MicrosoftDocs
diff --git a/‎articles/storage/files/media/storage-files-active-directory-overview/files-ad-ds-auth-diagram.png
2.9 KB b/‎articles/storage/files/media/storage-files-active-directory-overview/files-ad-ds-auth-diagram.png
2.9 KB
diff --git a/‎articles/storage/files/media/storage-files-active-directory-overview/files-azure-ad-ds-auth-diagram.png
-80 KB b/‎articles/storage/files/media/storage-files-active-directory-overview/files-azure-ad-ds-auth-diagram.png
-80 KB
diff --git a/‎articles/storage/files/media/storage-files-active-directory-overview/files-azure-ad-kerberos-diagram.png
-72.3 KB b/‎articles/storage/files/media/storage-files-active-directory-overview/files-azure-ad-kerberos-diagram.png
-72.3 KB
diff --git a/‎articles/storage/files/media/storage-files-active-directory-overview/files-microsoft-entra-domain-services-auth-diagram.png
86.8 KB b/‎articles/storage/files/media/storage-files-active-directory-overview/files-microsoft-entra-domain-services-auth-diagram.png
86.8 KB
diff --git a/‎articles/storage/files/media/storage-files-active-directory-overview/files-microsoft-entra-kerberos-diagram.png
77.8 KB b/‎articles/storage/files/media/storage-files-active-directory-overview/files-microsoft-entra-kerberos-diagram.png
77.8 KB
diff --git a/‎articles/storage/files/storage-files-active-directory-overview.md
Lines changed: 7 additions & 12 deletions b/‎articles/storage/files/storage-files-active-directory-overview.md
Lines changed: 7 additions & 12 deletions
@@ -4,23 +4,16 @@ description: Azure Files supports identity-based authentication over SMB (Server
 author: khdownie
 ms.service: azure-file-storage
 ms.topic: conceptual
-ms.date: 11/22/2023
+ms.date: 10/03/2024
 ms.author: kendownie
-ms.custom: engagement-fy23
 ---
 
 # Overview of Azure Files identity-based authentication options for SMB access
 
 This article explains how Azure file shares can use domain services, either on-premises or in Azure, to support identity-based access to Azure file shares over SMB. Enabling identity-based access for your Azure file shares allows you to replace existing file servers with Azure file shares without replacing your existing directory service, maintaining seamless user access to shares.
 
-## Applies to
-| File share type | SMB | NFS |
-|-|:-:|:-:|
-| Standard file shares (GPv2), LRS/ZRS | ![Yes](../media/icons/yes-icon.png) | ![No](../media/icons/no-icon.png) |
-| Standard file shares (GPv2), GRS/GZRS | ![Yes](../media/icons/yes-icon.png) | ![No](../media/icons/no-icon.png) |
-| Premium file shares (FileStorage), LRS/ZRS | ![Yes](../media/icons/yes-icon.png) | ![No](../media/icons/no-icon.png) |
+## Glossary
 
-## Glossary 
 It's helpful to understand some key terms relating to identity-based authentication for Azure file shares:
 
 -   **Kerberos authentication**
@@ -82,6 +75,7 @@ When you lift and shift applications to the cloud, you want to keep the same aut
 If you're keeping your primary file storage on-premises, Azure file shares can serve as an ideal storage for backup or DR, to improve business continuity. You can use Azure file shares to back up your data from existing file servers while preserving Windows discretionary access control lists (DACLs). For DR scenarios, you can configure an authentication option to support proper access control enforcement at failover.
 
 ## Advantages of identity-based authentication
+
 Identity-based authentication for Azure Files offers several benefits over using Shared Key authentication:
 
 -   **Extend the traditional identity-based file share access experience to the cloud**  
@@ -121,7 +115,7 @@ The following diagram represents the workflow for Microsoft Entra Domain Service
 
 2. All users that exist in Microsoft Entra ID can be authenticated and authorized. The user can be cloud-only or hybrid. The sync from Microsoft Entra ID to Microsoft Entra Domain Services is managed by the platform without requiring any user configuration. However, the client must be joined to the Microsoft Entra Domain Services hosted domain. It can't be Microsoft Entra joined or registered. Microsoft Entra Domain Services doesn't support non-Azure clients (i.e. user laptops, workstations, VMs in other clouds, etc.) being domain-joined to the Microsoft Entra Domain Services hosted domain. However, it's possible to mount a file share from a non-domain-joined client by providing explicit credentials such as DOMAINNAME\username or using the fully qualified domain name (username@FQDN).
 
-:::image type="content" source="media/storage-files-active-directory-overview/files-azure-ad-ds-auth-diagram.png" alt-text="Diagram of configuration for Microsoft Entra Domain Services authentication with Azure Files over SMB.":::
+:::image type="content" source="media/storage-files-active-directory-overview/files-microsoft-entra-domain-services-auth-diagram.png" alt-text="Diagram of configuration for Microsoft Entra Domain Services authentication with Azure Files over SMB.":::
 
 To learn how to enable Microsoft Entra Domain Services authentication, see [Enable Microsoft Entra Domain Services authentication on Azure Files](storage-files-identity-auth-domain-services-enable.md).
 
@@ -134,7 +128,7 @@ Enabling and configuring Microsoft Entra ID for authenticating [hybrid user iden
 > [!IMPORTANT]
 > Microsoft Entra Kerberos authentication only supports hybrid user identities; it doesn't support cloud-only identities. A traditional AD DS deployment is required, and it must be synced to Microsoft Entra ID using Microsoft Entra Connect Sync or Microsoft Entra Connect cloud sync. Clients must be Microsoft Entra joined or [Microsoft Entra hybrid joined](../../active-directory/devices/hybrid-join-plan.md). Microsoft Entra Kerberos isn’t supported on clients joined to Microsoft Entra Domain Services or joined to AD only.
 
-:::image type="content" source="media/storage-files-active-directory-overview/files-azure-ad-kerberos-diagram.png" alt-text="Diagram of configuration for Microsoft Entra Kerberos authentication for hybrid identities over SMB.":::
+:::image type="content" source="media/storage-files-active-directory-overview/files-microsoft-entra-kerberos-diagram.png" alt-text="Diagram of configuration for Microsoft Entra Kerberos authentication for hybrid identities over SMB.":::
 
 To learn how to enable Microsoft Entra Kerberos authentication for hybrid identities, see [Enable Microsoft Entra Kerberos authentication for hybrid identities on Azure Files](storage-files-identity-auth-hybrid-identities-enable.md).
 
@@ -174,11 +168,12 @@ Azure Files supports preserving directory or file level ACLs when copying data t
 There's no additional service charge to enable identity-based authentication over SMB on your storage account. For more information on pricing, see [Azure Files pricing](https://azure.microsoft.com/pricing/details/storage/files/) and [Microsoft Entra Domain Services pricing](https://azure.microsoft.com/pricing/details/active-directory-ds/).
 
 ## Next steps
+
 For more information about Azure Files and identity-based authentication over SMB, see these resources:
 
 - [Planning for an Azure Files deployment](storage-files-planning.md)
 - [Overview - on-premises Active Directory Domain Services authentication over SMB for Azure file shares](storage-files-identity-auth-active-directory-enable.md)
 - [Enable Microsoft Entra Domain Services authentication on Azure Files](storage-files-identity-auth-domain-services-enable.md)
 - [Enable Microsoft Entra Kerberos authentication for hybrid identities on Azure Files](storage-files-identity-auth-hybrid-identities-enable.md)
 - [Enable AD Kerberos authentication for Linux clients](storage-files-identity-auth-linux-kerberos-enable.md)
-- [FAQ](storage-files-faq.md)
+- [FAQ](storage-files-faq.md#identity-based-authentication)