-
Dear samabc,
Thank you for your feedback on the Azure File Share question. We understand your concern that the explanation for dismissing the Shared Access Signature (SAS) option was misleading, as it incorrectly referred to SAS as an authentication mechanism when the question focuses on authorization. You also noted that SAS could technically provide delegated access and suggested rephrasing the question to clarify the need for identity-based access.
We agree that the explanation inaccurately described SAS and needed clarification. SAS is an authorization mechanism, but it’s unsuitable here because it doesn’t integrate with AD DS authentication, isn’t identity-based, and may not meet compliance requirements for sensitive data, as it allows access to anyone with the token.
The correct answer, Configure role-based access control (RBAC), is appropriate because it enables share-level access for AD users, and when combined with NTFS permissions, ensures granular file/folder access aligned with AD DS authentication.
To address your suggestion, we’ve updated the question to specify “only users whose identity has been authenticated via AD DS” to emphasize identity-based access control. We’ve also revised the explanation to correct the SAS dismissal and include NTFS permissions for clarity. These updates will be reflected on the portal soon.
Thank you for helping us improve our content. If you have further questions, please reach out.
Best regards,
Irene @ Tutorials Dojo
