What's new in Azure Files and Azure File Sync

Azure Files and Azure File Sync are updated regularly to offer new features and enhancements. This article provides detailed information about what's new in Azure Files and Azure File Sync.

What's new in 2024

2024 quarter 4 (October, November, December)

Azure File Sync v19 release

The Azure File Sync v19 release improves performance, security, and adds support for Windows Server 2025:

• Faster server provisioning and improved disaster recovery for Azure File Sync server endpoints
• Sync performance improvements
• Preview: Managed Identities support for Azure File Sync service and servers
• Azure File Sync agent support for Windows Server 2025

To learn more, see the Azure File Sync release notes.

2024 quarter 3 (July, August, September)

Soft delete for NFS Azure file shares is generally available

Soft delete protects your Azure file shares from accidental deletion. The feature has been available for SMB Azure file shares for some time, and is now generally available for NFS Azure file shares. For more information, read the blog post.

2024 quarter 2 (April, May, June)

Azure Files vaulted backup is now in public preview

Azure Backup now enables you to perform a vaulted backup of Azure Files to protect data from ransomware attacks or source data loss due to a malicious actor or rogue admin. You can define the schedule and retention of backups by using a backup policy. Azure Backup creates and manages the recovery points as per the schedule and retention defined in the backup policy. For more information, see Azure Files vaulted backup (preview).

2024 quarter 1 (January, February, March)

Sync upload performance improvements for Azure File Sync

Sync upload performance has improved, and performance numbers will be posted when they are available. This improvement will mainly benefit file share migrations (initial upload) and high churn events on the server in which a large number of files need to be uploaded.

Expanded character support for Azure File Sync

Azure File Sync now supports an expanded list of characters. This expansion allows users to create and sync SMB file shares with file and directory names on par with NTFS file system, for valid Unicode characters. For more information on unsupported characters, refer to the documentation here.

New cloud tiering low disk space mode metric for Azure File Sync

You can now configure an alert to let you know if a server is in low disk space mode. To learn more, see Monitor Azure File Sync.

What's new in 2023

2023 quarter 4 (October, November, December)

Azure Files now supports all valid Unicode characters

Expanded character support will allow users to create SMB file shares with file and directory names on par with the NTFS file system for all valid Unicode characters. It also enables tools like AzCopy and Storage Mover to migrate all the files into Azure Files using the REST protocol. Expanded character support is now available in all Azure regions. For more information, read the announcement.

2023 quarter 3 (July, August, September)

Azure Active Directory support for Azure Files REST API with OAuth authentication is generally available

This feature enables share-level read and write access to SMB Azure file shares for users, groups, and managed identities when accessing file share data through the REST API. Cloud native and modern applications that use REST APIs can utilize identity-based authentication and authorization to access file shares. For more information, read the blog post.

2023 quarter 2 (April, May, June)

Azure Files scalability improvement for Azure Virtual Desktop and other workloads that open root directory handles is generally available

Azure Files has increased the root directory handle limit per share from 2,000 to 10,000 for standard and premium file shares. This improvement benefits applications that keep an open handle on the root directory. For example, Azure Virtual Desktop with FSLogix profile containers now supports 10,000 active users per share (5x improvement).

Note: The number of active users supported per share is dependent on the applications that are accessing the share. If your applications are not opening a handle on the root directory, Azure Files can support more than 10,000 active users per share.

The root directory handle limit has been increased in all regions and applies to all existing and new file shares. For more information about Azure Files scale targets, see: Azure Files scalability and performance targets.

New SLA of 99.99 percent uptime for Azure Files Premium Tier is generally available

Azure Files now offers a 99.99 percent SLA per file share for all Azure Files Premium shares, regardless of protocol (SMB, NFS, and REST) or redundancy type. This means that you can benefit from this SLA immediately, without any configuration changes or extra costs. If the availability drops below the guaranteed 99.99 percent uptime, you’re eligible for service credits.

Support for Azure Files REST API with OAuth authentication is in public preview

This preview enables share-level read and write access to SMB Azure file shares for users, groups, and managed identities when accessing file share data through the REST API. Cloud native and modern applications that use REST APIs can utilize identity-based authentication and authorization to access file shares. For more information, read the blog post.

AD Kerberos authentication for Linux clients (SMB) is generally available

Azure Files customers can now use identity-based Kerberos authentication for Linux clients over SMB using either on-premises Active Directory Domain Services (AD DS) or Azure Active Directory Domain Services (Azure AD DS). For more information, see Enable Active Directory authentication over SMB for Linux clients accessing Azure Files.

2023 quarter 1 (January, February, March)

Nconnect for NFS Azure file shares is generally available

Nconnect is a client-side Linux mount option that increases performance at scale by allowing you to use more TCP connections between the Linux client and the Azure Premium Files service for NFSv4.1. With nconnect, you can increase performance at scale using fewer client machines to reduce total cost of ownership. For more information, see Improve NFS Azure file share performance.

Improved Azure File Sync service availability

Azure File Sync is now a zone-redundant service, which means an outage in a zone has limited impact while improving the service resiliency to minimize customer impact. To fully leverage this improvement, configure your storage accounts to use zone-redundant storage (ZRS) or geo-zone redundant storage (GZRS) replication. To learn more about different redundancy options for your storage accounts, see Azure Files redundancy.

What's new in 2022

2022 quarter 4 (October, November, December)

Azure Active Directory (Azure AD) Kerberos authentication for hybrid identities on Azure Files is generally available

This feature builds on top of FSLogix profile container support released in December 2022 and expands it to support more use cases (SMB only). Hybrid identities, which are user identities created in Active Directory Domain Services (AD DS) and synced to Azure AD, can mount and access Azure file shares without the need for network connectivity to an Active Directory domain controller. While the initial support is limited to hybrid identities, it’s a significant milestone as we simplify identity-based authentication for Azure Files customers. Read the blog post.

2022 quarter 1 (January, February, March)

Azure File Sync TCO improvements

To offer sync and tiering, Azure File Sync performs two types of transactions on behalf of the customer:

• Transactions from churn, including changed files (sync) and recalled files (tiering).
• Transactions from cloud change enumeration, done to discover changes made directly on the Azure file share. Historically, this was a major component of an Azure File Sync customer's Azure Files bill.

To improve TCO, we markedly decreased the number of transactions needed to fully scan an Azure file share. Prior to this change, most customers were best off in the hot tier. Now most customers are best off in the cool tier.

What's new in 2021

2021 quarter 4 (October, November, December)

Increased IOPS for premium file shares

Premium Azure file shares now have additional included baseline IOPS and a higher minimum burst IOPS. The baseline IOPS included with a provisioned share was increased from 400 to 3,000, meaning that a 100 GiB share (the minimum share size) is guaranteed 3,100 baseline IOPS. Additionally, the floor for burst IOPS was increased from 4,000 to 10,000, meaning that every premium file share will be able to burst up to at least 10,000 IOPS.

Formula changes:

Item	Old value	New value
Baseline IOPS formula	MIN(400 + 1 * ProvisionedGiB, 100000)	MIN(3000 + 1 * ProvisionedGiB, 100000)
Burst limit	MIN(MAX(4000, 3 * ProvisionedGiB), 100000)	MIN(MAX(10000, 3 * ProvisionedGiB), 100000)

For more information, see:

• The provisioned model for premium Azure file shares
• Azure Files pricing

NFSv4.1 protocol support is generally available

Premium Azure file shares now support either the SMB or the NFSv4.1 protocols. NFSv4.1 is available in all regions where Azure Files supports the premium tier, for both locally redundant storage and zone-redundant storage. Azure file shares created with the NFSv4.1 protocol enabled are fully POSIX-compliant, distributed file shares that support a wide variety of Linux and container-based workloads. Some example workloads include: highly available SAP application layer, enterprise messaging, user home directories, custom line-of-business applications, database backups, database replication, and Azure Pipelines.

For more information, see:

• NFS file shares in Azure Files
• Azure Files pricing

Symmetric throughput for premium file shares

Premium Azure file shares now support symmetric throughput provisioning, which enables the provisioned throughput for an Azure file share to be used for 100% ingress, 100% egress, or some mixture of ingress and egress. Symmetric throughput provides the flexibility to make full utilization of available throughput and aligns premium file shares with standard file shares.

Formula changes:

Item	Old value	New value
Throughput (MiB/sec)	Ingress: 40 + CEILING(0.04 * ProvisionedGiB) Egress: 60 + CEILING(0.06 * ProvisionedGiB)	100 + CEILING(0.04 * ProvisionedGiB) + CEILING(0.06 * ProvisionedGiB)

For more information, see:

• The provisioned model for premium Azure file shares
• Azure Files pricing

2021 quarter 3 (July, August, September)

SMB Multichannel is generally available

SMB Multichannel enables SMB clients to establish multiple parallel connections to an Azure file share. This allows SMB clients to take full advantage of all available network bandwidth and makes them resilient to network failures, reducing total cost of ownership and enabling 2-3x for reads and 3-4x for writes through a single client. SMB Multichannel is available for premium file shares (file shares deployed in the FileStorage storage account kind) and is disabled by default.

For more information, see:

• SMB Multichannel performance in Azure Files
• Enable SMB Multichannel
• Overview on SMB Multichannel in the Windows Server documentation

SMB 3.1.1 and SMB security settings

SMB 3.1.1 is the most recent version of the SMB protocol, released with Windows 10, containing important security and performance updates. Azure Files SMB 3.1.1 ships with two additional encryption modes, AES-128-GCM and AES-256-GCM, in addition to AES-128-CCM which was already supported. To maximize performance, AES-128-GCM is negotiated as the default SMB channel encryption option; AES-128-CCM will only be negotiated on older clients that don't support AES-128-GCM.

Depending on your organization's regulatory and compliance requirements, AES-256-GCM can be negotiated instead of AES-128-GCM by either restricting allowed SMB channel encryption options on the SMB clients, in Azure Files, or both. Support for AES-256-GCM was added in Windows Server 2022 and Windows 10, version 21H1.

In addition to SMB 3.1.1, Azure Files exposes security settings that change the behavior of the SMB protocol. With this release, you may configure allowed SMB protocol versions, SMB channel encryption options, authentication methods, and Kerberos ticket encryption options. By default, Azure Files enables the most compatible options, however these options may be toggled at any time.

For more information, see:

• SMB security settings
• Windows and Linux SMB version information
• Overview of SMB features in the Windows Server documentation

2021 quarter 2 (April, May, June)

Improved portal experience for domain joining to Active Directory

The experience for domain joining an Azure storage account has been improved to help guide first-time Azure file share admins through the process. When you select Active Directory under File share settings in the File shares section of the Azure portal, you will be guided through the steps required to domain join.

For more information, see:

• Overview of Azure Files identity-based authentication options for SMB access
• Overview - on-premises Active Directory Domain Services authentication over SMB for Azure file shares

2021 quarter 1 (January, February, March)

Azure Files management now available through the control plane

Management APIs for Azure Files resources, the file service and file shares, are now available through control plane (Microsoft.Storage resource provider). This enables Azure file shares to be created with an Azure Resource Manager or Bicep template, to be fully manageable when the data plane (i.e. the FileREST API) is inaccessible (like when the storage account's public endpoint is disabled), and to support full role-based access control (RBAC) semantics.

We recommend you manage Azure Files through the control plane in most cases. To support management of the file service and file shares through the control plane, the Azure portal, Azure storage PowerShell module, and Azure CLI have been updated to support most management actions through the control plane.

To preserve existing script behavior, the Azure storage PowerShell module and the Azure CLI maintain the existing commands that use the data plane to manage the file service and file shares, as well as adding new commands to use the control plane. Portal requests only go through the control plane resource provider. PowerShell and CLI commands are named as follows:

• Az.Storage PowerShell:
  • Control plane file share cmdlets are prefixed with Rm, for example: New-AzRmStorageShare, Get-AzRmStorageShare, Update-AzRmStorageShare, and Remove-AzRmStorageShare.
  • Traditional data plane file share cmdlets don't have a prefix, for example New-AzStorageShare, Get-AzStorageShare, Set-AzStorageShareQuota, and Remove-AzStorageShare.
  • Cmdlets to manage the file service are only available through the control plane and don't have any special prefix, for example Get-AzStorageFileServiceProperty and Update-AzStorageFileServiceProperty.
• Azure storage CLI:
  • Control plane file share commands are available under the az storage share-rm command group, for example: az storage share-rm create, az storage share-rm update, etc.
  • Traditional file share commands are available under the az storage share command group, for example: az storage share create, az storage share update, etc.
  • Commands to manage the file service are only available through the control plane, and are available through the az storage account file-service-properties command group, for example: az storage account file-service-properties show and az storage account file-service-properties update.

To learn more about the Azure Files management API, see:

• Azure Files REST API overview
• Control plane (Microsoft.Storage resource provider) API for Azure Files resources:
  • FileService
  • FileShare
• Azure PowerShell and Azure CLI

See also

• What is Azure Files?
• Planning for an Azure Files deployment
• Create an Azure file share