Skip to content

Commit 154b152

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #210913 from khdownie/kendownie091222
added warning
2 parents bce9e41 + 1e760b0 commit 154b152

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

articles/storage/files/storage-files-identity-auth-azure-active-directory-enable.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -87,6 +87,9 @@ To enable Azure AD Kerberos authentication on Azure Files for hybrid user accoun
8787

8888
## Grant admin consent to the new service principal
8989

90+
> [!WARNING]
91+
> If you've previously enabled Azure AD Kerberos authentication through manual limited preview steps to store FSLogix profiles on Azure Files for Azure AD-joined VMs, the password for the storage account's service principal is set to expire every six months. Once the password expires, users won't be able to get Kerberos tickets to the file share. To mitigate this, see "Error - Service principal password has expired in Azure AD" under [Potential errors when enabling Azure AD Kerberos authentication for hybrid users](storage-troubleshoot-windows-file-connection-problems.md#potential-errors-when-enabling-azure-ad-kerberos-authentication-for-hybrid-users).
92+
9093
After enabling Azure AD Kerberos authentication, you'll need to explicitly grant admin consent to the new Azure AD application registered in your Azure AD tenant to complete your configuration. You can configure the API permissions from the [Azure portal](https://portal.azure.com) by following these steps:
9194

9295
1. Open **Azure Active Directory**.
@@ -152,6 +155,7 @@ If you want to use another authentication method, you can disable Azure AD authe
152155

153156
For more information, see these resources:
154157

158+
- [Potential errors when enabling Azure AD Kerberos authentication for hybrid users](storage-troubleshoot-windows-file-connection-problems.md#potential-errors-when-enabling-azure-ad-kerberos-authentication-for-hybrid-users)
155159
- [Overview of Azure Files identity-based authentication support for SMB access](storage-files-active-directory-overview.md)
156160
- [Enable AD DS authentication to Azure file shares](storage-files-identity-ad-ds-enable.md)
157161
- [Create a profile container with Azure Files and Azure Active Directory (preview)](../../virtual-desktop/create-profile-container-azure-ad.md)

0 commit comments

Comments
 (0)