Your network contains an on-premises Active Directory forest named contoso.com. The forest is synced to an Azure Active Directory (Azure AD) tenant named contoso.com and an Azure AD Domain Services (Azure AD DS) domain named contoso-aad.com.
You have an Azure Storage account named Storage1 that contains a file share named Share1.
You configure NTFS permissions on Share1. You plan to deploy a virtual machine that will be used by several users to access Share1.
You need to ensure that the users can access Share1.
Which type virtual machine should you deploy?
Click on the arrows to vote for the correct answer
A. B. C. D.D
You join the Windows Server virtual machine to the Azure AD DS-managed domain, here named contoso-aad.com.
Note: Azure Files supports identity-based authentication over SMB (Server Message Block) (preview) through Azure Active Directory (Azure AD) Domain
Services. Your domain-joined Windows virtual machines (VMs) can access Azure file shares using Azure AD credentials.
Incorrect Answers:
B, C: Azure AD authentication over SMB is not supported for Linux VMs for the preview release. Only Windows Server VMs are supported.
https://docs.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-enable#mount-a-file-share-from-a-domain-joined-vmBased on the scenario provided, you have an on-premises Active Directory forest named contoso.com, which is synced to an Azure AD tenant named contoso.com and an Azure AD Domain Services (Azure AD DS) domain named contoso-aad.com. Additionally, you have an Azure Storage account named Storage1 that contains a file share named Share1, and you have configured NTFS permissions on Share1.
To allow users to access Share1, you need to ensure that the virtual machine you deploy can authenticate with the appropriate domain and have the necessary permissions to access Share1. Let's go through the options:
Option A: Deploy a virtual machine that runs Windows Server 2016 and is joined to the contoso.com domain. This option would allow the virtual machine to authenticate with the on-premises Active Directory forest and access Share1 using the configured NTFS permissions. However, this option does not account for the Azure AD tenant or Azure AD DS domain, which means the virtual machine would not be able to use any Azure AD-based services or features.
Option B: Deploy a virtual machine that runs Windows 10 and is joined to the contoso-add.com domain. This option would allow the virtual machine to authenticate with the Azure AD tenant and access Share1 using the configured NTFS permissions. However, this option does not account for the Azure AD DS domain, which means the virtual machine would not be able to use any services or features that require Azure AD DS.
Option C: Deploy a virtual machine that runs Windows 10 and is hybrid Azure AD joined to the contoso.com domain. This option would allow the virtual machine to authenticate with both the on-premises Active Directory forest and the Azure AD tenant, as well as leverage Azure AD DS services, as it is hybrid Azure AD joined to the contoso.com domain. This means the virtual machine would be able to use both on-premises and cloud-based services and features, including accessing Share1 using the configured NTFS permissions.
Option D: Deploy an Azure virtual machine that runs Windows Server 2016 and is joined to the contoso-add.com domain. This option is similar to Option B, as it would allow the virtual machine to authenticate with the Azure AD tenant and access Share1 using the configured NTFS permissions. However, this option does not account for the on-premises Active Directory forest or Azure AD DS domain, which means the virtual machine would not be able to use any on-premises or Azure AD DS-based services or features.
Therefore, the best option for this scenario is Option C: deploy a virtual machine that runs Windows 10 and is hybrid Azure AD joined to the contoso.com domain. This option provides the most comprehensive authentication and access options, enabling the virtual machine to use both on-premises and cloud-based services and features.