SMB SSO with Azure AD Domain ServicesSMB SSO with Azure AD Domain ServicesSMB SSO with Azure AD Domain ServicesSMB SSO with Azure AD Domain Services
  • Products

        • Global File Services

        • CloudNAS
        • CacheDrives
        • Plans

        • Integrations

        • Remote Team Collaboration
        • Multicloud Redundancy
        • Morro Audit
        • Morro Migrate

        • Integrations

        • Morro Duplicate
        • Morro Versioning
        • Morro Edge
        • SharePoint Sync
  • Solutions

        • Solutions

        • Multisite Sync
        • Hybrid Workplace (WFH)
        • Backup & Disaster Recovery
        • HIPAA

        • Industries

        • AEC
        • Media & Entertainment
        • Manufacturing
        • Education
  • Resources

        • Resources

        • Resource Center
        • Case Studies
        • Videos & Webinars

        • Company

        • About
        • Blog
        • News
        • Contact Us
  • Partners
    • Partner Program
    • Channel Partners
    • Technology Partners
    • Partner Resources
  • Support
  • US flag icon
    • jp flag icon 日本 (Japan)
Book Demo

More results

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

SMB SSO with Azure AD Domain Services

 

 

SMB Single-Sign-On with Azure AD Domain Services

 

What Is Azure Active Directory Domain Services?

Azure Active Directory (Azure AD) is a cloud-based identity and access management service. It empowers employees to access both internal and external resources seamlessly, including Microsoft 365, the Azure portal, and Software-as-a-Service (SaaS) applications.

In addition, Azure Active Directory Domain Services (AAD DS) offers managed domain services. This eliminates the necessity for deploying domain controllers in the cloud when users engage in domain join, utilize group policies, leverage LDAP, and employ Kerberos/NTLM authentication. AAD DS streamlines and simplifies domain-related functionalities, making it an efficient choice for organizations looking to manage their cloud-based and on-premises resources seamlessly.

 

Domain Services for the Cloud Era

Azure AD is designed for the cloud and is not meant for accessing on-prem resources or legacy applications running in Windows VMs on Azure. On-prem file sharing in a LAN environment, however, uses the SMB protocol and requires domain authentication. Microsoft’s Azure AD Domain Services extends AD Domain Services to Azure AD and enables

  • AD-based authentication for SMB applications
  • Consolidation of multiple on-prem domain controllers to the cloud

 

Cloud-Centric with On-Prem Performance

Global file availability at LAN speeds. Worldwide Active Directory services are manageable from a single site. These are some of the main benefits of the following cloud migration strategy:

  • Migrate legacy on-prem file storage to Morro Data Global File Services: Seamlessly transition your legacy on-premises file storage to Morro Data Global File Services, ensuring that your files are accessible and perform at efficiency, regardless of location.
  • Migrate authentication to Azure Active Directory Domain Services (AAD DS): By moving your authentication processes to Azure Active Directory Domain Services, you not only enhance security but also simplify user management on a global scale.

Additionally, with Morro Data’s Azure AD DS integration, users can enjoy the benefits of fast SMB access with the convenience of Single-Sign-On (SSO).

 

Which Authentication Modes for SMB SSO?

Morro Data supports Active Directory as well as Azure AD for user authentication.  In the context of CacheDrive share access, the following table shows the three different types of organizations:

  • Azure AD

    • organization that uses Microsoft 365
    • user must login separately when access CacheDrive

  • Active Directory

    • organization that uses on-prem or cloud-based domain controller
    • user can access CacheDrive from a domain-joined PC with SSO

  • Azure AD Domain Services

    • organization that uses cloud-based domain services
    • user can access CacheDrive from a domain-joined PC with SSO

As you can see, AD and AAD DS function exactly the same when it comes to SMB access authorization.

The following table gives more details:

Method Morro

Auth Mode

 Windows Login SSO Notes
Azure AD Azure AD Azure AD Manual credential sync

Need password for access

 Simple setup
Active Directory Active Directory

(*1)

 domain-joined PC SSO for share access (*2)
Azure AD DS Active Directory

(*1)

 domain-joined PC SSO for share access (*2)
Non domain-joined PC Automatic credential sync

Need password for access

 For BYOD (bring-your-own-device)

 

(*1) When configuring the Morro authentication mode, “Active Directory” should be used for both AD and Azure AD DS setups.
(*2) For SMB access, Microsoft does not support SSO using WHFB (Windows Hello for Business) yet.

 

SSO Requires Domain-Joined PC

In an Azure AD DS environment, the CacheDrive becomes a trusted server when it joins the domain.  When a user signs in to a domain-joined Windows PC, it also establishes a trust relation between the PC user and the domain. The combination of the above trust relations allow SSO access to the shares on the CacheDrive.

These diagrams illustrate the two Windows login scenarios with Azure AD DS.

 

Steps for Authentication with AAD DS

Enabling CacheDrive access using Azure Active Directory Domain Services with Single Sign-On (SSO) is a streamlined process that ensures secure and efficient authentication. Here are the steps involved in setting up this authentication method:

  1. Set up the Azure AD Domain Services.
  • AAD DS is created by syncing the directory from AAD to AAD DS.
  1. Join the Windows PC to the Azure AD Domain Services
  2. Join the Morro Data CacheDrive to the Azure AD Domain Services

For detailed instructions and best practices regarding each of these steps, refer to the Best Practice Guide. This guide offers configuration details and tips to ensure a smooth implementation of CacheDrive access using Azure AD DS with SSO. 

 

Share

Blog Guides

  • AEC Industry
  • AutoCAD
  • Azure Cloud NAS
  • Best Cloud Storage
  • Cloud Backup
  • Cloud File System
  • Cloud File Server
  • Cloud Migration
  • Cloud Workstations
  • Data Loss Prevention
  • Dropbox File sharing
  • FTP File Transfer
  • Media Storage
  • Microsoft Office365
  • Multicloud Strategy
  • NAS vs Cloud NAS
  • NAS Device
  • Oil and Gas Storage
  • Poor Connection
  • Ransomware Protection
  • Remote Work Solution
  • SSO with Azure AD Domain Services
  • Unstructured Data Management
  • VPN File Sharing
capterra review

Company

About
Morro Blog
News
Careers
Contact Us
Recognitions

Solutions

Multisite Sync
Hybrid Workplace (WFH)
Cloud Backup
HIPAA
AEC
Media and Entertainment
Windows Server Replacement

Products

CloudNAS
CacheDrives
Plans
Remote Team Collaboration for Revit
Multicloud Redundancy
Morro Audit
Morro Migrate
Morro Duplicate
Morro Versioning
Morro Edge
SharePoint Sync
Pricing

Support

Help Center
Privacy Policy
Warranty
EULA
GDPR
Terms
Copyright © 2023 Morro Data. All Rights Reserved
Book Demo