deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-20 17:27:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'main' into patch-2

Browse Source
This commit is contained in:
Angela Fleischmann 2022-09-08 15:37:15 -06:00 committed by GitHub
commit 10c4546f02
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md
View File

@ -63,6 +63,11 @@ The following scenarios aren't supported using Windows Hello for Business cloud
- Using cloud trust for "Run as" - Using cloud trust for "Run as"
- Signing in with cloud trust on a Hybrid Azure AD joined device without previously signing in with DC connectivity - Signing in with cloud trust on a Hybrid Azure AD joined device without previously signing in with DC connectivity
> [!NOTE]
> The default security policy for AD does not grant permission to sign high privilege accounts on to on-premises resources with Cloud Trust or FIDO2 security keys.
>
> To unblock the accounts, use Active Directory Users and Computers to modify the msDS-NeverRevealGroup property of the Azure AD Kerberos Computer object (CN=AzureADKerberos,OU=Domain Controllers,\<domain-DN\>).
## Deployment Instructions ## Deployment Instructions
Deploying Windows Hello for Business cloud trust consists of two steps: Deploying Windows Hello for Business cloud trust consists of two steps: