added note about issue when deploying certs via Intune and run-as

2025-05-12 13:27:23 +00:00 · 2024-09-13 14:14:44 -04:00 · 2024-09-13 14:14:44 -04:00 · 74f391a85e
commit 74f391a85e
parent 69e9c6b3e2
1 changed files with 4 additions and 0 deletions
--- a/windows/security/identity-protection/hello-for-business/rdp-sign-in.md
+++ b/windows/security/identity-protection/hello-for-business/rdp-sign-in.md
@ -14,6 +14,10 @@ This article describes two certificate deployment approaches, where authenticati
 - Using Microsoft Intune with SCEP or PKCS connectors
 - Using an Active Directory Certificate Services (AD CS) enrollment policy

+>[!IMPORTANT]
+> If you deploying the certificate using Microsoft Intune, and you have User Account Control configure to *Prompt for credentials on secure desktop* you won't be able to use the *run as* feature.
+> In such scenario, when you try to execute an application with elevated privileges and choose the Windows Hello for Business credential, you'll receive the error message: **The username or password is incorrect**.
+
 > [!TIP]
 > Consider using Remote Credential Guard instead of Windows Hello for Business for RDP sign-in. Remote Credential Guard provides single sign-on (SSO) to RDP sessions using Kerberos authentication, and doesn't require the deployment of certificates. For more information, see [Remote Credential Guard](../remote-credential-guard.md).