SMB Single-Sign-On with Azure AD Domain ServicesSMB Single-Sign-On with Azure AD Domain ServicesSMB Single-Sign-On with Azure AD Domain ServicesSMB Single-Sign-On with Azure AD Domain Services
  • Products
        • Global File Services

        • CloudNAS
        • CacheDrives
        • Plans
        • Integrations

        • Remote Team Collaboration
        • Multicloud Redundancy
        • Morro Audit
        • Morro Migrate
        • Integrations

        • Morro Duplicate
        • Morro Versioning
        • Morro Edge
        • SharePoint Sync
  • Solutions
        • Solutions

        • Multisite Sync
        • Hybrid Workplace (WFH)
        • Backup & Disaster Recovery
        • HIPAA
        • Industries

        • AEC
        • Media & Entertainment
        • Education
  • Resources
        • Resources

        • Resource Center
        • Case Studies
        • Videos & Webinars
        • Company

        • About
        • Blog
        • News
        • Contact Us
  • Partners
    • Partner Program
    • Channel Partners
    • Technology Partners
    • Partner Resources
  • Support
  • US flag icon
    • jp flag icon 日本 (Japan)
Book Demo

More results

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

SMB Single-Sign-On with Azure AD Domain Services

 

 

SMB Single-Sign-On with Azure AD Domain Services

 

Cloud-Centric with On-Prem Performance

Global file availability at LAN speeds. Worldwide Active Directory services manageable from a single site. These are some of the main benefits of the following cloud migration strategy:

  • Migrate legacy on-prem file storage to Morro Data Global File Services and
  • Migrate authentication to Azure Active Directory Domain Services (AAD DS)

Additionally, with Morro Data’s Azure AD DS integration, users can enjoy the benefits of fast SMB access with the convenience of Single-Sign-On (SSO).

 

Domain Services for the Cloud Era

Azure AD is designed for the cloud and is not meant for accessing on-prem resources or legacy applications running in Windows VMs on Azure. On-prem file sharing in a LAN environment, however, uses the SMB protocol and requires domain authentication. Microsoft’s Azure AD Domain Services extends AD Domain Services to Azure AD and enables

  • AD-based authentication for SMB applications
  • Consolidation of multiple on-prem domain controllers to the cloud

 

Which Authentication Modes for SMB SSO?

Morro Data supports Active Directory as well as Azure AD for user authentication.  In the context of CacheDrive share access, the following table shows the three different types of organizations:

  • Azure AD

    • organization that uses Microsoft 365
    • user must login separately when access CacheDrive
  • Active Directory

    • organization that uses on-prem or cloud-based domain controller
    • user can access CacheDrive from a domain-joined PC with SSO
  • Azure AD Domain Services

    • organization that uses cloud-based domain services
    • user can access CacheDrive from a domain-joined PC with SSO

As you can see, AD and AAD DS function exactly the same when it comes to SMB access authorization.

The following table gives more details:

Method Morro

Auth Mode

Windows Login SSO Notes
Azure AD Azure AD Azure AD Manual credential sync

Need password for access

Simple setup
Active Directory Active Directory

(*1)

domain-joined PC SSO for share access (*2)
Azure AD DS Active Directory

(*1)

domain-joined PC SSO for share access (*2)
Non domain-joined PC Automatic credential sync

Need password for access

For BYOD (bring-your-own-device)

 

(*1) When configuring the Morro authentication mode, “Active Directory” should be used for both AD and Azure AD DS setups.
(*2) For SMB access, Microsoft does not support SSO using WHFB (Windows Hello for Business) yet.

 

SSO Requires Domain-Joined PC

In an Azure AD DS environment, the CacheDrive becomes a trusted server when it joins the domain.  When a user signs in to a domain-joined Windows PC, it also establishes a trust relation between the PC user and the domain. The combination of the above trust relations allow SSO access to the shares on the CacheDrive.

These diagrams illustrate the two Windows login scenarios with Azure AD DS.

 

Steps for Authentication with AAD DS

Enabling CacheDrive access using Azure AD DS with SSO involves the following steps:

  1. Set up the Azure AD Domain Services.
  • AAD DS is created by syncing the directory from AAD to AAD DS.
  1. Join the Windows PC to the Azure AD Domain Services
  2. Join the Morro Data CacheDrive to the Azure AD Domain Services

For the details of the above steps, please see the Best Practice Guide.

 

 

Did You Know

Azure Active Directory

Azure Active Directory (Azure AD) is a cloud-based identity and access management service. With Azure AD, employees can access internal and external resources, including Microsoft 365, the Azure portal, and SaaS applications. 

Azure Active Directory Domain Services

Azure Active Directory Domain Services (AAD DS) provides managed domain services. There is no need to deploy domain controllers in the cloud when users use domain join, group policy, LDAP, and Kerberos/NTLM authentication.

Contents

  • SMB Single-Sign-On with Azure AD Domain Services
    • Cloud-Centric with On-Prem Performance
      • Domain Services for the Cloud Era
      • Which Authentication Modes for SMB SSO?
        • Azure AD
        • Active Directory
        • Azure AD Domain Services
      • SSO Requires Domain-Joined PC
      • Steps for Authentication with AAD DS
      • Azure Active Directory
      • Azure Active Directory Domain Services
Share

Blog Guides

  • AEC Industry
  • AutoCAD
  • Azure Cloud NAS
  • Best Cloud Storage
  • Cloud Backup
  • Cloud File System
  • Cloud Migration
  • Cloud Workstations
  • Data Loss Prevention
  • Dropbox File sharing
  • FTP File Transfer
  • Media Storage
  • Microsoft Office365
  • NAS vs Cloud
  • NAS Device
  • Poor Connection
  • Ransomware Protection
  • Remote Work Solution
  • SSO with Azure AD Domain Services
  • VPN File Sharing

Company

About
Morro Blog
News
Careers
Contact Us
Recognitions

Solutions

Multisite Sync
Hybrid Workplace (WFH)
Cloud Backup
HIPAA
AEC
Media and Entertainment
StorSimple Replacement

Products

CloudNAS
CacheDrives
Plans
Remote Team Collaboration for Revit
Multicloud Redundancy
Morro Audit
Morro Migrate
Morro Duplicate
Morro Versioning
Morro Edge
SharePoint Sync
Pricing

Support

Help Center
Privacy Policy
Warranty
EULA
GDPR
Terms
Copyright © 2023 Morro Data. All Rights Reserved
Book Demo