deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-17 11:23:45 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #3757 from j0rt3g4/Issue#3493

Browse Source 
Adding important note to solve #3493
This commit is contained in:
Dani Halfin
2019-05-31 16:28:40 -07:00
committed by GitHub
parent 507f4bb99e 33164f6872
commit 27edac8e1b
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md
View File

@ -23,12 +23,13 @@ ms.reviewer:
- Hybrid deployment - Hybrid deployment
- Key trust - Key trust
## Directory Synchronization ## Directory Synchronization
In hybrid deployments, users register the public portion of their Windows Hello for Business credential with Azure. Azure AD Connect synchronizes the Windows Hello for Business public key to Active Directory. In hybrid deployments, users register the public portion of their Windows Hello for Business credential with Azure. Azure AD Connect synchronizes the Windows Hello for Business public key to Active Directory.
### Group Memberships for the Azure AD Connect Service Account ### Group Memberships for the Azure AD Connect Service Account
>[!IMPORTANT]
> If you already have a Windows Server 2016 domain controller in your domain, you can skip **Configure Permissions for Key Synchronization**. For more detail see [Configure Hybrid Windows Hello for Business: Directory Synchronization](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync).
The KeyAdmins global group provides the Azure AD Connect service with the permissions needed to read and write the public key to Active Directory. The KeyAdmins global group provides the Azure AD Connect service with the permissions needed to read and write the public key to Active Directory.
@ -50,8 +51,6 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
[< Configure Active Directory](hello-hybrid-key-whfb-settings-ad.md) [< Configure Active Directory](hello-hybrid-key-whfb-settings-ad.md)
[Configure PKI >](hello-hybrid-key-whfb-settings-pki.md) [Configure PKI >](hello-hybrid-key-whfb-settings-pki.md)
<br><br>
<hr> <hr>
## Follow the Windows Hello for Business hybrid key trust deployment guide ## Follow the Windows Hello for Business hybrid key trust deployment guide