Enable secure access to all your private on-prem and cloud resources, beyond what you can do with traditional VPNs, with Microsoft Entra Private Access, part of Microsoft’s Security Service Edge solu...
Published Dec 07, 2023
Version 1.0
Blog Post
9 MIN READ
Microsoft Entra Private Access protections for on-premises & private cloud network resources
Just testing today with Private Access to file share, with Entra Joined Device with Windows Hello for Business configured.
I am also unable to connect to the file share, access denied.
- Trying to connect, seems to be taking 20 a 30 seconds.
- Popup with PIN code
- Access Denied
- Did commandline klist, don't see a Kerberos Ticket.
We already tested Azure VPN Gateway with Entra Joined Devices, we configured:
- Microsoft Entra Kerberos is enabled in an Active Directory domain, an AzureADKerberos computer object is created in the domain.
- Deployed via Intune the Cloud Kerberos Trust Policy.
This configuration is working with a active VPN connection, we have SSO to on-premises File Shares.
So we know we have configured the file shares correctly, this is not the problem with "Private Access".
I think Maarten_H81 and Florian_Obradovic are correct, I am missing connectivity to the Domain Controller for getting a Kerberos Ticket, correct?
- Do I have also to install the Connector software on a Domain Controller? (now only installed on a File Server)
- What traffic do I have to configure for the Domain Controller to get a kerberos ticket for access to the File Server?