From 8661ec0854023c0fba81776d8a466c5a217d6723 Mon Sep 17 00:00:00 2001 From: Nikolay Budeev Date: Fri, 29 May 2026 18:04:52 +0200 Subject: [PATCH 1/4] Add note about on-premises AD limitations for Azure Files State-in-Time reports On-premises AD groups are not expanded and non-synced account SIDs are not resolved in permission reports. Added a note before Prerequisites to inform users of these limitations. [Doc Task 439319] Generated with AI Co-Authored-By: Claude Code --- docs/auditor/10.9/configuration/azurefiles/stateintime.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/auditor/10.9/configuration/azurefiles/stateintime.md b/docs/auditor/10.9/configuration/azurefiles/stateintime.md index 3d4eb7b9d9..1d42f0827d 100644 --- a/docs/auditor/10.9/configuration/azurefiles/stateintime.md +++ b/docs/auditor/10.9/configuration/azurefiles/stateintime.md @@ -2,6 +2,13 @@ This topic describes how to enable State-in-Time data collection for an Azure Files monitoring plan in Netwrix Auditor, configure the monitoring scope using omit lists, and set up optional Azure diagnostic settings for activity-based reports. +> **Note:** When Azure file shares use on-premises Active Directory (AD DS) authentication, the following limitations apply to State-in-Time permission reports: +> +> - **Group expansion is not supported for on-premises AD groups.** If access to a file or folder is granted through an on-premises AD security group, only the group name appears in the report. The report does not list individual group members. +> - **On-premises AD accounts that are not synced to Microsoft Entra ID appear as unresolved SIDs.** Netwrix Auditor cannot retrieve display names for accounts that exist only in on-premises Active Directory. +> +> These limitations do not affect environments that use Microsoft Entra ID-only identities or fully synced hybrid identities. + ## Prerequisites - An Azure Files monitoring plan must already exist in Netwrix Auditor [Azure Files Configuration Overview](/docs/auditor/10_8/configuration/azurefiles/overview) From b8f0335a9667f80b8f7a9650ae54c4672e94034c Mon Sep 17 00:00:00 2001 From: Nikolay Budeev Date: Fri, 29 May 2026 18:06:39 +0200 Subject: [PATCH 2/4] Fix note text: change "group name" to "group SID" Generated with AI Co-Authored-By: Claude Code --- docs/auditor/10.9/configuration/azurefiles/stateintime.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/auditor/10.9/configuration/azurefiles/stateintime.md b/docs/auditor/10.9/configuration/azurefiles/stateintime.md index 1d42f0827d..9480b586c7 100644 --- a/docs/auditor/10.9/configuration/azurefiles/stateintime.md +++ b/docs/auditor/10.9/configuration/azurefiles/stateintime.md @@ -4,7 +4,7 @@ This topic describes how to enable State-in-Time data collection for an Azure Fi > **Note:** When Azure file shares use on-premises Active Directory (AD DS) authentication, the following limitations apply to State-in-Time permission reports: > -> - **Group expansion is not supported for on-premises AD groups.** If access to a file or folder is granted through an on-premises AD security group, only the group name appears in the report. The report does not list individual group members. +> - **Group expansion is not supported for on-premises AD groups.** If access to a file or folder is granted through an on-premises AD security group, only the group SID appears in the report. The report does not list individual group members. > - **On-premises AD accounts that are not synced to Microsoft Entra ID appear as unresolved SIDs.** Netwrix Auditor cannot retrieve display names for accounts that exist only in on-premises Active Directory. > > These limitations do not affect environments that use Microsoft Entra ID-only identities or fully synced hybrid identities. From c83727a7ad5058ab450677951a8a33c2d85cfb42 Mon Sep 17 00:00:00 2001 From: Nikolay Budeev Date: Fri, 29 May 2026 18:13:37 +0200 Subject: [PATCH 3/4] Clarify group expansion limitation applies to non-synced AD groups only Generated with AI Co-Authored-By: Claude Code --- docs/auditor/10.9/configuration/azurefiles/stateintime.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/auditor/10.9/configuration/azurefiles/stateintime.md b/docs/auditor/10.9/configuration/azurefiles/stateintime.md index 9480b586c7..0fafdc9165 100644 --- a/docs/auditor/10.9/configuration/azurefiles/stateintime.md +++ b/docs/auditor/10.9/configuration/azurefiles/stateintime.md @@ -4,7 +4,7 @@ This topic describes how to enable State-in-Time data collection for an Azure Fi > **Note:** When Azure file shares use on-premises Active Directory (AD DS) authentication, the following limitations apply to State-in-Time permission reports: > -> - **Group expansion is not supported for on-premises AD groups.** If access to a file or folder is granted through an on-premises AD security group, only the group SID appears in the report. The report does not list individual group members. +> - **Group expansion is not supported for on-premises AD groups that are not synced to Microsoft Entra ID.** If access to a file or folder is granted through an on-premises AD security group, only the group SID appears in the report. The report does not list individual group members. > - **On-premises AD accounts that are not synced to Microsoft Entra ID appear as unresolved SIDs.** Netwrix Auditor cannot retrieve display names for accounts that exist only in on-premises Active Directory. > > These limitations do not affect environments that use Microsoft Entra ID-only identities or fully synced hybrid identities. From 747a44249adab9c5ed086799ac3a20b9cabc6a53 Mon Sep 17 00:00:00 2001 From: Nikolay Budeev Date: Fri, 29 May 2026 18:35:35 +0200 Subject: [PATCH 4/4] Rephrase note bullet points for clarity Generated with AI Co-Authored-By: Claude Code --- docs/auditor/10.9/configuration/azurefiles/stateintime.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/auditor/10.9/configuration/azurefiles/stateintime.md b/docs/auditor/10.9/configuration/azurefiles/stateintime.md index 0fafdc9165..339843aebe 100644 --- a/docs/auditor/10.9/configuration/azurefiles/stateintime.md +++ b/docs/auditor/10.9/configuration/azurefiles/stateintime.md @@ -4,8 +4,8 @@ This topic describes how to enable State-in-Time data collection for an Azure Fi > **Note:** When Azure file shares use on-premises Active Directory (AD DS) authentication, the following limitations apply to State-in-Time permission reports: > -> - **Group expansion is not supported for on-premises AD groups that are not synced to Microsoft Entra ID.** If access to a file or folder is granted through an on-premises AD security group, only the group SID appears in the report. The report does not list individual group members. -> - **On-premises AD accounts that are not synced to Microsoft Entra ID appear as unresolved SIDs.** Netwrix Auditor cannot retrieve display names for accounts that exist only in on-premises Active Directory. +> - **Group expansion is unavailable for on-premises AD groups that are not synced to Microsoft Entra ID.** If access to a file or folder is granted through such a group, the report does not list individual group members. +> - **SID resolution is unavailable for on-premises AD groups and accounts that are not synced to Microsoft Entra ID.** These objects appear as unresolved SIDs instead of display names in permission reports. > > These limitations do not affect environments that use Microsoft Entra ID-only identities or fully synced hybrid identities.