Forum Discussion
Azure Virtual Desktop(AVD) - Enable Cloud Kerberos for storage accounts question
Your proposed steps are generally consistent with the process for enabling Cloud Kerberos (AADKERB) authentication on Azure Virtual Desktop storage accounts. However, Microsoft’s official guidance underscores two critical requirements:
- Configuration of Microsoft Entra Kerberos authentication must be explicitly enabled on the storage account.
- Appropriate Microsoft Graph API permissions must be granted to the AADKERB service principal, including openid, profile, and User.Read.
https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-hybrid-identities-enable?tabs=azure-portal%2Cintune
https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-hybrid-cloud-trust?tabs=azure-portal
https://learn.microsoft.com/en-us/answers/questions/5822457/azure-virtual-desktop(avd)-enable-cloud-kerberos-f
Your proposed steps are generally consistent with the process for enabling Cloud Kerberos (AADKERB) authentication on Azure Virtual Desktop storage accounts. However, Microsoft’s official guidance underscores two critical requirements:
- Configuration of Microsoft Entra Kerberos authentication must be explicitly enabled on the storage account.
- Appropriate Microsoft Graph API permissions must be granted to the AADKERB service principal, including openid, profile, and User.Read.
https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-hybrid-identities-enable?tabs=azure-portal%2Cintune
https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-hybrid-cloud-trust?tabs=azure-portal
https://learn.microsoft.com/en-us/answers/questions/5822457/azure-virtual-desktop(avd)-enable-cloud-kerberos-f