Despite extensively reviewing various discussions, FAQs, articles, and Microsoft documentation, I remain uncertain about the feasibility of my desired setup.
I am attempting to implement a purely cloud-based solution involving an Azure Virtual Desktop environment and Azure Active Directory for authentication. My intention is to incorporate a file share (network drive) accessible by all users within the Azure Virtual Desktop environment, and I have gathered that Azure File Shares is the most suitable option for this purpose.
To accomplish my objective, is it necessary to utilize Azure Active Directory Domain Services for authentication, Azure AD Kerberos, or neither?
Ultimately, my aim is to enable users to authenticate to the file share using their Azure Active Directory accounts, ensuring that the files within the file share are owned by the respective users.
With my current setup I followed the steps of these articles
- Create a profile container with Azure Files and Azure Active Directory
- Enable Azure Active Directory Kerberos authentication for hybrid identities on Azure Files
- Enable Azure Active Directory Domain Services authentication on Azure Files.
PS C:\Users\MoritzKnorr> New-PSDrive -Name Z -PSProvider FileSystem -Root "\\NAME.file.core.windows.net\virtual-desktop\Test\"
New-PSDrive: The specified drive root "\\NAME.file.core.windows.net\virtual-desktop\Test\" either does not exist, or it is not a folder.
PS C:\Users\MoritzKnorr> New-PSDrive -Name Z -PSProvider FileSystem -Root "\\NAME.file.core.windows.net\virtual-desktop\Test\" -Persist
New-PSDrive: The network resource type is not correct.
Yes, it's necessary to setup the Microsoft Entra Domain Services in order to authenticate the users present only in the Microsoft Entra Domain.
Step 1
Create a managed domain, it will take approximately 1 hour to deploy it.Monitor the status until it indicates "healthy. "Subsequently, add the required members or groups inside this managed domain.
Microsoft Entra domain service status "healthy":
Step 2
After the successful deployment of the managed domain, proceed to mount the file share using the Active Directory authentication script from the Azure portal within the AVD machine. Ensure that relevant permissions, such as "Storage File Data SMB Share Contributor," are assigned to the respective users. This step ensures that users outside the Microsoft Entra Domain will be prompted for network login credentials.
Prompt for network logon credentials:
Reference articles: