Hi folks
I'm trying to map a network drive from a Windows 10 device to an SMB share within Azure. Here's the scenario:
- Windows Autopilot device AADJ and Intune enrolled
- Windows 10 Enterprise
- M365 E5 license
- No on-prem access, purely cloud
I'm trying to get the device to map to the following SMB share, which is a Windows server within Azure (I didn't set this up and was simply provided with a test share to connect to that the identity has access to):
The issue I currently have, is that when I test the below script, I'm having to get the credentials of the current identity along with the pw, convert the pw to a secure string and then pass those variables back for PowerShell to map the drive. I'm having to use the Get-Credentials as the current challenge (and if anyone can find a way around this, I'd be so grateful), is that we use Windows Hello for Business PIN for the enterprise and it tries to pass the PIN to the SMB drive mapping and not the UPN and password. It appears to reject the PIN as it keeps coming back as password incorrect. If I use the UPN and password for the identity, it works. I'm not sure of anyway I can get it to force the UPN and password rather than PIN for the drive mapping silently. Hence, this is why I am currently testing with Get-Credentials but as it's interactive, it's not great. I'd rather this all be silent and with no interaction, so I could just deploy using Intune with no interaction when the drive maps.
The server I am having to connect to is in Azure (the below server names are obviously changed as well as the identity UPN):
Here's the small script, which is very basic - so any suggestions, please advise:
$credential = Get-Credential
$credential.UserName
$credential.Password | ConvertFrom-SecureString | Set-Content c:\info.txt
$encrypted = Get-Content c:\info.txt | ConvertTo-SecureString
$credential = New-Object System.Management.Automation.PsCredential($credential.Username, $encrypted)
New-PSDrive -Name "Z" -Root \\server.internal.domain.co.uk\SMBShare -Persist -PSProvider "Filesystem" -Credential $credential -Scope global
The identity I am testing with is similar to this format (obviously this UPN is fake): testuser1@keyman .onmicrosoft.com
Not sure if this will be possible without interaction. Any help appreciated.
Thanks all.