Long time reader. First time poster!
Im a sysadmin at a small company. We utilize Azure + Office 365 and use a cloud-first approach. All Windows 10 PCs are Azure AD joined (we have no local AD).
We have a Windows Server 2016 running a file share on-premises. I have setup Azure Active Directory Domain Services (AAD DS) and joined this server to AAD DS. This enables me to assign cloud users on file shares.
My problem is that users cannot use single-sign-on (SSO) to access this network share. They have to re-type the username and password (and save it in Credential Manager to persist) when accessing the network drive. It appears that no kerberos ticket is given by Azure AD to the windows 10 PCs.
How can i solve this? I want users to simply type \\server\share and avoid typing user/password.
Is it really not possible to use Azure AD today without a local AD and get a good SSO-experience to local file shares?
Thanks!