diff --git a/azurerm/internal/services/storage/storage_data_lake_gen2_filesystem_resource.go b/azurerm/internal/services/storage/storage_data_lake_gen2_filesystem_resource.go
index b14d4e2459e3..0c5eea8e568c 100644
--- a/azurerm/internal/services/storage/storage_data_lake_gen2_filesystem_resource.go
+++ b/azurerm/internal/services/storage/storage_data_lake_gen2_filesystem_resource.go
@@ -139,6 +139,12 @@ func resourceStorageDataLakeGen2FileSystemCreate(d *schema.ResourceData, meta in
 		return fmt.Errorf("Error checking for existence of Storage Account %q (Resource Group %q): %+v", storageID.Name, storageID.ResourceGroup, err)
 	}
 
+	if acl != nil && (storageAccount.AccountProperties == nil ||
+		storageAccount.AccountProperties.IsHnsEnabled == nil ||
+		!*storageAccount.AccountProperties.IsHnsEnabled) {
+		return fmt.Errorf("ACL is enabled only when the Hierarchical Namespace (HNS) feature is turned ON")
+	}
+
 	fileSystemName := d.Get("name").(string)
 	propertiesRaw := d.Get("properties").(map[string]interface{})
 	properties := ExpandMetaData(propertiesRaw)
@@ -216,6 +222,12 @@ func resourceStorageDataLakeGen2FileSystemUpdate(d *schema.ResourceData, meta in
 		return fmt.Errorf("Error checking for existence of Storage Account %q (Resource Group %q): %+v", storageID.Name, storageID.ResourceGroup, err)
 	}
 
+	if acl != nil && (storageAccount.AccountProperties == nil ||
+		storageAccount.AccountProperties.IsHnsEnabled == nil ||
+		!*storageAccount.AccountProperties.IsHnsEnabled) {
+		return fmt.Errorf("ACL is enabled only when the Hierarchical Namespace (HNS) feature is turned ON")
+	}
+
 	propertiesRaw := d.Get("properties").(map[string]interface{})
 	properties := ExpandMetaData(propertiesRaw)
 
@@ -292,24 +304,22 @@ func resourceStorageDataLakeGen2FileSystemRead(d *schema.ResourceData, meta inte
 		return fmt.Errorf("Error setting `properties`: %+v", err)
 	}
 
-	// The above `getStatus` API request doesn't return the ACLs
-	// Have to make a `getAccessControl` request, but that doesn't return all fields either!
-	pathResponse, err := pathClient.GetProperties(ctx, id.AccountName, id.DirectoryName, "/", paths.GetPropertiesActionGetAccessControl)
-	if err != nil {
-		if utils.ResponseWasNotFound(pathResponse.Response) {
-			log.Printf("[INFO] Root path does not exist in File System %q in Storage Account %q - removing from state...", id.DirectoryName, id.AccountName)
-			d.SetId("")
-			return nil
+	var ace []interface{}
+	// acl is only enabled when `IsHnsEnabled` is true otherwise the rest api will report error
+	if storageAccount.AccountProperties != nil && storageAccount.AccountProperties.IsHnsEnabled != nil &&
+		*storageAccount.AccountProperties.IsHnsEnabled {
+		// The above `getStatus` API request doesn't return the ACLs
+		// Have to make a `getAccessControl` request, but that doesn't return all fields either!
+		pathResponse, err := pathClient.GetProperties(ctx, id.AccountName, id.DirectoryName, "/", paths.GetPropertiesActionGetAccessControl)
+		if err == nil {
+			acl, err := accesscontrol.ParseACL(pathResponse.ACL)
+			if err != nil {
+				return fmt.Errorf("Error parsing response ACL %q: %s", pathResponse.ACL, err)
+			}
+			ace = FlattenDataLakeGen2AceList(acl)
 		}
-
-		return fmt.Errorf("Error retrieving ACLs for Root path in File System %q in Storage Account %q: %+v", id.DirectoryName, id.AccountName, err)
-	}
-
-	acl, err := accesscontrol.ParseACL(pathResponse.ACL)
-	if err != nil {
-		return fmt.Errorf("Error parsing response ACL %q: %s", pathResponse.ACL, err)
 	}
-	d.Set("ace", FlattenDataLakeGen2AceList(acl))
+	d.Set("ace", ace)
 
 	return nil
 }