Saturday 23 March 2019

Using cloud identities to access local resources

When considering the move towards a cloud (SaaS) based solution one irritating problem always remains - local file shares.

The concept of data sharing from a local server has been around for so long it’s hard to recall a time when it wasn’t possible and for organisations attempting to shift resources to the cloud it creates a real challenge.

Anybody following Microsoft roadmap towards a modern subscription service will have noted some limitations when dealing with local resources  If I take a Windows 10 laptop and place it under management with Azure Domain join and InTune I have a fully functioning device that works brilliantly within the context of modern web based services using authentication mechanisms like SAML but when I ask my cloud based Office 365 account to access a local file share or send to a printer that is protected by a local AD account and a Kerberos token things don’t work so well.

However a recent announcement on the Microsoft forums may have made things a little easier.


Any Windows 10 device that is Azure Active Directory joined can now access local resources so long as they are running Azure AD Connect to provide the link between the two account systems. No other software (ADFS) or configuration is required as the magic is baked directly into Windows 10. Although the post references Office 365 for Business I’m assured that the feature does extend into the education offerings.

The requirement to run Azure AD Connect is unlikely to be much of a barrier. Most schools using Office 365 already use Azure AD Connect to push account information out from Active Directory. This means schools can start to adopt modern management practices and transition data into OneDrive and Teams while continuing to use SMB shares until the day when last server is turned off. Hopefully that day will come very soon.

Of course clients need to be running Windows 10 and the latest version of Azure AD Connect but with the end-of-support date for Windows 7 under a year away this is an issue schools are facing anyway. This welcome feature just gives them one more reason to make the move.