Authenticate to Azure Files from Azure AD joined device
We can use Azure AD DS and AD (in preview) to authenticate users to Azure Files, but only if their device is Azure AD DS joined, or AD joined respectively. I want to be able to do this from Azure AD joined devices.
omplete the following steps to enable your organization's Azure AD joined devices to access on-premises resources.
To synchronize your users, groups, and contacts from local Active Directory into Azure Active Directory, run the Directory synchronization wizard and Azure AD Connect as described in Set up directory synchronization for Office 365.
After the directory synchronization is complete, make sure your organization's Windows 10 devices are Azure AD joined. This step is done individually on each Windows 10 device. See Set up Windows devices for Microsoft 365 Business Premium users for details.
Once the Windows 10 devices are Azure AD joined, each user must reboot their devices and sign in with their Microsoft 365 Business Premium credentials. All devices now have access to on-premises resources as well.
No additional steps are required to get access to on-premises resources for Azure AD joined devices. This functionality is built into Windows 10.
If you have plans to login to the AADJ device other than password method Like PIN/Bio-metric via WHFB credential login and then access on-premise resources (shares,printers..etc), please follow https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base
If your organization isn't ready to deploy in the Azure AD joined device configuration described above, consider setting up Hybrid Azure AD Joined device configuration.
Brian Scholl commented
This would be ideal. We could move more than a dozen clients over to Azure Files if it supported Azure AD Joined devices. Even better if it were to support folder level permissions below the root share.
Gerdo Lansing commented
This should definitely be possible!
We have Azure, with Azure AD DS, but our Windows 10 devices are not Azure AD DS joined (of course, you do not want that).
But we need to use the superuser account to map the network drive. That is a security issue.