deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-22 22:03:46 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'main' of github.com:MicrosoftDocs/windows-docs-pr into pm-8228900-remote-credential-guard

Browse Source
This commit is contained in:
Paolo Matarazzo
2023-08-21 17:22:45 -04:00
parent 995d408698 f0738343d8
commit 475797dde9
7 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md
View File

@ -3,6 +3,7 @@ title: Windows Hello for Business cloud-only deployment
description: Learn how to configure Windows Hello for Business in a cloud-only deployment scenario.
ms.date: 06/23/2021
ms.topic: how-to
ms.custom: has-azure-ad-ps-ref
---
# Cloud-only deployment

2
windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md
View File

@ -174,7 +174,7 @@ If you deployed Windows Hello for Business using the key trust model, and want t
1. [Set up Azure AD Kerberos in your hybrid environment](#deploy-azure-ad-kerberos).
1. [Enable cloud Kerberos trust via Group Policy or Intune](#configure-windows-hello-for-business-policy).
1. For hybrid Azure AD joined devices, sign out and sign in to the device using Windows Hello for Business.
1. For Azure AD joined devices, sign out and sign in to the device using Windows Hello for Business.
> [!NOTE]
> For hybrid Azure AD joined devices, users must perform the first sign in with new credentials while having line of sight to a DC.

4
windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
View File

@ -175,7 +175,7 @@ The smart card certificate has specific format requirements when it is used with
| **Component** | **Requirements for Windows 8.1, Windows 8, Windows 7, Windows Vista, Windows 10, and Windows 11** | **Requirements for Windows XP** |
|--------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| CRL distribution point location | Not required | The location must be specified, online, and available, for example:<br>\[1\]CRL Distribution Point<br>Distribution Point Name:<br>Full Name:<br>URL=`<https://server1.contoso.com/CertEnroll/caname.crl>` |
| CRL distribution point location | Not required | The location must be specified, online, and available, for example:<br>\[1\]CRL Distribution Point<br>Distribution Point Name:<br>Full Name:<br>URL=`<http://server1.contoso.com/CertEnroll/caname.crl>` |
| Key usage | Digital signature | Digital signature |
| Basic constraints | Not required | \[Subject Type=End Entity, Path Length Constraint=None\] (Optional) |
| extended key usage (EKU) | The smart card sign-in object identifier is not required.<br><br>**Note**&nbsp;&nbsp;If an EKU is present, it must contain the smart card sign-in EKU. Certificates with no EKU can be used for sign-in. | - Client Authentication (1.3.6.1.5.5.7.3.2)<br>The client authentication object identifier is required only if a certificate is used for SSL authentication.<br><br>- Smart Card Sign-in (1.3.6.1.4.1.311.20.2.2) |
@ -310,4 +310,4 @@ For more information about this option for the command-line tool, see [-SCRoots]
## See also
[How Smart Card Sign-in Works in Windows](smart-card-how-smart-card-sign-in-works-in-windows.md)
[How Smart Card Sign-in Works in Windows](smart-card-how-smart-card-sign-in-works-in-windows.md)