From 22de41ba087c30d293e67391a8cfba08fd0db090 Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Mon, 20 May 2019 23:42:46 -0500 Subject: [PATCH 1/4] Adding important note to solve #3493 --- .../hello-hybrid-key-whfb-settings-dir-sync.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md index d8aa1c79aa..542a904c23 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md @@ -23,11 +23,14 @@ ms.date: 08/19/2018 - Key trust + ## Directory Synchronization In hybrid deployments, users register the public portion of their Windows Hello for Business credential with Azure. Azure AD Connect synchronizes the Windows Hello for Business public key to Active Directory. ### Group Memberships for the Azure AD Connect Service Account +>[!IMPORTANT] +> If you already have a Windows Server 2016 domain controller in your domain, you can skip Configure Permissions for Key Synchronization. For more please check [Configure Hybrid Windows Hello for Business: Directory Synchronization](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync) The KeyAdmins global group provides the Azure AD Connect service with the permissions needed to read and write the public key to Active Directory. @@ -47,9 +50,7 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva >[!div class="step-by-step"] [< Configure Active Directory](hello-hybrid-key-whfb-settings-ad.md) -[Configure PKI >](hello-hybrid-key-whfb-settings-pki.md) - -

+[Configure PKI >](hello-hybrid-key-whfb-settings-pki.md)
From 57fb979e3fc3f591bd407df82eeafa42497f6aaa Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Wed, 22 May 2019 13:22:54 -0500 Subject: [PATCH 2/4] Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com> --- .../hello-hybrid-key-whfb-settings-dir-sync.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md index 542a904c23..87e7cafdbd 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md @@ -30,7 +30,7 @@ In hybrid deployments, users register the public portion of their Windows Hello ### Group Memberships for the Azure AD Connect Service Account >[!IMPORTANT] -> If you already have a Windows Server 2016 domain controller in your domain, you can skip Configure Permissions for Key Synchronization. For more please check [Configure Hybrid Windows Hello for Business: Directory Synchronization](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync) +> If you already have a Windows Server 2016 domain controller in your domain, you can skip **Configure Permissions for Key Synchronization**. For more detail see [Configure Hybrid Windows Hello for Business: Directory Synchronization](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync). The KeyAdmins global group provides the Azure AD Connect service with the permissions needed to read and write the public key to Active Directory. From 41779b74a7097db2a1984ceb308bce3b1bd39122 Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Fri, 31 May 2019 01:18:21 -0500 Subject: [PATCH 3/4] Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-hybrid-key-whfb-settings-dir-sync.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md index 87e7cafdbd..854d855464 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md @@ -23,7 +23,6 @@ ms.date: 08/19/2018 - Key trust - ## Directory Synchronization In hybrid deployments, users register the public portion of their Windows Hello for Business credential with Azure. Azure AD Connect synchronizes the Windows Hello for Business public key to Active Directory. From 33164f6872ce61a41916ba0a04df682fd3093d69 Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Fri, 31 May 2019 01:22:11 -0500 Subject: [PATCH 4/4] Removing extra line in 25 Suggested by --- .../hello-hybrid-key-whfb-settings-dir-sync.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md index 854d855464..864bcd91ab 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md @@ -22,7 +22,6 @@ ms.date: 08/19/2018 - Hybrid deployment - Key trust - ## Directory Synchronization In hybrid deployments, users register the public portion of their Windows Hello for Business credential with Azure. Azure AD Connect synchronizes the Windows Hello for Business public key to Active Directory.