azure-docs icon indicating copy to clipboard operation
azure-docs copied to clipboard
verified publisher icon MicrosoftDocs

Misleading information regarding "authentication against computer accounts" not being supported

Open tom-ditlev opened this issue 3 years ago • 4 comments

This page has this bullet:

"- Doesn't support authentication against computer accounts created in AD DS."

Maybe I misunderstand, but as I understand this today is exactly the default and preferred method.

Document Details

Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

tom-ditlev avatar Oct 13 '22 12:10 tom-ditlev

@tom-ditlev Thanks for your feedback! We will investigate and update as appropriate.

Naveenommi-MSFT avatar Oct 13 '22 16:10 Naveenommi-MSFT

@tom-ditlev I think what it means is that only AD user accounts (or service logon accounts) can authenticate with Azure Files - computer accounts can't. However, this gets confusing because the AD identity representing the Azure storage account (which is needed to enable AD DS authentication with Azure Files) is usually a computer account in AD (can also be a service logon account). I will confirm this with AD experts - thanks for calling it out.

khdownie avatar Oct 13 '22 17:10 khdownie

@tom-ditlev if there are any further questions regarding the documentation, please tag me in your reply and we will be happy to continue the conversation.

@khdownie Thank for your contribution. 👍

SaibabaBalapur-MSFT avatar Oct 14 '22 06:10 SaibabaBalapur-MSFT

@SaibabaBalapur-MSFT please keep this open for a few days, as I am confirming with the team.

khdownie avatar Oct 14 '22 14:10 khdownie

@SaibabaBalapur-MSFT I am doing my best to get an answer from engineering. Please hold off for a little while longer.

khdownie avatar Oct 31 '22 16:10 khdownie

@SaibabaBalapur-MSFT I have confirmed that this is outdated language that should be removed. Computer accounts didn't used to be supported for accessing Azure file shares because we don’t support RBAC share-level permissions for computer accounts. Identities that can’t be configured with RBAC (like computer accounts) can now get access to the share using the "default share permissions" feature. So I will remove this language from the docs.

khdownie avatar Nov 02 '22 23:11 khdownie

@khdownie Thank for your input.

@tom-ditlev If there are any further questions regarding the documentation, please tag me in your reply and we will be happy to continue the conversation.

SaibabaBalapur-MSFT avatar Nov 03 '22 05:11 SaibabaBalapur-MSFT

I updated the language on the page. #please-close

khdownie avatar Nov 03 '22 22:11 khdownie