Share via


Microsoft.Storage storageAccounts/fileServices 2025-06-01

Bicep resource definition

The storageAccounts/fileServices resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Storage/storageAccounts/fileServices resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Storage/storageAccounts/fileServices@2025-06-01' = {
  parent: resourceSymbolicName
  name: 'default'
  properties: {
    cors: {
      corsRules: [
        {
          allowedHeaders: [
            'string'
          ]
          allowedMethods: [
            'string'
          ]
          allowedOrigins: [
            'string'
          ]
          exposedHeaders: [
            'string'
          ]
          maxAgeInSeconds: int
        }
      ]
    }
    protocolSettings: {
      nfs: {
        encryptionInTransit: {
          required: bool
        }
      }
      smb: {
        authenticationMethods: 'string'
        channelEncryption: 'string'
        encryptionInTransit: {
          required: bool
        }
        kerberosTicketEncryption: 'string'
        multichannel: {
          enabled: bool
        }
        versions: 'string'
      }
    }
    shareDeleteRetentionPolicy: {
      allowPermanentDelete: bool
      days: int
      enabled: bool
    }
  }
}

Property Values

Microsoft.Storage/storageAccounts/fileServices

Name Description Value
name The resource name 'default' (required)
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: storageAccounts
properties The properties of File services in storage account. FileServicePropertiesProperties

CorsRule

Name Description Value
allowedHeaders Required if CorsRule element is present. A list of headers allowed to be part of the cross-origin request. string[] (required)
allowedMethods Required if CorsRule element is present. A list of HTTP methods that are allowed to be executed by the origin. String array containing any of:
'CONNECT'
'DELETE'
'GET'
'HEAD'
'MERGE'
'OPTIONS'
'PATCH'
'POST'
'PUT'
'TRACE' (required)
allowedOrigins Required if CorsRule element is present. A list of origin domains that will be allowed via CORS, or "*" to allow all domains string[] (required)
exposedHeaders Required if CorsRule element is present. A list of response headers to expose to CORS clients. string[] (required)
maxAgeInSeconds Required if CorsRule element is present. The number of seconds that the client/browser should cache a preflight response. int (required)

CorsRules

Name Description Value
corsRules The List of CORS rules. You can include up to five CorsRule elements in the request. CorsRule[]

DeleteRetentionPolicy

Name Description Value
allowPermanentDelete This property when set to true allows deletion of the soft deleted blob versions and snapshots. This property cannot be used blob restore policy. This property only applies to blob service and does not apply to containers or file share. bool
days Indicates the number of days that the deleted item should be retained. The minimum specified value can be 1 and the maximum value can be 365. int

Constraints:
Min value = 1
Max value = 365
enabled Indicates whether DeleteRetentionPolicy is enabled. bool

EncryptionInTransit

Name Description Value
required Indicates whether encryption in transit is required bool

FileServicePropertiesProperties

Name Description Value
cors Specifies CORS rules for the File service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the File service. CorsRules
protocolSettings Protocol settings for file service ProtocolSettings
shareDeleteRetentionPolicy The file service properties for share soft delete. DeleteRetentionPolicy

Multichannel

Name Description Value
enabled Indicates whether multichannel is enabled bool

NfsSetting

Name Description Value
encryptionInTransit Encryption in transit setting. EncryptionInTransit

ProtocolSettings

Name Description Value
nfs Setting for NFS protocol NfsSetting
smb Setting for SMB protocol SmbSetting

SmbSetting

Name Description Value
authenticationMethods SMB authentication methods supported by server. Valid values are NTLMv2, Kerberos. Should be passed as a string with delimiter ';'. string
channelEncryption SMB channel encryption supported by server. Valid values are AES-128-CCM, AES-128-GCM, AES-256-GCM. Should be passed as a string with delimiter ';'. string
encryptionInTransit Encryption in transit setting. EncryptionInTransit
kerberosTicketEncryption Kerberos ticket encryption supported by server. Valid values are RC4-HMAC, AES-256. Should be passed as a string with delimiter ';' string
multichannel Multichannel setting. Applies to Premium FileStorage only. Multichannel
versions SMB protocol versions supported by server. Valid values are SMB2.1, SMB3.0, SMB3.1.1. Should be passed as a string with delimiter ';'. string

Usage Examples

Azure Quickstart Samples

The following Azure Quickstart templates contain Bicep samples for deploying this resource type.

Bicep File Description
Azure Cloud Shell - VNet storage This template deploys Azure Cloud Shell storage into an Azure virtual network.
Create AVD with FSLogix and AD DS Join This template allows you to create Azure Virtual Desktop resources such as host pool, application group, workspace, FSLogix storage account, file share, recovery service vault for file share backup a test session host, its extensions with Microsoft Entra ID join pr Active directory domain join.

ARM template resource definition

The storageAccounts/fileServices resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Storage/storageAccounts/fileServices resource, add the following JSON to your template.

{
  "type": "Microsoft.Storage/storageAccounts/fileServices",
  "apiVersion": "2025-06-01",
  "name": "string",
  "properties": {
    "cors": {
      "corsRules": [
        {
          "allowedHeaders": [ "string" ],
          "allowedMethods": [ "string" ],
          "allowedOrigins": [ "string" ],
          "exposedHeaders": [ "string" ],
          "maxAgeInSeconds": "int"
        }
      ]
    },
    "protocolSettings": {
      "nfs": {
        "encryptionInTransit": {
          "required": "bool"
        }
      },
      "smb": {
        "authenticationMethods": "string",
        "channelEncryption": "string",
        "encryptionInTransit": {
          "required": "bool"
        },
        "kerberosTicketEncryption": "string",
        "multichannel": {
          "enabled": "bool"
        },
        "versions": "string"
      }
    },
    "shareDeleteRetentionPolicy": {
      "allowPermanentDelete": "bool",
      "days": "int",
      "enabled": "bool"
    }
  }
}

Property Values

Microsoft.Storage/storageAccounts/fileServices

Name Description Value
apiVersion The api version '2025-06-01'
name The resource name 'default' (required)
properties The properties of File services in storage account. FileServicePropertiesProperties
type The resource type 'Microsoft.Storage/storageAccounts/fileServices'

CorsRule

Name Description Value
allowedHeaders Required if CorsRule element is present. A list of headers allowed to be part of the cross-origin request. string[] (required)
allowedMethods Required if CorsRule element is present. A list of HTTP methods that are allowed to be executed by the origin. String array containing any of:
'CONNECT'
'DELETE'
'GET'
'HEAD'
'MERGE'
'OPTIONS'
'PATCH'
'POST'
'PUT'
'TRACE' (required)
allowedOrigins Required if CorsRule element is present. A list of origin domains that will be allowed via CORS, or "*" to allow all domains string[] (required)
exposedHeaders Required if CorsRule element is present. A list of response headers to expose to CORS clients. string[] (required)
maxAgeInSeconds Required if CorsRule element is present. The number of seconds that the client/browser should cache a preflight response. int (required)

CorsRules

Name Description Value
corsRules The List of CORS rules. You can include up to five CorsRule elements in the request. CorsRule[]

DeleteRetentionPolicy

Name Description Value
allowPermanentDelete This property when set to true allows deletion of the soft deleted blob versions and snapshots. This property cannot be used blob restore policy. This property only applies to blob service and does not apply to containers or file share. bool
days Indicates the number of days that the deleted item should be retained. The minimum specified value can be 1 and the maximum value can be 365. int

Constraints:
Min value = 1
Max value = 365
enabled Indicates whether DeleteRetentionPolicy is enabled. bool

EncryptionInTransit

Name Description Value
required Indicates whether encryption in transit is required bool

FileServicePropertiesProperties

Name Description Value
cors Specifies CORS rules for the File service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the File service. CorsRules
protocolSettings Protocol settings for file service ProtocolSettings
shareDeleteRetentionPolicy The file service properties for share soft delete. DeleteRetentionPolicy

Multichannel

Name Description Value
enabled Indicates whether multichannel is enabled bool

NfsSetting

Name Description Value
encryptionInTransit Encryption in transit setting. EncryptionInTransit

ProtocolSettings

Name Description Value
nfs Setting for NFS protocol NfsSetting
smb Setting for SMB protocol SmbSetting

SmbSetting

Name Description Value
authenticationMethods SMB authentication methods supported by server. Valid values are NTLMv2, Kerberos. Should be passed as a string with delimiter ';'. string
channelEncryption SMB channel encryption supported by server. Valid values are AES-128-CCM, AES-128-GCM, AES-256-GCM. Should be passed as a string with delimiter ';'. string
encryptionInTransit Encryption in transit setting. EncryptionInTransit
kerberosTicketEncryption Kerberos ticket encryption supported by server. Valid values are RC4-HMAC, AES-256. Should be passed as a string with delimiter ';' string
multichannel Multichannel setting. Applies to Premium FileStorage only. Multichannel
versions SMB protocol versions supported by server. Valid values are SMB2.1, SMB3.0, SMB3.1.1. Should be passed as a string with delimiter ';'. string

Usage Examples

Azure Quickstart Templates

The following Azure Quickstart templates deploy this resource type.

Template Description
Azure Cloud Shell - VNet storage

Deploy to Azure
This template deploys Azure Cloud Shell storage into an Azure virtual network.
Create AVD with FSLogix and AD DS Join

Deploy to Azure
This template allows you to create Azure Virtual Desktop resources such as host pool, application group, workspace, FSLogix storage account, file share, recovery service vault for file share backup a test session host, its extensions with Microsoft Entra ID join pr Active directory domain join.

Terraform (AzAPI provider) resource definition

The storageAccounts/fileServices resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Storage/storageAccounts/fileServices resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Storage/storageAccounts/fileServices@2025-06-01"
  name = "string"
  parent_id = "string"
  body = {
    properties = {
      cors = {
        corsRules = [
          {
            allowedHeaders = [
              "string"
            ]
            allowedMethods = [
              "string"
            ]
            allowedOrigins = [
              "string"
            ]
            exposedHeaders = [
              "string"
            ]
            maxAgeInSeconds = int
          }
        ]
      }
      protocolSettings = {
        nfs = {
          encryptionInTransit = {
            required = bool
          }
        }
        smb = {
          authenticationMethods = "string"
          channelEncryption = "string"
          encryptionInTransit = {
            required = bool
          }
          kerberosTicketEncryption = "string"
          multichannel = {
            enabled = bool
          }
          versions = "string"
        }
      }
      shareDeleteRetentionPolicy = {
        allowPermanentDelete = bool
        days = int
        enabled = bool
      }
    }
  }
}

Property Values

Microsoft.Storage/storageAccounts/fileServices

Name Description Value
name The resource name 'default' (required)
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: storageAccounts
properties The properties of File services in storage account. FileServicePropertiesProperties
type The resource type "Microsoft.Storage/storageAccounts/fileServices@2025-06-01"

CorsRule

Name Description Value
allowedHeaders Required if CorsRule element is present. A list of headers allowed to be part of the cross-origin request. string[] (required)
allowedMethods Required if CorsRule element is present. A list of HTTP methods that are allowed to be executed by the origin. String array containing any of:
'CONNECT'
'DELETE'
'GET'
'HEAD'
'MERGE'
'OPTIONS'
'PATCH'
'POST'
'PUT'
'TRACE' (required)
allowedOrigins Required if CorsRule element is present. A list of origin domains that will be allowed via CORS, or "*" to allow all domains string[] (required)
exposedHeaders Required if CorsRule element is present. A list of response headers to expose to CORS clients. string[] (required)
maxAgeInSeconds Required if CorsRule element is present. The number of seconds that the client/browser should cache a preflight response. int (required)

CorsRules

Name Description Value
corsRules The List of CORS rules. You can include up to five CorsRule elements in the request. CorsRule[]

DeleteRetentionPolicy

Name Description Value
allowPermanentDelete This property when set to true allows deletion of the soft deleted blob versions and snapshots. This property cannot be used blob restore policy. This property only applies to blob service and does not apply to containers or file share. bool
days Indicates the number of days that the deleted item should be retained. The minimum specified value can be 1 and the maximum value can be 365. int

Constraints:
Min value = 1
Max value = 365
enabled Indicates whether DeleteRetentionPolicy is enabled. bool

EncryptionInTransit

Name Description Value
required Indicates whether encryption in transit is required bool

FileServicePropertiesProperties

Name Description Value
cors Specifies CORS rules for the File service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the File service. CorsRules
protocolSettings Protocol settings for file service ProtocolSettings
shareDeleteRetentionPolicy The file service properties for share soft delete. DeleteRetentionPolicy

Multichannel

Name Description Value
enabled Indicates whether multichannel is enabled bool

NfsSetting

Name Description Value
encryptionInTransit Encryption in transit setting. EncryptionInTransit

ProtocolSettings

Name Description Value
nfs Setting for NFS protocol NfsSetting
smb Setting for SMB protocol SmbSetting

SmbSetting

Name Description Value
authenticationMethods SMB authentication methods supported by server. Valid values are NTLMv2, Kerberos. Should be passed as a string with delimiter ';'. string
channelEncryption SMB channel encryption supported by server. Valid values are AES-128-CCM, AES-128-GCM, AES-256-GCM. Should be passed as a string with delimiter ';'. string
encryptionInTransit Encryption in transit setting. EncryptionInTransit
kerberosTicketEncryption Kerberos ticket encryption supported by server. Valid values are RC4-HMAC, AES-256. Should be passed as a string with delimiter ';' string
multichannel Multichannel setting. Applies to Premium FileStorage only. Multichannel
versions SMB protocol versions supported by server. Valid values are SMB2.1, SMB3.0, SMB3.1.1. Should be passed as a string with delimiter ';'. string