Enable Azure Active Directory Kerberos authentication – Step by Step
Azure AD Kerberos. Allows you to connect to Azure File Shares using Azure Active Directory Credentials. Unfortunately, the identities (user) must still be synchronized from Active Directory to Azure Active Directory. But only this option allows you to connect to Azure File Shares from computers connected to Azure Active Directory and not to Active Directory.
- Configure Kerberos authentication for Azure files:
Provide AD details acquired by:
$domainInformation = Get-ADDomain
$domainGuid = $domainInformation.ObjectGUID.ToString()
$domainName = $domainInformation.DnsRoot
Configure the private link and make sure it resolves correctly (optional).
MFA excluded for Application [Storage Account]:
API permission granted for [Storage Account] application:
Computer must be Windows 10 with https://support.microsoft.com/topic/november-22-2021-kb5007253-os-builds-19041-1387-19042-1387-19043-1387-and-19044-1387-preview-d1847be9-46c1-49fc-bf56-1d469fc1b3af installed, or Windows 11 or Windows Server 2022. Add the following entry end restart the computer.
reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters /v CloudKerberosTicketRetrievalEnabled /t REG_DWORD /d 1 – executed and computer restarted.
Now you should be able to browse the Azure File Share.