We are looking at moving workloads to Azure and the legacy ones (NTLM and Kerberos) we are thinking of using Azure AD DS. We don't want to have any on-premises AD DS so our workstations will only be Azure AD Joined. Can some explain if it is possible to access the resources joined to Azure AD DS seamlessly from the Azure AD joined workstations. They will physically be able to access the servers via ExpressRoute or a site-to-site VPN. I have tested this set up in a lab with a file server, but if I try and access a share I get prompted credentials. Am I missing something as I cannot see how Azure AD DS works in a Cloud Only environment for both workloads and workstations.