Document Details

Storage Files Identity Auth Domain Services Enable
Home / Scan 41 / Storage Files Identity Auth Domain Services Enable
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Bias Types:
⚠️ windows_first
⚠️ powershell_heavy
⚠️ windows_tools
⚠️ missing_linux_example
Summary:
The documentation page exhibits a strong Windows bias. It consistently references Windows-specific tools and workflows (such as Windows PowerShell, Windows Server Active Directory cmdlets, and Windows domain-joined VMs) and provides detailed instructions and examples only for Windows environments. There are no Linux-specific instructions or examples for mounting Azure Files with Microsoft Entra Domain Services, nor guidance for Linux domain-joined VMs or Kerberos configuration on Linux. The prerequisites and workflow are described solely from a Windows perspective.
Recommendations:
  • Add equivalent Linux instructions for mounting Azure Files with Microsoft Entra Domain Services authentication, including Kerberos configuration and troubleshooting.
  • Provide examples using Linux command-line tools (e.g., kinit, smbclient, mount.cifs) for accessing Azure file shares with identity-based authentication.
  • Include guidance for domain-joining Linux VMs to Microsoft Entra Domain Services, if supported, or clearly state any platform limitations.
  • When listing tools or workflows, present both Windows and Linux options, or clarify platform support early in the document.
  • If Linux is not supported for this scenario, explicitly state this in the prerequisites and introduction to set expectations.
GitHub Create pull request

Scan History

Date Scan ID Status Bias Status
2025-08-19 00:01 #85 completed ✅ Clean
2025-07-13 21:37 #48 completed ✅ Clean
2025-07-12 23:44 #41 in_progress ❌ Biased

Flagged Code Snippets

# Create a new storage account New-AzStorageAccount -ResourceGroupName "<resource-group-name>" ` -Name "<storage-account-name>" ` -Location "<azure-region>" ` -SkuName Standard_LRS ` -Kind StorageV2 ` -EnableAzureActiveDirectoryDomainServicesForFile $true
# Update a storage account Set-AzStorageAccount -ResourceGroupName "<resource-group-name>" ` -Name "<storage-account-name>" ` -EnableAzureActiveDirectoryDomainServicesForFile $true
--- ## Recommended: Use AES-256 encryption By default, Microsoft Entra Domain Services authentication uses Kerberos RC4 encryption. We recommend configuring it to use Kerberos AES-256 encryption instead by following these instructions. The action requires running an operation on the Active Directory domain that's managed by Microsoft Entra Domain Services to reach a domain controller to request a property change to the domain object. The cmdlets below are Windows Server Active Directory PowerShell cmdlets, not Azure PowerShell cmdlets. Because of this, these PowerShell commands must be run from a client machine that's domain-joined to the Microsoft Entra Domain Services domain. > [!IMPORTANT] > The Windows Server Active Directory PowerShell cmdlets in this section must be run in Windows PowerShell 5.1 from a client machine that's domain-joined to the Microsoft Entra Domain Services domain. PowerShell 7.x and Azure Cloud Shell won't work in this scenario. Log in to the domain-joined client machine as a Microsoft Entra Domain Services user with the required permissions. You must have write access to the `msDS-SupportedEncryptionTypes` attribute of the domain object. Typically, members of the **AAD DC Administrators** group will have the necessary permissions. Open a normal (non-elevated) PowerShell session and execute the following commands.