deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Paolo Matarazzo 2024-10-31 07:40:32 -04:00
parent e88cd72e45
commit 1d19f98f7f
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust.md
View File

@ -41,7 +41,7 @@ If you haven't deployed Microsoft Entra Kerberos, follow the instructions in the
When Microsoft Entra Kerberos is enabled in an Active Directory domain, an *AzureADKerberos* computer object is created in the domain. This object: When Microsoft Entra Kerberos is enabled in an Active Directory domain, an *AzureADKerberos* computer object is created in the domain. This object:
- Appears as a Read Only Domain Controller (RODC) object, but isn't associated with any physical servers - Appears as a read only domain controller (RODC) object, but isn't associated with any physical servers
- Is only used by Microsoft Entra ID to generate TGTs for the Active Directory domain - Is only used by Microsoft Entra ID to generate TGTs for the Active Directory domain
> [!NOTE] > [!NOTE]

6
windows/security/identity-protection/hello-for-business/deploy/index.md
View File

@ -65,7 +65,7 @@ Windows Hello for Business authentication to Microsoft Entra ID always uses the
The trust type determines whether you issue authentication certificates to your users. One trust model isn't more secure than the other. The trust type determines whether you issue authentication certificates to your users. One trust model isn't more secure than the other.
The deployment of certificates to users and Domain Controllers requires more configuration and infrastructure, which could also be a factor to consider in your decision. More infrastructure needed for certificate-trust deployments includes a certificate registration authority. In a federated environment, you must activate the Device Writeback option in Microsoft Entra Connect. The deployment of certificates to users and domain controllers requires more configuration and infrastructure, which could also be a factor to consider in your decision. More infrastructure needed for certificate-trust deployments includes a certificate registration authority. In a federated environment, you must activate the Device Writeback option in Microsoft Entra Connect.
There are three trust types from which you can choose: There are three trust types from which you can choose:
@ -264,9 +264,9 @@ All supported Windows versions can be used with Windows Hello for Business. Howe
### Windows Server requirements ### Windows Server requirements
All supported Windows Server versions can be used with Windows Hello for Business as Domain Controller. However, cloud Kerberos trust requires minimum versions: Windows Hello for Business can be used to authenticate against all supported Windows Server versions as a domain controller. However, cloud Kerberos trust requires minimum versions:
| | Deployment model | Trust type | Domain Controller OS version | | | Deployment model | Trust type | Domain controller OS version |
|--|--|--|--| |--|--|--|--|
| **🔲** | **Cloud-only** | n/a | All supported versions | | **🔲** | **Cloud-only** | n/a | All supported versions |
| **🔲** | **Hybrid** | Cloud Kerberos | - Windows Server 2016, with [KB3534307][KB-3] and later<br>- Windows Server 2019, with [KB4534321][KB-4] and later<br>- Windows Server 2022<br>- Windows Server 2025| | **🔲** | **Hybrid** | Cloud Kerberos | - Windows Server 2016, with [KB3534307][KB-3] and later<br>- Windows Server 2019, with [KB4534321][KB-4] and later<br>- Windows Server 2022<br>- Windows Server 2025|