We are centralising departmental data from local file servers across Europe into a new File Server in Azure in view of GDPR.
We've locked down Azure disks with Encryption (KeyVault), BitLocker etc. and we have enabled the following settings on the Azure File Server for user access to Shares;
- Enable access-based enumeration
- Allow caching of share
- Enable BranchCache on the file share
- and Encryp
t data access
We have successfully migrated some data and presented users with a 'Drive Map' via Group Policy, and locked down access as you do with AD Security Groups.
The issue we have is that Windows 10 users are fine, but none of the Windows 7 Users are able to receive the Mapped Drive, and we cannot manually map the drive without getting the 'Access Denied' message.
I have found out though that when the 'Encrypt data access' setting is disabled (unticked) on the Azure File Server we don't get the 'Access Denied' message and can map drives.
However, this setting needs to be enabled (GDPR) and the reason for it not working is because Windows 7 uses SMB version 2.1 and the Azure (2016) server uses SMB version 3.0 as a minimum for SMB Encryption.
We have around 1,000 users on Windows 7 so without upgrading those users to Windows 10 right now how can we get round this issue ensuring the 'Encrypt data access' option is enabled and Windows 7 users can access the data?
In advance thank you for your support.