question

DanPorter-3259 avatar image
0 Votes"
DanPorter-3259 asked ·

Secure on-premises resources with simalar technology to Azure AD Conditional Access

Currently working with a client who are looking at introducing the Microsoft Managed Desktop service (so devices are AAD joined), we have some requirements for on-premises infrastructure so there will be a small AD DS environment, file print etc.

The client has some data classifications that can't be stored in the cloud due to geo-restrictions and so will be utilizing some on-premises shares.

Is there a technology set that will allow us to translate Conditional Access policies defined in Azure down to shares on a local Windows Server (or HP Nimble)?

The estate will be greenfield other than the use of HP Nimble, design principle is Microsoft First to make use of M365 E5.

azure-ad-domain-servicesazure-ad-authenticationazure-ad-conditional-accessazure-ad-device-management
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

shashishailaj avatar image
0 Votes"
shashishailaj answered ·

Hello @DanPorter-3259 ,


You have mentioned that you are going to setup file , print server on-premise with a small Active Directory environment . The file and print server on-premise use Kerberos and NTLM as a authentication protocol. Conditional access depends on many components in Azure and is dependent on oAuth protocol on which Azure Identity system is based which on-premise AD does not support out of the box. As far as I know there is no way to translate conditional access policies defined in Azure to apply during file share access. Any request to map the share by any user will always use NLTM/kerberos protocol which will go to the local domain controller for authentication and there is no native way to translate this NTML/Kerb to Oauth and send to azure for authentication/authorization.


Hope the information helps. In case you have any further queries , please let us know and we will be happy to help . If the provided information is useful , please do accept the post as answer so that its helpful to others in the community.


Thank you.


·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.