Merge branch 'main' into cpw-9294806

2025-06-16 19:03:46 +00:00 · 2024-09-16 07:45:48 -07:00
parent 2d6c604c17 0b3c05d14a
commit 2d77c90167
1 changed files with 4 additions and 0 deletions
--- a/windows/security/identity-protection/hello-for-business/rdp-sign-in.md
+++ b/windows/security/identity-protection/hello-for-business/rdp-sign-in.md
@ -14,6 +14,10 @@ This article describes two certificate deployment approaches, where authenticati
 - Using Microsoft Intune with SCEP or PKCS connectors
 - Using an Active Directory Certificate Services (AD CS) enrollment policy

+>[!IMPORTANT]
+> If you deploy the certificate using Microsoft Intune, and you have [User Account Control](../../application-security/application-control/user-account-control/index.md) configured to *Prompt for credentials on the secure desktop*, you won't be able to use the *run as* feature.
+> In such scenario, when you try to execute an application with elevated privileges and choose the Windows Hello for Business credential, you'll receive the error message: **The username or password is incorrect**.
+
 > [!TIP]
 > Consider using Remote Credential Guard instead of Windows Hello for Business for RDP sign-in. Remote Credential Guard provides single sign-on (SSO) to RDP sessions using Kerberos authentication, and doesn't require the deployment of certificates. For more information, see [Remote Credential Guard](../remote-credential-guard.md).