Skip to content

Commit b3396be

Browse files
MaximeKjaerMaximeKjaer
authored
Update storage-files-identity-auth-hybrid-cloud-trust.md
Follow up to #313355 Adding this to the cloud trust page too, in addition to the regular flow.
1 parent d8639a9 commit b3396be

1 file changed

Lines changed: 1 addition & 0 deletions

File tree

articles/storage/files/storage-files-identity-auth-hybrid-cloud-trust.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,7 @@ Before implementing the incoming trust-based authentication flow, make sure that
4949
| An Azure subscription under the same Entra tenant you plan to use for authentication. | |
5050
| An Azure storage account in the Azure subscription. | An Azure storage account is a resource that acts as a container for grouping all the data services from Azure Storage, including files. |
5151
| [Microsoft Entra Connect Sync](/entra/identity/hybrid/connect/how-to-connect-sync-whatis) or [Microsoft Entra Cloud Sync](/entra/identity/hybrid/cloud-sync/what-is-cloud-sync) must be installed. | These solutions are used in [hybrid environments](/entra/identity/hybrid/whatis-hybrid-identity) where identities exist both in Microsoft Entra ID and on-premises AD DS. |
52+
| If you have [application management policies](/entra/identity/enterprise-apps/configure-app-management-policies), they must allow symmetric key addition on service principals for 366 days or more. | If your policies do not allow this, you will need to [adjust the policy](/entra/identity/enterprise-apps/configure-app-management-policies#enable-a-restriction-for-all-applications) or [grant an exception](/entra/identity/enterprise-apps/configure-app-management-policies#grant-an-exception-to-a-user-or-service) for the "Storage Resource Provider" service (app ID `a6aa9161-5291-40bb-8c5c-923b567bee3b`). If using the [Entra Admin Center](https://aka.ms/app-mgmt-policy-ux), these policies are defined in the "Block password addition" and "Restrict max password lifetime" settings. If using the [Graph API](/graph/api/resources/tenantappmanagementpolicy), these policies are defined in `symmetricKeyAddition` and `symmetricKeyLifetime` restrictions on `servicePrincipalRestrictions.passwordCredentials`. |
5253

5354
## Enable Microsoft Entra Kerberos authentication
5455

0 commit comments

Comments
 (0)