There are a growing number of commercial devices that can expose SMB 3.0 shares. They may have some of their own needs. If you own or are planning to own one of these devices, make sure that you work with the manufacturer to properly configure any necessary security settings to satisfy your organizational requirements.
If your SMB 3.0 share is running on a Windows Server 2012 R2 system, remember to disable CIFS/SMB 1.0. We showed you how to do that in Chapter 2, Securing the Host, but it's worth repeating:
Remove-WindowsFeature -Name FS-SMB1
Next, lock down the share itself. Unlike NTFS permissions, Hyper-V will not get involved with the configuration of a share.