Unable to mount file share if vm is hybrid joined (AD authentication)

Question

I have the following setup:

Azure Virtual Machine Hybrid joined (On-Prem AD, AAD joined)

• Access by Host Pool assigned to the AAD user identities
• If I leave from AAD, it requires domain\username + password when launching the desktop (fileshare mount works)
• If its hybrid joined no further authentication is required (mount not working)

Storage account On-prem authentication enabled My issue is that if the machine is hybrid joined, I'm not able to access the file share with AD authentication. It says "Can't find fileshare xxx Check spelling"

If I leave the AAD and only keep the machine into the on-prem AD the access is working smoothly. We have a requirement that requires the AD authentication, but also the hybrid join to have access to some O365 applications etc. Otherwise I would just go for the on-prem join, but that's not possible.

I guess that Windows is not using the AD credentials when trying to access the share if its hybrid joined?

What am I doing wrong?

• If the machine is only joined to on-prem AD its working
• If its hybrid joined its not working

Answer 1

I have found the issue and solved it by adding the host to realm.

https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-hybrid-identities-enable?tabs=azure-portal#configure-coexistence-with-storage-accounts-using-on-premises-ad-ds

ksetup /addhosttorealmmap <your storage account name>.file.core.windows.net DOMAIN