Azure Files uses SMB 3.0's encrypted transport to enable access via the Internet. When you deploy an Azure file share within a storage account, your file share is immediately accessible via the storage account's public endpoint. This means that authenticated requests, such as requests authorized by a user's logon identity, can originate securely from inside or outside of Azure.

In many customer environments, an initial mount of the Azure file share on your on-premises workstation will fail, even though mounts from Azure VMs succeed. The reason for this is that many organizations and internet service providers (ISPs) block the port that SMB uses to communicate, port 445. This practice originates from security guidance about legacy and deprecated versions of the SMB protocol. Although SMB 3.0 is an internet-safe protocol, older versions of SMB, especially SMB 1.0 are not. Azure file shares may only be externally accessed via SMB 3.0 and the FileREST protocol (which is also an internet safe protocol) via the public endpoint.

This Wiki page lists a community-maintained, non-exhaustive list of ISPs that block port 445. If you are an administrator for your organization trying to set up Azure Files access for working from home, you should assume all or most of your end-users will have port 445 block by their ISPs, even if their ISPs do not appear in this list. You can easily work around port 445 limitations imposed by your end-users' ISPs by setting up a Point-to-Site VPN connections. You can also work around your organizations network restrictions using a Site-to-Site VPN or ExpressRoute connection. To learn more, see Azure Files networking considerations.

Table of Contents

 


Allow

Below the alphabetically sorted list

Company URL Region Condition
AT&T   TBD Through a cellphone wifi hotspot
Frontier See http://www.frontierhelp.com/faq.cfm?qstid=504 TBD Allowed, however their website appears to indicate it is blocked - potentially this is just for inbound traffic.
Mediacom -   TBD  
CenturyLink   TBD  
KPN      
Time Warner Cable      
Paxio   Silicon Valley  
DST
Brunei
TelBru   Brunei  
Entel - Internet Mobile   Peru  
Vivo Fibra   Brazil

Home and Business users 

Verizon - Home and Business      

 


Disallow

Company URL Region Condition
AT&T U-Verse      
 Bell (Canada)   Canada Fibe (Disallowed) 
Charter Spectrum       
Charter Spectrum Business      
Comcast See http://customer.xfinity.com/help-and-support/internet/list-of-blocked-ports    
Cox Communication -Residential See: Cox Internet Ports Blocked    

Verizon Wireless - Through a cellphone wifi hotspot.  

     

T-Mobile

    Through a cellphone WiFi hotspot.
Optimum Online
  port 445 is disallowed for both residential and business accounts

Ziggo

     
TDS Telecom See https://tdstelecom.com/support/internet/setup-block-internet-ports.html    
Telenet   BE  
OnsBrabantNet Glasvezel   NL  
XS4ALL   NL  
Videotron      
RCN      

Rogers Cable (Canada)

  Canada All Home and SMB Services including Ignite (Disallowed)
Cell tethering (Allowed)

Claro Peru- All Home Service

  Peru  
NET Virtua (Brazil)   Brazil  
Movistar Peru-   Peru All Home Service

Vivo Mobile

  BR 4G, LTE and 3G
Movistar Peru- All Home Service      
Vodafone   India 4G, LTE and 3G

 


See also