How to access azure file shares with domain credentials from Domain joined machines over internet

Question

How to access azure file shares with domain credentials from Domain joined machines over internet

Sivaram 0

Currently using Cache servers with AFS and planning to remove cache servers and access Azure File shares directly. What changes I need to made on existing storage accounts to support Microsoft Entra Kerberos authentication. User identites are hybrid and devices are entra ID hybrid

Syed Aaqid Ali 335 Reputation points Microsoft External Staff

2025-03-11T22:32:48.09+00:00

Hi Sivaram,

Checking to see whether you have resolved the issue with the solution provided above, or if you need any further assistance, please let us know.
Syed Aaqid Ali 335 Reputation points Microsoft External Staff

2025-03-12T21:05:12.9433333+00:00

Hello Sivaram,

I wanted to follow up and see if the solution proposed helped (pointed you in the right direction) > please do not forget to “up-vote”. which might be beneficial to other community members reading this thread. And, if you have any further queries do let us know.

1 answer

Your answer

Syed Aaqid Ali 335 Reputation points Microsoft External Staff

2025-03-11T22:32:48.09+00:00

Hi Sivaram,

Checking to see whether you have resolved the issue with the solution provided above, or if you need any further assistance, please let us know.
Syed Aaqid Ali 335 Reputation points Microsoft External Staff

2025-03-12T21:05:12.9433333+00:00

Hello Sivaram,

I wanted to follow up and see if the solution proposed helped (pointed you in the right direction) > please do not forget to “up-vote”. which might be beneficial to other community members reading this thread. And, if you have any further queries do let us know.

Answer 1

Hi Sivaram,

To access Azure file shares with domain credentials from Domain joined machines over the internet using Microsoft Entra Kerberos authentication, you may need to ensure that your Azure storage account is configured correctly. Highly recommend checking the Prerequisites. Below are the steps which would be helpful.

Enable Microsoft Entra Kerberos Authentication: You must enable Microsoft Entra Kerberos authentication for your Azure file shares. This requires that your user identities are hybrid and that your devices are Microsoft Entra hybrid joined.

Storage Account Configuration: Ensure that your Azure storage account is not configured to authenticate with both Microsoft Entra ID and another method like Active Directory Domain Services (AD DS) or Microsoft Entra Domain Services. If it is, you will need to disable the other authentication method.

User Accounts: The accounts must be hybrid user identities, meaning they should be created in Active Directory and synced to Microsoft Entra ID using either Microsoft Entra Connect or Microsoft Entra Connect cloud sync.

Disable MFA: Microsoft Entra Kerberos does not support multi-factor authentication (MFA) for accessing Azure file shares. You will need to exclude the Microsoft Entra app representing your storage account from MFA conditional access policies.

Network Connectivity: For configuring directory and file-level permissions, you will need unimpeded network connectivity to an on-premises Active Directory.

Operating System Requirements: Ensure that the client machines are running compatible operating systems, such as Windows 11 Enterprise/Pro.

References:

Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members. User's image

If you have any other questions or are still running into more issues, let me know in the "comments" and I would be happy to help you.

Share via

How to access azure file shares with domain credentials from Domain joined machines over internet

1 answer

Your answer