SMB SSO with Microsoft Entra (Azure AD) Domain ServicesSMB SSO with Microsoft Entra (Azure AD) Domain ServicesSMB SSO with Microsoft Entra (Azure AD) Domain ServicesSMB SSO with Microsoft Entra (Azure AD) Domain Services
  • Products
        • Global File Services

        • CloudNAS
        • CacheDrives
        • Plans
        • Integrations

        • Remote Team Collaboration
        • Multicloud Redundancy
        • Morro Audit
        • Morro Migrate
        • Integrations

        • Morro Duplicate
        • Morro Versioning
        • Morro Edge
        • SharePoint Sync
  • Solutions
        • Solutions

        • Multisite Sync
        • Hybrid Workplace (WFH)
        • Backup & Disaster Recovery
        • HIPAA
        • Industries

        • AEC
        • Media & Entertainment
        • Manufacturing
        • Education
  • Resources
        • Resources

        • Resource Center
        • Case Studies
        • Videos & Webinars
        • Company

        • About
        • Blog
        • News
        • Contact Us
  • Partners
    • Partner Program
    • Channel Partners
    • Technology Partners
    • Partner Resources
  • Support
  • us flag mini icon EN
    • japan flag mini icon JP
Get a Demo

More results

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

SMB SSO with Microsoft Entra (Azure AD) Domain Services

 

 

SMB Single-Sign-On with Microsoft Entra ID Domain Services (Azure AD Domain Services)

 

What Is Microsoft Entra Domain Services?

Microsoft Entra Domain Services (ME-ID DS), originally named Azure Active Directory (Azure AD), is a cloud-based identity and access management service. It empowers employees to access both internal and external resources seamlessly, including Microsoft 365, the Azure portal, and Software-as-a-Service (SaaS) applications.

In addition, Microsoft Entra Domain Services (ME-ID DS) offers managed domain services. This eliminates the necessity for deploying domain controllers in the cloud when users engage in domain join, utilize group policies, leverage LDAP, and employ Kerberos/NTLM authentication. ME-ID DS streamlines and simplifies domain-related functionalities, making it an efficient choice for organizations looking to manage their cloud-based and on-premises resources seamlessly.

 

Domain Services for the Cloud Era

Microsoft Entra Domain Services is designed for the cloud and is not meant for accessing on-prem resources or legacy applications running in Windows VMs on Azure. On-prem file sharing in a LAN environment, however, uses the SMB protocol and requires domain authentication. Microsoft Entra Domain Services (ME-ID DS) extends AD Domain Services to Microsoft Entra ID and enables

  • AD-based authentication for SMB applications
  • Consolidation of multiple on-prem domain controllers to the cloud

 

Cloud-Centric with On-Prem Performance

Global file availability at LAN speeds. Worldwide Active Directory services are manageable from a single site. These are some of the main benefits of the following cloud migration strategy:

  • Migrate legacy on-prem file storage to Morro Data Global File Services: Seamlessly transition your legacy on-premises file storage to Morro Data Global File Services, ensuring that your files are accessible and perform at efficiency, regardless of location.
  • Migrate authentication to Microsoft Entra Domain Services (ME-ID DS): By moving your authentication processes to Microsoft Entra Domain Services, you not only enhance security but also simplify user management on a global scale.

Additionally, with Morro Data’s Microsoft Entra Domain Services integration, users can enjoy the benefits of fast SMB access with the convenience of Single-Sign-On (SSO).

 

Which Authentication Modes for SMB SSO?

Morro Data supports Active Directory as well as Microsoft Entra ID for user authentication.  In the context of CacheDrive share access, the following table shows the three different types of organizations:

  • Microsoft Entra ID (ME-ID)

    • organization that uses Microsoft 365
    • user must login separately when access CacheDrive
  • Active Directory

    • organization that uses on-prem or cloud-based domain controller
    • user can access CacheDrive from a domain-joined PC with SSO
  • Microsoft Entra Domain Services (ME-ID DS)

    • organization that uses cloud-based domain services
    • user can access CacheDrive from a domain-joined PC with SSO

As you can see, AD and ME-ID DS function exactly the same when it comes to SMB access authorization.

The following table gives more details:

Method Morro

Auth Mode

Windows Login SSO Notes
ME-ID ME-ID ME-ID Manual credential sync

Need password for access

Simple setup
Active Directory Active Directory

(*1)

domain-joined PC SSO for share access (*2)
ME-ID DS Active Directory

(*1)

domain-joined PC SSO for share access (*2)
Non domain-joined PC Automatic credential sync

Need password for access

For BYOD (bring-your-own-device)

 

(*1) When configuring the Morro authentication mode, “Active Directory” should be used for both AD and ME-ID DS setups.
(*2) For SMB access, Microsoft does not support SSO using WHFB (Windows Hello for Business) yet.

 

SSO Requires Domain-Joined PC

In a ME-ID DS environment, the CacheDrive becomes a trusted server when it joins the domain.  When a user signs in to a domain-joined Windows PC, it also establishes a trust relation between the PC user and the domain. The combination of the above trust relations allow SSO access to the shares on the CacheDrive.

These diagrams illustrate the two Windows login scenarios with ME-ID DS.

 

Steps for Authentication with Microsoft Entra Domain Services

Enabling CacheDrive access using Microsoft Entra Domain Services with Single Sign-On (SSO) is a streamlined process that ensures secure and efficient authentication. Here are the steps involved in setting up this authentication method:

  1. Set up the Microsoft Entra Domain Services.
  • ME-ID DS is created by syncing the directory from ME-ID to ME-ID DS.
  1. Join the Windows PC to the Microsoft Entra Domain Services
  2. Join the Morro Data CacheDrive to the Microsoft Entra Domain Services

For detailed instructions and best practices regarding each of these steps, refer to the Best Practice Guide. This guide offers configuration details and tips to ensure a smooth implementation of CacheDrive access using ME-ID DS with SSO. 

 

Share

Blog Guides

  • AEC Industry
  • AutoCAD
  • Azure Cloud NAS
  • Best Cloud Storage
  • Cloud Backup
  • Cloud File System
  • Cloud File Server
  • Cloud Migration
  • Cloud VDI Storage
  • Data Loss Prevention
  • Dropbox File sharing
  • FTP File Transfer
  • Media Storage
  • Microsoft Office365
  • Multicloud Strategy
  • NAS vs Cloud NAS
  • NAS Device
  • Oil and Gas Storage
  • Poor Connection
  • Ransomware Protection
  • Remote Work Solution
  • SSO with Microsoft Entra Domain Services (Azure AD Domain Services)
  • Unstructured Data Management
  • VPN File Sharing
Company

About
Morro Blog
News
Careers
Contact Us
Recognitions

Solutions
Multisite Sync
Hybrid Workplace (WFH)
Cloud Backup
HIPAA
AEC
Media and Entertainment
Windows Server Replacement
Products
CloudNAS
CacheDrives
Plans
Remote Team Collaboration for Revit
Multicloud Redundancy
Morro Audit
Morro Migrate
Morro Duplicate
Morro Versioning
Morro Edge
SharePoint Sync

Support
Support Center
Privacy Policy
Warranty
EULA
GDPR
Terms

CRN 2024 Storage 100 - Morro Data
Copyright © 2024 Morro Data. All Rights Reserved
Get a Demo