From 3c2669930795ee48dc24d68237b1e095cc5c9e51 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Wed, 16 Nov 2022 16:30:40 -0500 Subject: [PATCH] updates --- .../hello-for-business/hello-deployment-rdp-certs.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md index 4e02c5471c..282264de1e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md @@ -72,7 +72,7 @@ Follow these steps to create a certificate template: 1. Execute the following command, replacing `` with the **Template display name** noted above ```cmd - certutil -dstemplate > + certutil.exe -dstemplate > ``` 1. Open the text file created by the command above. @@ -85,7 +85,7 @@ Follow these steps to create a certificate template: 1. Update the certificate template by executing the following command: ```cmd - certutil -dsaddtemplate + certutil.exe -dsaddtemplate ``` 1. In the Certificate Authority console, right-click **Certificate Templates**, select **New > Certificate Template to Issue** @@ -108,7 +108,7 @@ Follow these steps to create a certificate template: -## Deploy certificates via Microsoft Intune +## Deploy certificates via Intune > [!NOTE] > This process is applicable to both *Azure AD joined* and *hybrid Azure AD joined* devices that are managed via Intune. @@ -172,7 +172,7 @@ Once the Intune policy is created, targeted clients will request a certificate d -## Using non-Microsoft Enterprise Certificate Authorities +## Use third-party certification authorities If you're using a non-Microsoft PKI, the certificate templates published to the on-premises Active Directory may not be available. For guidance with integration of Intune/SCEP with non-Microsoft PKI deployments, refer to [Use third-party certification authorities (CA) with SCEP in Microsoft Intune][MEM-6]. @@ -180,7 +180,7 @@ As an alternative to using SCEP or if none of the previously covered solutions w The `Generate-CertificateRequest` commandlet will generate an *.inf* file for a pre-existing Windows Hello for Business key. The *.inf* can be used to generate a certificate request manually using `certreq.exe`. The commandlet will also generate a *.req* file, which can be submitted to your PKI for a certificate. -## RDP Sign-in with Windows Hello for Business Certificate Authentication +## RDP sign-in with Windows Hello for Business certificate authentication After obtaining a certificate, users can RDP to any Windows devices in the same Active Directory forest as the user's Active Directory account.