Mapping Azure file shares on Windows devices

This week is a short follow-up on last week. While last week was all about configuring the authentication on Azure file shares, with the best user experience, this week is about automatically mapping those Azure file shares, for an even better user experience, on Windows devices. And to be really honest, that doesn’t really differ from mapping any other network drive. That doesn’t mean that it’s not a good moment to walk through the options for mapping (Azure) file shares. This post will briefly discuss the main different configuration options, followed with the steps to actually easily configure network mappings. That will be achieved by using the easiest most straight forward option, followed with the user experience.

Note: When the authentication for the Azure file share is configured (for example by using Azure AD Kerberos authentication), mapping an Azure file share is similar as mapping any other network drive.

Looking at the most obvious options for mapping Azure file shares

When looking at the most obvious options for mapping Azure file shares, it comes down to a few options for mapping network drives. That being said, out-of-the-box Microsoft Intune doesn’t provide a method for mapping network drives. It does, however, provide IT administrators with different frameworks that can be used for mapping network drives. The most obvious options – by also relying on existing community efforts – are the.following:

• PowerShell script: A PowerShell script can be used – either directly, or wrapped in a Win32 app – that runs New-PSDrive -Name {YourDriveLetter} -PSProvider FileSystem -Root "{YourFileShare}" -Persist to map a nework drive. That network drive can also be an Azure file share. The easiest method to generate a PowerShell script to map the required network drives, is by using the Intune Drive Mapping Generator created by Nicola Suter.
• ADMX template: An ADMX template can be used to map a network drive. And that network drive can also be an Azure file share. It does, however, require a custom ADMX template. The easiest method is by relying on this ADMX template created by Mark Thomas. That includes the required ADMX-file and ADML-file that can be easily imported.

Note: From a management perspective, the ADMX template is the easiest method to configure and to understand. That’s also why it will be used as an example in this post for mapping the Azure file share location.

Configuring the Azure files shares on Windows devices

When looking at the easiest method for configuring Azure file shares on Windows devices, it’s probably using the ADMX template method. Especially with the latest addition to Microsoft Intune that enables IT administrators to import ADMX templates. That addition includes importing custom ADMX templates. As long as it’s inline with the requirements for importing ADMX templates and the required admx and adml files are available (see also this post).

Importing custom ADMX template

Now let’s start by looking at the actions to perform the import of the ADMX-file. The downloaded ADMX templates don’t have any dependencies on other ADMX templates that should be inplace. Importing the ADMX-files for mapping network drives, can be achieved by importing the DriveMapping.adml and DriveMapping.admx files. The following four steps walk throug that process of importing the required ADMX templates.

1. Open the Microsoft Endpoint Manager admin center portal and navigate to Devices > Configuration profiles 
2. On the Import ADMX tab, select Import to start the process of importing the ADMX-file and ADML-file
3. On the ADMX file upload page, as shown in Figure 1, provide the following information and click Next
   • ADMX file: Select the DriveMapping.admx file to import
   • ADML file for the default language: Select the DriveMapping.adml file to import
   • Specify the language of the ADML file: At this moment English is selected and grayed out

4. On the Review + create page, click Create

Note: The required ADMX-files are available for download here.

Configuring settings of the imported custom ADMX template

After importing the custom ADMX-file and ADML-file, the available settings within those files become available for configuration. Those settings can be used by relying on the new configuration template named Imported Administrative templates. That configuration template provides direct access to any succesfully imported ADMX-file. The following eight steps walk through the process of configuring the network mappings for the Azure file share.

1. Open the Microsoft Endpoint Manager admin center portal and navigate to Devices > Windows > Configuration profiles
2. On the Windows | Configuration profiles page, click Create profile
3. On the Create a profile blade, provide the following information and click Create
   • Platform: Select Windows 10 and later
   • Profile type: Select Templates > Imported Administrative templates

4. On the Basics page, provide a unique name and click Next
5. On the Configuration settings page, as shown in Figure 2, configure the required drive mappings and click Next

4. On the Scope tags page, configure the require scope tags and click Next
5. On the Assignments page, configure the required assignment and click Next
6. On the Review + create page, verify the configuration and click Create

Note: The settings are available under User Configuration > Network Drive Mappings. That basically provides an overview of all available drive letters that can be used for configuring a network drive mapping.

Experiencing the automatically mapped Azure file shares

When the ADMX-files are imported and the drive mappings are configured, it’s time to have a look at the user experience. And to be honest, when everything works as experience there is nothing really to experience. Besides that, it just works. Below, in Figure 3, is an overview of an automatically successfully mapped Azure file share. Besides that, it also shows the successful configuration in the Event Viewer.

More information

For more information about Azure File shares and authentication, refer to the following docs.

• Introduction to Azure Files | Microsoft Learn
• Use Azure Active Directory to authorize access to Azure files over SMB for hybrid identities using Kerberos authentication (preview) | Microsoft Learn
• Use ADMX templates on Windows 10/11 devices in Microsoft Intune | Microsoft Learn
• Import custom and third party partner ADMX templates in Microsoft Intune | Microsoft Learn