From 534cfaa98e59ceb8e174e5103011503265bcc44d Mon Sep 17 00:00:00 2001 From: Jake Stoker <94176328+JASTOKER@users.noreply.github.com> Date: Wed, 21 Sep 2022 15:22:59 +0100 Subject: [PATCH 1/3] adding additional scenario for line of sight HAADJ devices also require line of sight to access on-premises resources. This is only called out for AADJ devices in the FAQ. --- .../hello-for-business/hello-hybrid-cloud-kerberos-trust.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md index da2c3ed436..3a879cfdd0 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md @@ -253,7 +253,7 @@ Windows Hello for Business cloud Kerberos trust looks for a writeable DC to exch ### Do I need line of sight to a domain controller to use Windows Hello for Business cloud Kerberos trust? Windows Hello for Business cloud Kerberos trust requires line of sight to a domain controller for some scenarios: -- The first sign-in or unlock with Windows Hello for Business after provisioning on a Hybrid Azure AD joined device +- The first sign-in or unlock with Windows Hello for Business after provisioning and when attempting to access an on-premises resource on a Hybrid Azure AD joined device - When attempting to access an on-premises resource from an Azure AD joined device ### Can I use RDP/VDI with Windows Hello for Business cloud Kerberos trust? From 5ed9514c39dbe793dec82a25737516cb69f1fa55 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 22 Sep 2022 13:28:54 -0400 Subject: [PATCH 2/3] updated --- .../hello-for-business/hello-hybrid-cloud-kerberos-trust.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md index 3a879cfdd0..d501140113 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md @@ -253,8 +253,8 @@ Windows Hello for Business cloud Kerberos trust looks for a writeable DC to exch ### Do I need line of sight to a domain controller to use Windows Hello for Business cloud Kerberos trust? Windows Hello for Business cloud Kerberos trust requires line of sight to a domain controller for some scenarios: -- The first sign-in or unlock with Windows Hello for Business after provisioning and when attempting to access an on-premises resource on a Hybrid Azure AD joined device -- When attempting to access an on-premises resource from an Azure AD joined device +- The first sign-in or unlock with Windows Hello for Business after provisioning +- When attempting to access an on-premises resource on a Hybrid Azure AD joined ### Can I use RDP/VDI with Windows Hello for Business cloud Kerberos trust? From 39a7340e1c6a5df9111f41793d98630da6941ffc Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 22 Sep 2022 13:44:18 -0400 Subject: [PATCH 3/3] Update hello-hybrid-cloud-kerberos-trust.md --- .../hello-for-business/hello-hybrid-cloud-kerberos-trust.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md index d501140113..7e64879acd 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md @@ -254,7 +254,7 @@ Windows Hello for Business cloud Kerberos trust looks for a writeable DC to exch Windows Hello for Business cloud Kerberos trust requires line of sight to a domain controller for some scenarios: - The first sign-in or unlock with Windows Hello for Business after provisioning -- When attempting to access an on-premises resource on a Hybrid Azure AD joined +- When attempting to access an on-premises resource from a Hybrid Azure AD joined device ### Can I use RDP/VDI with Windows Hello for Business cloud Kerberos trust?