You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/storage/files/storage-files-identity-auth-hybrid-identities-enable.md
+7-10Lines changed: 7 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ description: Learn how to enable identity-based Kerberos authentication for hybr
4
4
author: khdownie
5
5
ms.service: azure-file-storage
6
6
ms.topic: how-to
7
-
ms.date: 05/09/2024
7
+
ms.date: 08/19/2024
8
8
ms.author: kendownie
9
9
ms.custom: engagement-fy23
10
10
recommendations: false
@@ -144,15 +144,12 @@ After enabling Microsoft Entra Kerberos authentication, you'll need to explicitl
144
144
You can configure the API permissions from the [Azure portal](https://portal.azure.com) by following these steps:
145
145
146
146
1. Open **Microsoft Entra ID**.
147
-
2. Select **App registrations** on the left pane.
148
-
3. Select **All Applications**.
149
-
150
-
:::image type="content" source="media/storage-files-identity-auth-hybrid-identities-enable/azure-portal-azuread-app-registrations.png" alt-text="Screenshot of the Azure portal. Microsoft Entra ID is open. App registrations is selected in the left pane. All applications is highlighted in the right pane." lightbox="media/storage-files-identity-auth-hybrid-identities-enable/azure-portal-azuread-app-registrations.png":::
151
-
152
-
4. Select the application with the name matching **[Storage Account]`<your-storage-account-name>`.file.core.windows.net**.
153
-
5. Select **API permissions** in the left pane.
154
-
6. Select **Grant admin consent for [Directory Name]** to grant consent for the three requested API permissions (openid, profile, and User.Read) for all accounts in the directory.
155
-
7. Select **Yes** to confirm.
147
+
1. In the service menu, under **Manage**, select **App registrations**.
148
+
1. Select **All Applications**.
149
+
1. Select the application with the name matching **[Storage Account]`<your-storage-account-name>`.file.core.windows.net**.
150
+
1. In the service menu, under **Manage**, select **API permissions**.
151
+
1. Select **Grant admin consent for [Directory Name]** to grant consent for the three requested API permissions (openid, profile, and User.Read) for all accounts in the directory.
152
+
1. Select **Yes** to confirm.
156
153
157
154
> [!IMPORTANT]
158
155
> If you're connecting to a storage account via a private endpoint/private link using Microsoft Entra Kerberos authentication, you'll also need to add the private link FQDN to the storage account's Microsoft Entra application. For instructions, see the entry in our [troubleshooting guide](/troubleshoot/azure/azure-storage/files-troubleshoot-smb-authentication?toc=/azure/storage/files/toc.json#error-1326---the-username-or-password-is-incorrect-when-using-private-link).
0 commit comments