Forum Discussion
Azure Virtual Desktop(AVD) - Enable Cloud Kerberos for storage accounts question
I need to enable Cloud Kerberos for storage accounts used for AVD host pool. I am thinking of following the following instruction. Is that correct steps and is that all that is required?:- After ena...
Your proposed steps are generally consistent with the process for enabling Cloud Kerberos (AADKERB) authentication on Azure Virtual Desktop storage accounts. However, Microsoft’s official guidance underscores two critical requirements:
- Configuration of Microsoft Entra Kerberos authentication must be explicitly enabled on the storage account.
- Appropriate Microsoft Graph API permissions must be granted to the AADKERB service principal, including openid, profile, and User.Read.
https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-hybrid-identities-enable?tabs=azure-portal%2Cintune
https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-hybrid-cloud-trust?tabs=azure-portal
https://learn.microsoft.com/en-us/answers/questions/5822457/azure-virtual-desktop(avd)-enable-cloud-kerberos-f