> And yes, using my Microsoft Account gets me pretty easy access to my NAS. I just grant permissions to MicrosoftAccount\me@hotmail.com and I get permissions. I just set it to MicrosoftAccount\my_wife@outlook.com and it works. I just grant it to MicrosoftAccount\my_friend@gmail.com (Microsoft accounts can be tied to any email) and it works.
What NAS, exactly? And how does it handle non-Windows clients?
What you're describing doesn't seem to be something that eg. run of the mill Samba offers, and it's something that Microsoft seems to be changing with every major version of Windows.
> Save for getting access at different locations where there's no VPN connectivity between.
A small low power x86 Windows box. Used to be an older gaming PC, swapped for a lower power CPU with integrated graphics. Runs storage for an array, VMs, containers, video transcoding, etc.
Non-Windows clients can also log in with local accounts or with that same MicrosoftAccount realm login username/password. I've used some Pi's and other Linux boxes mounted that way in the past.
But it seems like it's decently well supported in Samba to auth like this though. I'm not sure what happens when their Microsoft account password changes though.
Getting access to the LDAP server to handle auth. If I hop on my friend's spare computer at his house, how is it going to reach out to my LDAP server at home?
Same thing when I'm hopping on my dad's computer, or if he wants to use mine when he's visiting. This way we can just use our own logins and have access to our own files, resources, settings, etc. Regardless of whatever computer we're using. If I want him to copy his recent trip photos to the archive when.he comes over he can drag and drop them into the network share on the NAS with his own credentials on his own computer, as I've granted his Microsoft account access to write to the family photos. He doesn't need to remember his password to my NAS, his desktop login is his auth. Same when I'm at a friend's house and on his computer. I just want to pull some big file off my laptop over the network, I can just open up my shares on my laptop and grab whatever. I don't need a separate login to manage.
There's so much stuff that's just so smooth and seamless using an external, managed, widely shared IdP to handle identity management. Some negatives and risks, no doubt. But to me, it's a worthwhile trade off given how easy it makes these kinds of workflows I encounter daily.
What NAS, exactly? And how does it handle non-Windows clients?
What you're describing doesn't seem to be something that eg. run of the mill Samba offers, and it's something that Microsoft seems to be changing with every major version of Windows.
> Save for getting access at different locations where there's no VPN connectivity between.
Getting access to what?