This chapter covers Azure Files and Azure File Sync, two key services for migrating and managing file shares in the cloud. Understanding these services is critical for the AZ-900 exam, as they represent core migration and hybrid storage scenarios. The 'Azure Architecture Services' objective area, which includes storage, compute, and networking, typically accounts for about 30-35% of the exam. By the end of this chapter, you'll know exactly how these services work, when to use them, and what the exam expects you to remember.
Jump to a section
Imagine a company with five branch offices, each maintaining its own paper filing cabinets for client contracts. Every time a contract is updated at one branch, employees must physically photocopy the new version and mail it to the other four branches—a slow, error-prone process. Now, replace those local cabinets with a single, secure central filing room at headquarters. All branches connect via a high-speed pneumatic tube system. When a branch updates a contract, the new version is immediately sent to the central room, which stores the master copy. The central room then instantly notifies all other branches that a new version is available, but doesn't force them to take a copy—they can access the master on demand. The central room also keeps a change history, so you can see who updated what and when. If a branch's connection is slow, they can request a local cache—a temporary copy that syncs automatically with the master. Azure Files works like that central room: a single, cloud-hosted SMB file share accessible from anywhere via the internet or Azure VPN/ExpressRoute. Azure File Sync adds the caching layer: it lets you keep frequently accessed files on local servers while ensuring they stay synchronized with the cloud share. The 'pneumatic tube' is the SMB protocol over the network, and the 'notification system' is Azure File Sync's change detection and sync engine.
What is Azure Files and the Business Problem It Solves
Azure Files is a fully managed file share service in the cloud that uses the Server Message Block (SMB) protocol and the Network File System (NFS) protocol. Imagine your company has dozens of on-premises file servers storing shared documents, project files, and configuration scripts. Maintaining those servers requires hardware procurement, patching, backup, and disaster recovery planning. Azure Files eliminates that overhead by providing a cloud-based file share that you can mount just like a local drive from Windows, Linux, or macOS machines, either on-premises or in Azure.
The core business problem Azure Files solves is the need for a central, highly available, and scalable file storage that multiple users and applications can access simultaneously without managing physical servers. For example, a global engineering team can use Azure Files to share CAD drawings; an enterprise can lift-and-shift legacy applications that require SMB file shares; or a DevOps team can share configuration files across virtual machines.
How It Works: Step-by-Step Mechanism
Azure Files operates on a simple but powerful architecture. You start by creating a storage account in Azure. Within that storage account, you create a file share. The file share is accessible via a UNC path like \\mystorageaccount.file.core.windows.net\myshare. Behind the scenes, Azure stores the file data as objects in blob storage but exposes it through the SMB protocol. This means you get the reliability and durability of Azure Blob Storage (99.9999999999% durability for RA-GRS) with the familiar SMB interface.
When a client mounts the share, it uses standard SMB 3.0 (or later) with encryption. Azure enforces encryption in transit for SMB connections—unencrypted SMB 2.1 is not allowed. This is a key exam point: Azure Files requires SMB 3.0+ with encryption for connections over the internet. For on-premises clients, you can use Azure VPN Gateway or ExpressRoute to connect privately, and then SMB 2.1+ is allowed because the traffic is already encrypted by the VPN/tunnel.
Azure Files supports both Active Directory Domain Services (AD DS) and Azure Active Directory (Azure AD) for authentication. You can set NTFS-style permissions on folders and files, just like on a Windows file server. This makes it a seamless drop-in replacement for many on-premises file servers.
Key Components, Tiers, and Pricing
Azure Files has two main performance tiers: Standard and Premium.
Standard file shares: Backed by magnetic hard drives (HDD) or solid-state drives (SSD) depending on the storage account type. They offer up to 100 TiB per share, with a maximum of 10,000 IOPS per share (though actual performance varies by file size and access pattern). Standard shares are cost-effective for general-purpose file sharing, home directories, and dev/test environments.
Premium file shares: Backed exclusively by SSD and deployed as FileStorage storage accounts. They offer consistent high IOPS (up to 100,000 per share) and low latency (single-digit milliseconds). Premium shares are designed for performance-sensitive workloads like SQL Server databases, high-performance computing (HPC), and real-time analytics.
Within Standard, there are two transaction-optimized tiers: Transaction Optimized (for high transaction workloads like log files) and Cool (for infrequently accessed data like archives). The Cool tier has lower storage cost but higher transaction costs, so it's only cost-effective for data you access rarely.
Pricing for Azure Files includes storage cost (per GB/month) plus transaction cost (per operation). For Standard shares, you also pay for data access (read/write/list operations). Premium shares have a higher storage cost but no transaction cost—you pay for provisioned capacity, not used capacity.
Comparison to On-Premises File Servers
On-premises file servers require upfront hardware investment, ongoing maintenance, backup software, and disaster recovery planning. Azure Files provides built-in redundancy (LRS, ZRS, GRS, RA-GRS), automatic failover, and snapshots (file share snapshots) for point-in-time recovery. You can also integrate with Azure Backup for managed backups.
However, Azure Files has some limitations compared to on-premises: it doesn't support SMB Multichannel in all regions (though it's rolling out), and it has a maximum file size of 1 TiB (Standard) or 4 TiB (Premium). Also, certain legacy applications may require features like DFS-R or FSRM, which Azure Files does not natively support—but Azure File Sync can bridge some gaps.
Azure File Sync: Extending On-Premises to the Cloud
Azure File Sync is a service that caches Azure file shares on Windows Servers on-premises or in other clouds. It uses a sync engine to keep the local server's file share in sync with the Azure file share. The key feature is cloud tiering: you can set a policy that only the most recently accessed files are kept locally; older or less frequently accessed files are replaced with a stub (a pointer) and the actual data resides only in Azure. When a user accesses a stub, the file is seamlessly recalled from Azure.
This solves a huge problem: you can migrate your file servers to Azure without changing how users access files. Users still connect to the same UNC path on the local server, but the server is now a cache for the cloud share. This gives you a single, central file share in Azure that all your branch offices can sync to, eliminating the need for complex DFS replication.
Azure Portal and CLI Touchpoints
You can create and manage Azure file shares and File Sync via the Azure portal, Azure CLI, or PowerShell.
To create a file share via CLI:
az storage share create --name myshare --account-name mystorageaccount --quota 100To set up Azure File Sync, you first create a Storage Sync Service resource, then register your Windows Server with the service, and finally create a sync group that connects the Azure file share to the server's local path.
# Create Storage Sync Service
az storagesync create --resource-group myRG --name mySyncService --location eastus
# Register server (run on the server)
Install-Module -Name Az.StorageSync
Register-AzStorageSyncServer -ResourceGroupName myRG -StorageSyncServiceName mySyncService
# Create sync group
az storagesync sync-group create --resource-group myRG --storage-sync-service mySyncService --name mySyncGroupThese commands are not required for AZ-900, but understanding the workflow helps you visualize the architecture.
Create an Azure Storage Account
First, you need a storage account in Azure. This is the container that holds all your file shares. You choose the subscription, resource group, region, and performance tier (Standard or Premium). For Standard, you also pick the redundancy option (LRS, GRS, etc.). The storage account name must be globally unique, 3-24 characters, lowercase letters and numbers only. Once created, you can access the file share via the storage account's endpoint.
Create an Azure File Share
Inside the storage account, you create a file share. You give it a name (lowercase letters, numbers, hyphens) and set a quota (maximum size in GiB, up to 100 TiB for Standard, 100 TiB for Premium). After creation, you get a UNC path like `\\mystorageaccount.file.core.windows.net\myshare`. You can also enable file share snapshots for point-in-time recovery. By default, the share is private and requires authentication.
Configure Authentication and Access
Azure Files supports identity-based authentication using on-premises AD DS or Azure AD. You need to enable identity-based access on the storage account and assign role-based access control (RBAC) roles like 'Storage File Data SMB Share Reader' or 'Contributor'. For on-premises clients, you can also use storage account keys (full access). On the exam, remember that Azure Files requires SMB 3.0+ with encryption for internet connections; for VPN/ExpressRoute, older SMB versions are allowed.
Mount the File Share on a Client
On Windows, you can map a drive using the `net use` command: `net use Z: \\mystorageaccount.file.core.windows.net\myshare`. On Linux, you use the `mount` command with the cifs-utils package. macOS supports SMB mounting via Finder. Azure Files also supports mounting from Azure VMs in the same region with no egress charges. For hybrid scenarios, you can use Azure File Sync to cache the share on an on-premises Windows Server.
Set Up Azure File Sync (Optional)
If you want to extend your on-premises file server to the cloud, you deploy Azure File Sync. First, create a Storage Sync Service resource in the same region as your Azure file share. Then, install the Azure File Sync agent on your Windows Server and register it. Finally, create a sync group that links the Azure file share to a local server path. Enable cloud tiering to automatically free up local space by tiering cold files to Azure. The sync engine detects changes every 24 hours (or on-demand) and replicates them.
Scenario 1: Global Engineering Firm Sharing CAD Files
A multinational engineering company has teams in the US, Europe, and Asia working on large CAD models. Previously, they used a central on-premises file server with slow VPN access for remote offices. They migrated to Azure Files Premium to get low latency and high IOPS. Each office mounts the same Azure file share using SMB 3.0 over ExpressRoute. The share is 10 TiB with snapshots every 6 hours. Cost: about $2,000/month for storage and transactions. The team also uses Azure File Sync to cache a subset of files on a local server in the US office for offline access. The main challenge was ensuring that the SMB protocol worked smoothly over high-latency links—they had to adjust SMB settings like SmbClientServerLatency to avoid timeouts. If they had used Standard tier instead, the latency would have been unacceptable for CAD workloads.
Scenario 2: Enterprise Lift-and-Shift of Legacy Application A financial services company has a legacy .NET application that requires an SMB file share for storing transaction logs. Instead of refactoring the app, they create an Azure Files share and mount it on the Azure VM running the app. The share is Standard with LRS, costing about $100/month for 500 GB. They use Azure Backup to take daily snapshots. The VM and file share are in the same Azure region, so there's no egress cost. The migration took one day: create the share, copy data using AzCopy, and update the app configuration. The risk was that the app used SMB 2.1, which is not supported over the internet—so they had to deploy a VPN gateway between the VM and the share (even though both are in Azure, the VM can use SMB 3.0+ without issue). The exam might test that Azure Files requires SMB 3.0+ with encryption for public endpoints.
Scenario 3: Branch Office Consolidation with Azure File Sync A retail chain has 50 branch offices, each with a local file server for shared documents. Maintaining these servers is costly. They deploy Azure File Sync on each branch's Windows Server, syncing to a central Azure file share. Cloud tiering is enabled with a policy that keeps files accessed within the last 30 days locally. This reduces local storage needs by 70%. Branch employees still access files via the local server path, so no user training is needed. The sync schedule is set to every 24 hours, but urgent changes can be force-synced. The main cost is the Azure file share storage ($0.08/GB/month for Standard) plus transaction costs. A common mistake is forgetting to configure the sync schedule properly, leading to stale files. Another pitfall is not testing the recall performance—if a user accesses a tiered file, it can take seconds to recall from Azure, which may be too slow for some workloads.
Objective 2.4: Describe Azure storage services
This objective includes Azure Files and Azure File Sync. The exam will test your ability to distinguish Azure Files from Azure Blob Storage and Azure Disks, and to understand the hybrid scenario enabled by Azure File Sync.
Most Common Wrong Answers and Why Candidates Choose Them:
'Azure Files is the same as Azure Blob Storage.' Candidates confuse both because they are both cloud storage. Reality: Azure Files uses SMB/NFS and is mounted as a drive; Blob Storage is object storage accessed via REST API. Blob is for unstructured data like images, videos, backups; Azure Files is for shared file systems.
'Azure Files supports SMB 2.1 over the internet.' This is false. Azure Files requires SMB 3.0+ with encryption for connections from the internet. Many candidates assume backward compatibility, but Microsoft enforces encryption for security.
'Azure File Sync replaces the need for an Azure file share.' Actually, Azure File Sync requires an Azure file share as the cloud endpoint. The sync service caches the cloud share on-premises. Without the Azure file share, there is nothing to sync to.
'Cloud tiering always keeps the full file locally.' No, cloud tiering replaces cold files with stubs. Only hot files (recently accessed) remain local. The exam might present a scenario where a user needs to access a file quickly but it's tiered—the answer should involve the recall process.
Specific Terms and Values That Appear Verbatim: - SMB 3.0+ with encryption - Maximum file share size: 100 TiB (Standard and Premium) - Maximum file size: 1 TiB (Standard), 4 TiB (Premium) - Premium file shares: FileStorage storage account type - Azure File Sync: syncs between on-premises Windows Server and Azure file share - Cloud tiering: frees local space by tiering infrequently accessed files
Edge Cases and Tricky Distinctions: - The exam may ask about access methods: Azure Files can be accessed via SMB (mapped drive) or REST API (using Azure Files REST). Blob Storage can only be accessed via REST. - Azure Files supports both SMB and NFS protocols, but NFS is only available in Premium tier. - Azure File Sync only works with Windows Server 2012 R2 and later. - The sync schedule can be set to a custom interval (default every 24 hours) or triggered manually.
Memory Trick: Think 'File' = 'SMB share like a network drive' and 'Blob' = 'object storage like a bucket'. For Azure File Sync, remember 'Sync = Hybrid = Cloud + On-premises cache'.
Azure Files is a managed SMB/NFS file share service in the cloud.
Requires SMB 3.0+ with encryption for internet connections.
Maximum file share size: 100 TiB (both Standard and Premium).
Premium file shares use FileStorage account type and provide up to 100,000 IOPS.
Azure File Sync caches an Azure file share on an on-premises Windows Server.
Cloud tiering automatically frees local space by tiering cold files to Azure.
Azure Files supports identity-based authentication via AD DS or Azure AD.
File share snapshots enable point-in-time recovery of the entire share.
Standard tier has Transaction Optimized and Cool sub-tiers for cost optimization.
Azure Files can be mounted on Windows, Linux, and macOS.
These come up on the exam all the time. Here's how to tell them apart.
Azure Files
Access via SMB/NFS (mapped drive)
Supports standard file sharing and NTFS permissions
Maximum share size: 100 TiB
Pricing: storage + transactions
Use case: shared file systems, lift-and-shift
Azure Blob Storage
Access via REST API (HTTP/HTTPS)
Supports object storage with metadata
Maximum container size: 500 TiB (with large blob support)
Pricing: storage + data access costs
Use case: backups, media, big data analytics
Azure Files (Standard)
Backed by HDD or SSD (depending on account type)
Up to 100 TiB per share
Max IOPS: 10,000 per share
Cost: lower storage cost, higher transaction cost
Use case: general file sharing, dev/test
Azure Files (Premium)
Backed by SSD (FileStorage account)
Up to 100 TiB per share
Max IOPS: 100,000 per share
Cost: higher storage cost, no transaction cost (provisioned capacity)
Use case: high-performance, low-latency workloads
Mistake
Azure Files is just another name for Azure Blob Storage.
Correct
Azure Files is a managed SMB/NFS file share, mounted as a drive. Azure Blob Storage is object storage for unstructured data, accessed via REST API. They are different services with different use cases.
Mistake
You can mount an Azure file share using SMB 2.1 from anywhere.
Correct
Azure Files requires SMB 3.0+ with encryption for connections over the internet. SMB 2.1 is only allowed when using a private connection like VPN or ExpressRoute.
Mistake
Azure File Sync creates a copy of the file share in the cloud.
Correct
Azure File Sync does not create a separate copy; it syncs an on-premises server folder to an existing Azure file share. The Azure file share is the authoritative master.
Mistake
Cloud tiering always keeps all files available locally.
Correct
Cloud tiering replaces infrequently accessed files with stubs. Only files accessed within the configured policy period (e.g., 30 days) remain local. Accessing a stub triggers a recall from Azure.
Mistake
Azure Files is only accessible from Windows machines.
Correct
Azure Files supports Windows, Linux (using cifs-utils), and macOS via SMB. It also supports NFS for Linux clients (Premium tier only).
Yes, you can access Azure Files over the internet using SMB 3.0+ with encryption. However, for security and performance, many enterprises use VPN or ExpressRoute. The exam expects you to know that SMB 3.0+ with encryption is required for public internet access; SMB 2.1 is not supported.
Azure Files is the cloud file share itself. Azure File Sync is a service that syncs an on-premises Windows Server folder to an Azure file share, providing a local cache. You can use Azure Files without File Sync, but File Sync requires an Azure file share as the cloud endpoint.
You can use Azure Backup to back up Azure file shares, or you can use file share snapshots (point-in-time copies) that are built into Azure Files. Snapshots are read-only and can be used for quick restores. Azure Backup provides more granular scheduling and retention policies.
Cloud tiering is a feature that replaces infrequently accessed files on the local server with stubs (pointers). The actual file data remains in the Azure file share. When a user accesses a stub, the file is seamlessly recalled from Azure. This saves local disk space while keeping all files accessible.
Yes, Azure Files supports Linux clients using the SMB protocol via the cifs-utils package. For NFS access (Premium tier only), you can mount directly. The exam may test that Azure Files is not limited to Windows.
Azure Files supports LRS (locally redundant), ZRS (zone-redundant), GRS (geo-redundant), and RA-GRS (read-access geo-redundant). Premium file shares only support LRS and ZRS. Standard file shares support all options.
There is no explicit limit on the number of files, but the total share size is capped at 100 TiB. The number of files is limited by the storage capacity and the file system overhead. For practical purposes, you can store millions of files.
You've just covered Azure Files and File Sync — now see how well it sticks with free AZ-900 practice questions. Full explanations included, no account needed.
Done with this chapter?