From 3f9423b088d55e89ace2e2c51b3530cf9acf175b Mon Sep 17 00:00:00 2001 From: NagaCSC Date: Mon, 13 Jan 2020 14:37:23 -0800 Subject: [PATCH 1/4] Pre-requisite list update for AADJ SSO - VPN solution or network infra in place to reach your on-prem DC --- .../hello-for-business/hello-hybrid-aadj-sso-base.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 9874fcd53a..1c88bb95cf 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -33,6 +33,7 @@ Before adding Azure Active Directory (Azure AD) joined devices to your existing - Certificate Revocation List (CRL) Distribution Point (CDP) - 2016 Domain Controllers - Domain Controller certificate +- VPN solution or network infra in place to reach your on-prem DC ### Azure Active Directory Connect synchronization Azure AD join, as well as hybrid Azure AD join devices register the user's Windows Hello for Business credential with Azure. To enable on-premises authentication, the credential must be synchronized to the on-premises Active Directory, regardless whether you are using a key or a certificate. Ensure you have Azure AD Connect installed and functioning properly. To learn more about Azure AD Connect, read [Integrate your on-premises directories with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect). From 159aa36e327b3152939f48b455a95832099ad07a Mon Sep 17 00:00:00 2001 From: NagaCSC Date: Tue, 14 Jan 2020 07:35:59 -0800 Subject: [PATCH 2/4] Update windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md looks good to me Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-aadj-sso-base.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 1c88bb95cf..c13bde0a85 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -33,7 +33,7 @@ Before adding Azure Active Directory (Azure AD) joined devices to your existing - Certificate Revocation List (CRL) Distribution Point (CDP) - 2016 Domain Controllers - Domain Controller certificate -- VPN solution or network infra in place to reach your on-prem DC +- VPN solution or network infrastructure in place to reach your on-premises domain controller ### Azure Active Directory Connect synchronization Azure AD join, as well as hybrid Azure AD join devices register the user's Windows Hello for Business credential with Azure. To enable on-premises authentication, the credential must be synchronized to the on-premises Active Directory, regardless whether you are using a key or a certificate. Ensure you have Azure AD Connect installed and functioning properly. To learn more about Azure AD Connect, read [Integrate your on-premises directories with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect). @@ -338,4 +338,3 @@ If you plan on using certificates for on-premises single-sign on, perform the ad - From 58d2af391d8bac8ac12d53bbd9bd9654d43fad32 Mon Sep 17 00:00:00 2001 From: NagaCSC Date: Wed, 15 Jan 2020 12:39:11 -0800 Subject: [PATCH 3/4] hello-hybrid-aadj-sso updated pre-requisite as suggested --- .../hello-for-business/hello-hybrid-aadj-sso-base.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index f4fe5b9d04..f5b585b4de 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -33,7 +33,7 @@ Before adding Azure Active Directory (Azure AD) joined devices to your existing - Certificate Revocation List (CRL) Distribution Point (CDP) - 2016 Domain Controllers - Domain Controller certificate -- VPN solution or network infrastructure in place to reach your on-premises domain controller +- Network infrastructure in place to reach your on-premises domain controller. If machines are external, This can be achieved using any VPN solution ### Azure Active Directory Connect synchronization Azure AD join, as well as hybrid Azure AD join devices register the user's Windows Hello for Business credential with Azure. To enable on-premises authentication, the credential must be synchronized to the on-premises Active Directory, regardless whether you are using a key or a certificate. Ensure you have Azure AD Connect installed and functioning properly. To learn more about Azure AD Connect, read [Integrate your on-premises directories with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect). From 97d3adfddcdfc54057dd800af518bd69eec7d134 Mon Sep 17 00:00:00 2001 From: NagaCSC Date: Wed, 15 Jan 2020 15:35:16 -0800 Subject: [PATCH 4/4] Update windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md looks good Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-aadj-sso-base.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index f5b585b4de..60ec925701 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -33,7 +33,7 @@ Before adding Azure Active Directory (Azure AD) joined devices to your existing - Certificate Revocation List (CRL) Distribution Point (CDP) - 2016 Domain Controllers - Domain Controller certificate -- Network infrastructure in place to reach your on-premises domain controller. If machines are external, This can be achieved using any VPN solution +- Network infrastructure in place to reach your on-premises domain controller. If the machines are external, this can be achieved using any VPN solution. ### Azure Active Directory Connect synchronization Azure AD join, as well as hybrid Azure AD join devices register the user's Windows Hello for Business credential with Azure. To enable on-premises authentication, the credential must be synchronized to the on-premises Active Directory, regardless whether you are using a key or a certificate. Ensure you have Azure AD Connect installed and functioning properly. To learn more about Azure AD Connect, read [Integrate your on-premises directories with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnect). @@ -339,4 +339,3 @@ Sign-in a workstation with access equivalent to a _domain user_. If you plan on using certificates for on-premises single-sign on, perform the additional steps in [Using Certificates for On-premises Single-sign On](hello-hybrid-aadj-sso-cert.md). -