It should be A,
I just created a storage account,
then created a file share,
went to IAM,
and it says : To give individual accounts access to the file share (Kerberos), enable identity-based authentication for the storage account.
A is correct I am getting the same message when I go to IAM on File Share.
'To give individual accounts access to the file share (Kerberos), enable identity-based authentication for the storage account'
but its not asking how to give access, its asking what to do first. So dont you need to configure the access control before enabling identity-based data access for the file shares in storage1?
Still in 2024, is A correct
3. In the File share settings section, select Identity-based access: Not configured.
4. Under Microsoft Entra Domain Services select Set up, then enable the feature by ticking the checkbox.
https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-domain-services-enable?tabs=azure-portal#enable-microsoft-entra-domain-services-authentication-for-your-account
I also thought it was A. Then I freaked and started doubting when I saw the Vote Distribution being 50-50 between A & D. Thanks for testing and confirming for us. Correct answer should be A then!
https://learn.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-overview
How it works
Azure file shares use the Kerberos protocol to authenticate with an AD source.
You can enable identity-based authentication on your new and existing storage accounts using one of three AD sources: AD DS, Azure AD DS, or Azure AD Kerberos (hybrid identities only). Only one AD source can be used for file access authentication on the storage account, which applies to all file shares in the account. Before you can enable identity-based authentication on your storage account, you must first set up your domain environment.
After arguing with ChatGPT here is the answer:
The correct steps to assign User1 the Storage File Data SMB Share Contributor role for share1 are:
1. Enable identity-based data access for the file shares in storage1.
2. Configure Access control (IAM) for share1 and add User1 as a role assignment with the Storage File Data SMB Share Contributor role.
So the correct answer is A.
To assign Azure AD roles like Storage File Data SMB Share Contributor, you must first:
Enable Azure Active Directory (Azure AD) integration on the storage account for file shares.
This is done by enabling identity-based access.
Then, configure Access Control (IAM) to assign the appropriate role.
Why not the others?
B. Modify the security profile – Not the required first step for RBAC.
C. Select Default to Azure Active Directory authorization – This is done later; enabling identity-based access is first.
D. Configure Access control (IAM) – You can't assign roles until the storage account supports identity-based access.
Before you can effectively assign the SMB Contributor role, you must enable Azure AD (identity-based access) for the storage account.
https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-overview
It should be A,
I just created a storage account,
then created a file share,
went to IAM,
and it says : To give individual accounts access to the file share (Kerberos), enable identity-based authentication for the storage account.
It's A. This one is one of many "gotcha" moments. This only applies to SMB access. You can assign that role as per point D. It will succeed. Yet, the catch is that allows access to the control plane and not the data plane. The data plane access is completing point A. I believe there is some authentication behind the scenes to allow this file share to work hence doing point A first then point D.
A is correct I am getting the same message when I go to IAM on File Share.
'To give individual accounts access to the file share (Kerberos), enable identity-based authentication for the storage account'
Go to Azure Portal
Create a new storage account
Create a new File Share
Go to the File Share > IAM > Add Role Assignment > Storage File Data SMB Share Contributor
https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-assign-share-level-permissions?tabs=azure-portal
To assign an Azure role to a Microsoft Entra identity, using the Azure portal, follow these steps:
1. In the Azure portal, go to your file share, or create an SMB file share.
2. Select Access Control (IAM).
3. Select Add a role assignment
4. In the Add role assignment blade, select the appropriate built-in role from the Role list.
5. Leave Assign access to at the default setting: Microsoft Entra user, group, or service principal. Select the target Microsoft Entra identity by name or email address. The selected Microsoft Entra identity must be a hybrid identity and cannot be a cloud only identity. This means that the same identity is also represented in AD DS.
6. Select Save to complete the role assignment operation.
The correct answer is A. Enable identity-based data access for the file shares in Storage1
Enable identity-based data access for the file shares in Storage1:
This step is necessary to allow Azure AD identities to access the file shares. Without enabling identity-based data access, you cannot assign Azure AD roles like the Storage File Data SMB Share Contributor role to users for accessing file shares.
Modify the security profile for the file shares in Storage1:
This option is not relevant to the task. Modifying the security profile does not enable identity-based access or allow role assignments. Security profiles typically involve settings related to encryption, access protocols, and other security configurations.
Select Default to Azure Active Directory authorization in the Azure portal for Storage1:
While this option is related to enabling Azure AD authorization, it is not the first step. You need to enable identity-based data access first before you can configure Azure AD authorization settings.
Go to Azure Portal
Create a new storage account
Create a new File Share
Go to the File Share > IAM > Add Role Assignment > Storage File Data SMB Share Contributor
This section is not available anymore. Please use the main Exam Page.AZ-104 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
macrawat
Highly Voted 2 years, 4 months agoyettie79
2 years, 4 months agoriquesg
2 years, 3 months agogarmatey
2 years, 2 months agoc75e123
7 months, 2 weeks agoIndy429
1 year, 7 months agoSlimus
2 years, 3 months agomfalkjunk
Highly Voted 2 years, 4 months agoAndreLima
2 years, 2 months agomaxsteele
1 year, 10 months agofensitutor
Most Recent 1 week, 5 days agoahmadniknam
2 weeks, 1 day agoIan88
2 weeks, 1 day agoAzghouls
3 weeks, 4 days agoAzghouls
3 weeks, 4 days agoMasterMans
3 weeks, 6 days agonagesh21
1 month, 1 week agoCMal
1 month, 3 weeks agoahmadsaquib
2 months, 4 weeks ago4f45fce
3 months, 2 weeks agormacjj
3 months, 4 weeks agokriChe27
4 months, 1 week agokriChe27
4 months, 1 week agoAndrewChedid
4 months, 1 week agoPonpon3185
4 months, 3 weeks agonetloony
4 months, 3 weeks agoPonpon3185
5 months ago