Azure AD joined machines and Azure AD DS integrated file share

Bhushan Gawale 246 Reputation points
2022-08-23T14:34:56.6+00:00

Hey everyone,

We have a scenario where users wish to mount a Azure file share as a network drive using their Azure AD credentials on their machines that are Azure AD linked.

Because Azure file share supports integration with domain controllers, we have provisioned Azure Active Directory Domain Controller Services for the same Azure AD where user's workstations are connected and with this, we were hoping that workstations would be able to mount file shares using their Azure AD creds but it does not seem to be the case and rightly so, because workstations cannot find the Azure managed domain controllers.

Is there any workaround for this or the only option would be to join user machines to newly provisioned Azure AD DS?
Even for this, either site to site or point to site VPN connectivity needs to be established so that AADDCS could be reached from user / org network.

Thanks in advance.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,648 questions
Azure Files
Azure Files
An Azure service that offers file shares in the cloud.
825 questions
Azure Active Directory Domain Services

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JimmySalian-2011 30,066 Reputation points
    2022-08-23T15:27:12.983+00:00

    Hi @Bhushan Gawale ,

    Thank you for asking this question on the Microsoft Q&A Platform.

    There is no workaround for this and this is the limitation of AD DS, the Computer objects for computers joined to an on-premises AD DS environment aren't synchronized to Azure AD DS. These computers don't have a trust relationship with the managed domain and only belong to the on-premises AD DS environment. In Azure AD DS, only computer objects for computers that have explicitly domain-joined to the managed domain are shown and configured with access to file shares or policies.

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

  2. JimmySalian-2011 30,066 Reputation points
    2022-08-24T09:34:06.827+00:00

    Hi @Bhushan Gawale ,

    Apologies I assumed it is Onprem AD, I think the only way to acheive your requirements is to domain join the VM to ADDS and AFAIK an Azure AD-joined or registered device and user authentication happens using modern OAuth / OpenID Connect based protocols. These protocols are designed to work over the internet, so are great for mobile scenarios where users access corporate resources from anywhere.

    With Azure AD DS-joined devices, applications can use the Kerberos and NTLM protocols for authentication, so can support legacy applications migrated to run on Azure VMs as part of a lift-and-shift strategy, hence I will suggest you try with a ADDS joined VM and validate your scenario.

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.