deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 13:23:36 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update hello-hybrid-aadj-sso-cert.md

Browse Source
This commit is contained in:
MaratMussabekov
2021-04-25 23:14:23 +05:00
committed by GitHub
parent f7d1ea21d2
commit 0ef901195f
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
View File

@ -679,6 +679,11 @@ Sign-in a workstation with access equivalent to a _domain user_.
10. Select **Enroll to Windows Hello for Business, otherwise fail (Windows 10 and later)** from the **Key storage provider (KSP)** list.
11. Next to **Subject name format**, type **CN={{OnPrem_Distinguished_Name}}** to make the on-premises distinguished name the subject of the issued certificate.
> [!Note]
> If the distinguished names contain scpecial characters ("+", ",", ";" or "="), put quotation marks: CN=”{{OnPrem_Distinguished_Name}}”.
> If the distinguished names length is more than 64 characters, name length enforcement on the Certification Authority [must be disabled](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2003/cc784789(v=ws.10)?#disable-dn-length-enforcement)
12. Specify **User Principal Name (UPN)** as a **Subject Alternative Name** parameter. Set its value as {{UserPrincipalName}}.
13. Refer to the "Configure Certificate Templates on NDES" task for how you configured the **AADJ WHFB Authentication** certificate template in the registry. Select the appropriate combination of key usages from the **Key Usages** list that map to the configured NDES template in the registry. In this example, the **AADJ WHFB Authentication** certificate template was added to the **SignatureTemplate** registry value name. The **Key usage** that maps to that registry value name is **Digital Signature**.
14. Select a previously configured **Trusted certificate** profile that matches the root certificate of the issuing certificate authority as a root certificate for the profile.
@ -712,4 +717,4 @@ You have successfully completed the configuration. Add users that need to enrol
> * Install and Configure the NDES Role
> * Configure Network Device Enrollment Services to work with Microsoft Intune
> * Download, Install, and Configure the Intune Certificate Connector
> * Create and Assign a Simple Certificate Enrollment Protocol (SCEP Certificate Profile)
> * Create and Assign a Simple Certificate Enrollment Protocol (SCEP Certificate Profile)