Document Details
Storage Files Identity Auth Hybrid Identities Enable
❌
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Bias Types:
⚠️
windows_first
⚠️
missing_linux_example
⚠️
windows_tools
⚠️
powershell_heavy
Summary:
The documentation is heavily oriented toward Windows environments. All operating system prerequisites, configuration steps, and client instructions are specific to Windows (Windows 10/11, Windows Server). Only Windows tools and patterns are described (PowerShell, Group Policy, Intune, Registry, ksetup, Windows File Explorer, icacls), and there are no examples or guidance for Linux or macOS clients. The documentation does not mention or address how to use Microsoft Entra Kerberos authentication for Azure Files from non-Windows platforms, nor does it clarify if such scenarios are unsupported.
Recommendations:
- Explicitly state whether Linux and macOS clients are supported or unsupported for Microsoft Entra Kerberos authentication with Azure Files.
- If Linux/macOS support exists or is planned, provide equivalent configuration and usage instructions for those platforms (e.g., using smbclient, mount.cifs, krb5.conf configuration, kinit, etc.).
- If only Windows is supported, add a clear note at the top of the documentation to inform users of this limitation.
- Where possible, provide cross-platform examples for Azure CLI and other tools, or clarify any OS-specific differences.
- Consider including a section on interoperability, outlining what is and isn't possible from non-Windows clients.
Create pull request
Scan History
| Date | Scan ID | Status | Bias Status |
|---|---|---|---|
| 2025-09-06 00:00 | #103 | completed | ✅ Clean |
| 2025-08-19 00:01 | #85 | completed | ✅ Clean |
| 2025-07-13 21:37 | #48 | completed | ✅ Clean |
| 2025-07-12 23:44 | #41 | in_progress | ❌ Biased |
Flagged Code Snippets
reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters /v CloudKerberosTicketRetrievalEnabled /t REG_DWORD /d 1
Set-AzStorageAccount -ResourceGroupName <resourceGroupName> -StorageAccountName <storageAccountName> -EnableAzureActiveDirectoryKerberosForFile $true
$domainInformation = Get-ADDomain
$domainGuid = $domainInformation.ObjectGUID.ToString()
$domainName = $domainInformation.DnsRoot
Set-AzStorageAccount -ResourceGroupName <resourceGroupName> -StorageAccountName <storageAccountName> -EnableAzureActiveDirectoryKerberosForFile $true -ActiveDirectoryDomainName $domainName -ActiveDirectoryDomainGuid $domainGuid
az storage account update --name <storageaccountname> --resource-group <resourcegroupname> --enable-files-aadkerb true
$domainInformation = Get-ADDomain
$domainGuid = $domainInformation.ObjectGUID.ToString()
$domainName = $domainInformation.DnsRoot
az storage account update --name <storageAccountName> --resource-group <resourceGroupName> --enable-files-aadkerb true --domain-name <domainName> --domain-guid <domainGuid>
ksetup /addhosttorealmmap <hostname> <REALMNAME>
reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters /v CloudKerberosTicketRetrievalEnabled /t REG_DWORD /d 0
ksetup /delhosttorealmmap <hostname> <realmname>
Set-AzStorageAccount -ResourceGroupName <resourceGroupName> -StorageAccountName <storageAccountName> -EnableAzureActiveDirectoryKerberosForFile $false