From 25d4a0950f71c2e502a375619ff982e6ea4613a0 Mon Sep 17 00:00:00 2001 From: VLG17 <41186174+VLG17@users.noreply.github.com> Date: Wed, 5 Jan 2022 13:31:25 +0200 Subject: [PATCH] add info https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10070 --- .../hello-hybrid-cert-new-install.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md index 893bb67c67..7fc2f3cb26 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md @@ -55,15 +55,17 @@ Windows Hello for Business must have a public key infrastructure regardless of t This guide assumes most enterprises have an existing public key infrastructure. Windows Hello for Business depends on a Windows enterprise public key infrastructure running the Active Directory Certificate Services role from Windows Server 2012 or later. +More details about configuring a Windows enterprise public key infrastructure and installing Active Directory Certificate Services can be found [here](https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki#follow-the-windows-hello-for-business-hybrid-key-trust-deployment-guide) and [here](https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority). + +>[!NOTE] +>Never install a certificate authority on a domain controller in a production environment. + ### Lab-based public key infrastructure The following instructions may be used to deploy simple public key infrastructure that is suitable for a lab environment. Sign-in using _Enterprise Admin_ equivalent credentials on Windows Server 2012 or later server where you want the certificate authority installed. ->[!NOTE] ->Never install a certificate authority on a domain controller in a production environment. - 1. Open an elevated Windows PowerShell prompt. 2. Use the following command to install the Active Directory Certificate Services role. ```PowerShell @@ -148,4 +150,4 @@ Alternatively, you can configure Windows Server 2016 Active Directory Federation 3. New Installation Baseline (*You are here*) 4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md) 5. [Configure Windows Hello for Business settings](hello-hybrid-cert-whfb-settings.md) -6. [Sign-in and Provision](hello-hybrid-cert-whfb-provision.md) \ No newline at end of file +6. [Sign-in and Provision](hello-hybrid-cert-whfb-provision.md)