As you know you can use either NTLM and/or Kerberos when authenticating against Active Directory and authentication against Azure AD is using OAuth or SAML.
Well, you can now also use Kerberos to authenticate against Azure AD, in the current scenario to access Azure File shares configured to use Azure AD authentication.
To be able to use Kerberos to authenticate against Azure AD you need to implement the following:
- Use an Active Directory synchronized to Azure AD with Azure AD Connect as you can only use Kerberos when the user object exist in both on-premises Active Directory and Azure AD
- The device must be either Azure AD or Hybrid joined; registered devices will not be able to use Kerberos
- Run Windows 10 Insider Build 21304
Then you need to implement this specific Group Policy settings for Hybrid devices
Path: Computer Configuration\Policies\Administrative Templates\System\Kerberos
Setting: Allow retrieving the cloud kerberos ticket during the logon
Value: Enabled
or the following registry key for Azure AD Joined devices
Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Key: CloudKerberosTicketRetrievalEnabled
Type: DWORD
Value: 1