deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-23 06:13:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'Issue#3421' of https://github.com/j0rt3g4/windows-itpro-docs into Issue#3421

Browse Source
This commit is contained in:
Jose Ortega
2019-05-29 02:27:41 -05:00
parent 96786f98ad 6e2e41ea45
commit 66b42606d0
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
View File

@ -43,7 +43,8 @@ Use this three-phased approach for configuring device registration.
>[!IMPORTANT] >[!IMPORTANT]
> To use Hybrid Identity with Azure Active Directory (HIAAD) and device WriteBack features you must use the in-built GUI with the [latest updates for ADConnect.](https://www.microsoft.com/download/details.aspx?id=47594) > To use hybrid identity with Azure Active Directory and device WriteBack features, you must use the built-in GUI with the [latest updates for ADConnect](https://www.microsoft.com/download/details.aspx?id=47594).
## Configure Azure for Device Registration ## Configure Azure for Device Registration
Begin configuring device registration to support Hybrid Windows Hello for Business by configuring device registration capabilities in Azure AD. Begin configuring device registration to support Hybrid Windows Hello for Business by configuring device registration capabilities in Azure AD.
@ -68,7 +69,7 @@ To locate the schema master role holder, open and command prompt and type:
![Netdom example output](images/hello-cmd-netdom.png) ![Netdom example output](images/hello-cmd-netdom.png)
The command should return the name of the domain controller where you need to adprep.exe. Update the schema locally on the domain controller hosting the Schema master role. The command should return the name of the domain controller where you need to run adprep.exe. Update the schema locally on the domain controller hosting the Schema master role.
#### Updating the Schema #### Updating the Schema
@ -280,7 +281,7 @@ The definition helps you to verify whether the values are present or if you need
**`http://schemas.microsoft.com/ws/2008/06/identity/claims/issuerid`** - This claim must contain the Uniform Resource Identifier (URI) of any of the verified domain names that connect with the on-premises federation service (AD FS or 3rd party) issuing the token. In AD FS, you can add issuance transform rules that look like the ones below in that specific order after the ones above. Please note that one rule to explicitly issue the rule for users is necessary. In the rules below, a first rule identifying user vs. computer authentication is added. **`http://schemas.microsoft.com/ws/2008/06/identity/claims/issuerid`** - This claim must contain the Uniform Resource Identifier (URI) of any of the verified domain names that connect with the on-premises federation service (AD FS or 3rd party) issuing the token. In AD FS, you can add issuance transform rules that look like the ones below in that specific order after the ones above. Please note that one rule to explicitly issue the rule for users is necessary. In the rules below, a first rule identifying user vs. computer authentication is added.
@RuleName = "Issue account type with the value User when its not a computer" @RuleName = "Issue account type with the value User when it's not a computer"
NOT EXISTS( NOT EXISTS(
[ [
Type == "http://schemas.microsoft.com/ws/2012/01/accounttype", Type == "http://schemas.microsoft.com/ws/2012/01/accounttype",