AzureAD and shares
-
A friend of mine started a company a few years ago. Someone convinced him to get the full O365 with AzureAD. He has a handful of employees and sharing files on the LAN is painful. Their PCs are not "joined" to AzureAD but their user accounts reflect this. Should they be joined? I don't use Azure and am trying to give him some pointers. What should I recommend to him?
-
Well, without knowing more....
- They could move away from AzureAD
- They could join AzureAD and tie a SMB share to that (weird)
- They could use the O365 method and store files in Sharepoint or OneDrive
-
How are they trying to share files on the LAN? What infrastructure do they have for that?
-
The biggest problem it that the "network" was set up as a default 'workgroup' on all the Win10 machines. They sign in with MS accounts and have a few shares set up on a workstation for general office files. They have to set the shares up with "everyone" and read/write for the permissions but have so much trouble accessing things. You can't use their MS account to give permissions because the workstations are not aware of the AzureAD account.
They have tried OneDrive and had a ton of issues with files being deleted or moved. I think using OneDrive as a "server" violates the TOS too. The entire setup is so convoluted. They don't even know how they set it up. When they did use OneDrive, they still shared the OneDrive folders on the LAN and browsed them locally.
-
Sounds like a kick in the butt for lack of planning. Do they use Azure Ad for anything besides signing into their Win10 computers?
If not you are better off managing local user accounts, shares, and access with SaltStack and a Linux file server.
Without knowing more OC
-
@brandon220 said in AzureAD and shares:
sharing files on the LAN is painful
That should be the easiest part of a cloud solution. LAN shouldn't even be a thought here. That doesn't make any sense and negates the benefit of using azure and 0365.
-
They only use the MS accounts to sign in to the PCs (most by using a pin) and for Outlook. They have no idea what the directory is or what it is for. They want "cloud" access but LAN access too.
-
@brandon220 said in AzureAD and shares:
. Their PCs are not "joined" to AzureAD but their user accounts reflect this. Should they be joined?
He might not "need" this. Because his SaaS apps and azure VMs can connect to Azure AD itself. In a full cloud environment there may be little reason to have PCs domain joined. Especially if you aren't storing anything locally.
You could just blow away PC if there is even the slightest of any issue. Also, you could utilize Linux , Chrome OS , or Mac in your environment with ease.
You can also use Microsoft Intune to control Windows and Mac to a certain extent.
-
@brandon220 said in AzureAD and shares:
They want "cloud" access but LAN access too.
Cloud access to what? Län access to what?
-
Move everything to Sharepoint or OneDrive for Business. That would make the most sense in this case.
-
"Cloud" access to them is being able to access files in the browser. They also want to access the same files and folders locally on the LAN. Trying to pick my battles.
-
@brandon220 said in AzureAD and shares:
"Cloud" access to them is being able to access files in the browser. They also want to access the same files and folders locally on the LAN. Trying to pick my battles.
OneDrive for Business... if they are already using AzureAD they probably already have a license for it.
-
@coliver They tried OneDrive and had a ton of trouble. They were constantly calling MS support to recover folders and files that were deleted in the middle of the night, when nobody was at their office. Folders were moved into random places.
It is VERY possible that it was user error on each occasion but the logs did not reflect that. They lost a ton of files too that had to be recovered from a backup. I will say that I have read about other occasions with similar results.
Isn't there a 1Tb limit on OneDrive? They are trying to use a single OneDrive account as a "file server".
-
@brandon220 said in AzureAD and shares:
"Cloud" access to them is being able to access files in the browser. They also want to access the same files and folders locally on the LAN. Trying to pick my battles.
What kind of files and purposes?
ODFB is rarely the needed or correct solution to ideas like that.
-
@brandon220 said in AzureAD and shares:
"Cloud" access to them is being able to access files in the browser. They also want to access the same files and folders locally on the LAN. Trying to pick my battles.
So don't call it cloud, since it isn't anyway.
-
@brandon220 said in AzureAD and shares:
Isn't there a 1Tb limit on OneDrive? They are trying to use a single OneDrive account as a "file server".
That is why they dont know who is deleting shit. Everyone has permission to delete all files...
-
@brandon220 said in AzureAD and shares:
@coliver They tried OneDrive and had a ton of trouble. They were constantly calling MS support to recover folders and files that were deleted in the middle of the night, when nobody was at their office. Folders were moved into random places.
It is VERY possible that it was user error on each occasion but the logs did not reflect that. They lost a ton of files too that had to be recovered from a backup. I will say that I have read about other occasions with similar results.
If they are using a single OD account, the logs aren't very helpful.
-
@Obsolesce Scenario is this:
Field techs use analyzers that collect monitoring data. They "sync" the data back to the main office. Each folder is a different job. There is a piece of custom software that takes that data and generates a report. Think of it as a large number of .dat files or raw data files.
They also store the reports that are generated as .pdf documents and have a large number of MS Office documents. It is less than 2 Tb total but the management is a pain point.I added access points and configured a switch for them.... Now I'm getting pulled into a mess that has been pieced together over the years.
-
@scottalanmiller I know. It's hard to break people of bad habits.
-
@IRJ That is exactly the reason they cannot pinpoint all the anomalies to a specific user.
