UNC Path to AAD Joined Device

%3CLINGO-SUB%20id%3D%22lingo-sub-280637%22%20slang%3D%22en-US%22%3EUNC%20Path%20to%20AAD%20Joined%20Device%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-280637%22%20slang%3D%22en-US%22%3E%3CP%3EI%20need%20to%20know%20how%20to%20access%20a%20purely%20AAD%20joined%20device%20via%20the%20unc%20path%20such%20as%3A%3C%2FP%3E%3CP%3E%5C%5Ctestpc%5Cc%24%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20device%20is%20only%20my%20local%20network%2C%20not%20the%20Internet%20at%20the%20time%20of%20this%20testing.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20get%20prompted%20for%20the%20credentials%20and%20I%20have%20tried%20the%20following%3C%2FP%3E%3CP%3EAzureAD%5Cname%40something.com%3C%2FP%3E%3CP%3Eor%3C%2FP%3E%3CP%3Ename%40something.com%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20only%20thing%20that%20seems%20to%20work%20is%20if%20I%20use%20a%20local%20computer%20account%3A%3C%2FP%3E%3CP%3Etestpc%5Ctestadmin%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20way%20to%20access%20via%20the%20azure%20credentials%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-280637%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-280714%22%20slang%3D%22en-US%22%3ERe%3A%20UNC%20Path%20to%20AAD%20Joined%20Device%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-280714%22%20slang%3D%22en-US%22%3ESo%20you're%20trying%20to%20use%20the%20users%20login%20remote%3F%20Users%20by%20default%20are%20not%20added%20to%20local%20admin%20group%20unless%20they%20were%20the%20ones%20that%20Joined%20to%20azuread.%20Anyway%2C%20is%20the%20user%20cloud%20only%20or%20synced%20to%20your%20local%20domain%3F%20If%20synced%20try%20with%20domain%5Cusername%20format%20assuming%20that%20user%20is%20global%20admin%20%2F%20device%20admin%20%2F%20local%20admin.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-280709%22%20slang%3D%22en-US%22%3ERe%3A%20UNC%20Path%20to%20AAD%20Joined%20Device%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-280709%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20trying%20to%20access%20the%20AAD%20device%20with%20the%20same%20credentials%20as%20an%20Azure%20user%20that%20is%20an%20local%20admin%20on%20the%20machine.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-280691%22%20slang%3D%22en-US%22%3ERe%3A%20UNC%20Path%20to%20AAD%20Joined%20Device%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-280691%22%20slang%3D%22en-US%22%3E%3CP%3EPurely%20AAD%20joined%20device%20will%20not%20be%20able%20to%20access%20any%20network%20resources%2C%20as%20other%20machines%20on%20the%20network%20have%20no%20notion%20of%20the%20account%20used.%20This%20scenario%20will%20only%20work%20for%20Hybrid%20AAD%20Join%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevices%2Fhybrid-azuread-join-manual-steps%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevices%2Fhybrid-azuread-join-manual-steps%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-280655%22%20slang%3D%22en-US%22%3ERe%3A%20UNC%20Path%20to%20AAD%20Joined%20Device%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-280655%22%20slang%3D%22en-US%22%3E%3CP%3EAre%20you%20a%20global%20admin%3F%20According%20to%20this%2C%20you%20have%20to%20be%20or%20manually%20added%20to%20device%20admin%20role%20in%20order%20to%20automatically%20be%20added%20to%20the%20local%20machine%20administrator%20group.%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevices%2Fassign-local-admin%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevices%2Fassign-local-admin%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3EAlso%20if%20you%20users%20are%20synced%20with%20local%20AD%20to%20azure%20you%20need%20to%20use%20domain%5Cusername%20format.%20Otherwise%20it's%20AzureAD%5C%20as%20you%20tried%20if%20they%20are%20cloud%20only.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

I need to know how to access a purely AAD joined device via the unc path such as:

\\testpc\c$

 

The device is only my local network, not the Internet at the time of this testing.

 

I get prompted for the credentials and I have tried the following

AzureAD\name@something.com

or

name@something.com

 

The only thing that seems to work is if I use a local computer account:

testpc\testadmin

 

Is there a way to access via the azure credentials?

4 Replies
Highlighted

Are you a global admin? According to this, you have to be or manually added to device admin role in order to automatically be added to the local machine administrator group.
https://docs.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin

Also if you users are synced with local AD to azure you need to use domain\username format. Otherwise it's AzureAD\ as you tried if they are cloud only. 

 

 

Highlighted

Purely AAD joined device will not be able to access any network resources, as other machines on the network have no notion of the account used. This scenario will only work for Hybrid AAD Join: https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-manual-steps

Highlighted

I am trying to access the AAD device with the same credentials as an Azure user that is an local admin on the machine.

Highlighted
So you're trying to use the users login remote? Users by default are not added to local admin group unless they were the ones that Joined to azuread. Anyway, is the user cloud only or synced to your local domain? If synced try with domain\username format assuming that user is global admin / device admin / local admin.