deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-24 14:53:44 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'MicrosoftDocs:release-win11-22h2' into release-win11-22h2

Browse Source
This commit is contained in:
zwhitt-microsoft
2022-09-09 12:52:17 -07:00
committed by GitHub
parent 2dd7007d3f 926d2e5a77
commit ad53e51e4e
41 changed files with 830 additions and 300 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
View File

@ -69,7 +69,7 @@ If the error occurs again, check the error code against the following table to s
| 0x801C044D | Authorization token does not contain device ID. | Unjoin the device from Azure AD and rejoin. |
| | Unable to obtain user token. | Sign out and then sign in again. Check network and credentials. |
| 0x801C044E | Failed to receive user credentials input. | Sign out and then sign in again. |
| 0xC00000BB | Your PIN or this option is temporarily unavailable.| The destination domain controller doesn't support the login method. Most often the KDC service doesn't have the proper certificate to support the login. Use a different login method.|
| 0xC00000BB | Your PIN or this option is temporarily unavailable.| The destination domain controller doesn't support the login method. Most often the KDC service doesn't have the proper certificate to support the login. Use a different login method. Another common issue is caused by clients inability to verify the KDC certificate CRL|

7
windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md
View File

@ -63,6 +63,11 @@ The following scenarios aren't supported using Windows Hello for Business cloud
- Using cloud trust for "Run as"
- Signing in with cloud trust on a Hybrid Azure AD joined device without previously signing in with DC connectivity
> [!NOTE]
> The default security policy for AD does not grant permission to sign high privilege accounts on to on-premises resources with Cloud Trust or FIDO2 security keys.
>
> To unblock the accounts, use Active Directory Users and Computers to modify the msDS-NeverRevealGroup property of the Azure AD Kerberos Computer object (CN=AzureADKerberos,OU=Domain Controllers,\<domain-DN\>).
## Deployment Instructions
Deploying Windows Hello for Business cloud trust consists of two steps:
@ -256,4 +261,4 @@ Windows Hello for Business cloud trust cannot be used as a supplied credential w
### Do all my domain controllers need to be fully patched as per the prerequisites for me to use Windows Hello for Business cloud trust?
No, only the number necessary to handle the load from all cloud trust devices.
No, only the number necessary to handle the load from all cloud trust devices.