommendations.md#networking).