1. Set default share-level permissions
Windocks services run as local administrator on the machine and thus don't have Azure AD (AAD) identities to connect to the share.
A Microsoft article provides the instructions for ensuring default share-level permissions for all authenticated identities.
Per the instructions in that Microsoft article, verify that Active Directory (SMB) is Configured and that your Default share-level permissions are Enabled.
If you want to inspect your default share-level permissions, click the Enabled link and verify the permissions are set to Storage File Data SMB Share Contributor.
Please continue to follow the instructions, as this step does not always complete the configuration for Windocks access to the Azure file share.
2. Set share-level permissions to an AAD group
You should also define a group that has access to this Azure File Share that includes your computer running SQL Server. A Microsoft Tech Community article describes this practice.
Assuming your domain syncs with Azure Active Directory, you can create a basic group and add members in Azure Active Directory. Ensure that you not only add your desired users but also add the service principal for the VM running SQL Server.
The following screenshot shows an Azure AD group called "fileaccess" that includes both users and the VM running SQL server ("sqltest4") as a service principal.
Then, follow the instructions in this Microsoft article to add share-level permissions for the specific AD group that includes the service principal for the VM running SQL Server. The share-level permission should be set to Storage File Data SMB Share Contributor.
The following screenshot shows the "fileaccess" group with the Storage File Data SMB Share Contributor role assigned.
Please continue to follow the instructions, as this step does not always complete the configuration for Windocks access to the Azure file share.
3. Store AAD credentials for local administrator
Because Windocks runs as the local computer administrator, it is often required to also associate Azure Active Directory credentials with the local computer administrator account.
- Ensure you are logged into the local administrator account you specified when you created the SQL Server 2022 VM. It is important that you are logged as a local computer administrator and not as a domain user that happens to have administrator privileges.
- Using File Explorer, try to connect using the fully qualified UNC path to the share in the address bar. You may see a Windows Security dialog box with a prompt to enter your network credentials.
- Enter your Azure Active Directory (or domain) credentials and check Remember my credentials. Click OK.
You should now be ready to install and use Windocks on Azure and to utilize this Azure file share both to specify backup files in dockerfiles, as well as to use this file share as a target for virtual hard drive (VHDX) files for database virtualization.
For more information, check out the instructions to install and configure Windocks in Azure.