Hi All,
I am hoping you can help me with something. Some back story, in our business we are trying to utilise a central resource of files/folders for AutoCAD tool palettes. We have migrated business data from a physical server into SharePoint and also all devices are Azure AD joined and managed by Intune MDM. We do have a on-prem Sever 2016 Active Directory DS instance that is replicating to Azure AD. Information on our environment, these are examples;
On-Prem Domain Name: business.local
Azure AD Tennant Name: businessworld.onmicrosoft.com
Azure AD DS Managed Domain: business.global
I am looking to utilise Azure File Shares via a storage account and would like to be able to authenticate access to these without the need to connect to a VPN and/or have 'line of sight' to our on-prem domain controller instance. The reason for no VPN, is because since the move to SharePoint for our business, the need for VPN has diminished significantly, and I'd rather not increase that usage again.
So far I have completed the following with Azure File Shares and Azure ADDS;
- Enabled and deployed Azure ADDS on a 'Standard' tier (business.global)
- Update the DNS settings and allowed Azure to autopopulate the DNS settings.
- Enabled password hash synchronization from our on-prem DC to Azure AD and confirmed it is synchronizing.
- Built and installed a Windows 10 22H2 Azure VM and joined this device to our Managed Domain (business.global)
- Created an Azure Storage Account, and enabled it for Azure AD DS authentication. (I checked the box "Default to Azure Active Directory authorization in the Azure portal")
- Created the File Share in the storage account and enabled it for Azure AD DS authentication.
- Setup access at share level by providing role assignments to the "Storage File Data SMB Share Elevated Contributor" role to a group and an individual.
I can confirm that from the Windows 10 Azure VM, using the storage account key I can map the drive without any issues.
I can confirm that from a Azure AD joined device (Intune MDM), using the storage account key, I can map the drive without any issues.
However, when I try and map the drive using Active Directory authentication, I get an error message about it having an incorrect network login.
To test this, I did setup an second Azure File Share and linked this directly with our on-prem AD without Azure AD DS. When connected to the VPN and authenticating directly with on-prem AD it works fine.
Hopefully this make sense :-)