Merge pull request #209968 from khdownie/kendownie090122-2

adjusting client methods

Author: prmerger-automator[bot]

articles/storage/files/storage-files-identity-auth-azure-active-directory-enable.md

@@ -124,11 +124,15 @@ To configure directory and file level permissions through Windows File explorer,
 
 To configure directory and file-level permissions, follow the instructions in [Configure directory and file-level permissions over SMB](storage-files-identity-ad-ds-configure-permissions.md).
 
-## Configure the clients by setting group policy
+## Configure the clients
 
-Enable the Azure AD Kerberos functionality on the client machine(s) you want to mount/use Azure File shares from by configuring this group policy on every client on which Azure Files will be used.
+Enable the Azure AD Kerberos functionality on the client machine(s) you want to mount/use Azure File shares from. You must do this on every client on which Azure Files will be used.
 
-`Administrative Templates\System\Kerberos\Allow retrieving the Azure AD Kerberos Ticket Granting Ticket during logon`
+Use one of the following three methods:
+
+- Configure this Intune [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider) and apply it to the session host: [Kerberos/CloudKerberosTicketRetrievalEnabled](/windows/client-management/mdm/policy-csp-kerberos#kerberos-cloudkerberosticketretrievalenabled)
+- Configure this Group policy on the session host: `Administrative Templates\System\Kerberos\Allow retrieving the Azure AD Kerberos Ticket Granting Ticket during logon`
+- Create the following registry value on the session host: `reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters /v CloudKerberosTicketRetrievalEnabled /t REG_DWORD /d 1`
 
 ## Disable Azure AD authentication on your storage account