deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-30 22:27:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update hello-hybrid-cloud-trust.md

Browse Source 
Added note regarding high priv accounts and msDS-NeverRevealGroup
This commit is contained in:
jjstreic 2022-09-08 12:46:11 -05:00 committed by GitHub
parent db62467eab
commit 5b0204d998
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md
View File

@ -63,6 +63,11 @@ The following scenarios aren't supported using Windows Hello for Business cloud
- Using cloud trust for "Run as"
- Signing in with cloud trust on a Hybrid Azure AD joined device without previously signing in with DC connectivity
> [!NOTE]
> The default security policy for AD does not grant permission to sign high privilege accounts on to on-premises resources with Cloud Trust or FIDO2 security keys.
>
> To unblock the accounts, use Active Directory Users and Computers to modify the msDS-NeverRevealGroup property of the Azure AD Kerberos Computer object (CN=AzureADKerberos,OU=Domain Controllers,<domain-DN>).
## Deployment Instructions
Deploying Windows Hello for Business cloud trust consists of two steps: