diff --git a/windows/manage/connect-to-remote-aadj-pc.md b/windows/manage/connect-to-remote-aadj-pc.md index fa6c1ded35..34a946ab76 100644 --- a/windows/manage/connect-to-remote-aadj-pc.md +++ b/windows/manage/connect-to-remote-aadj-pc.md @@ -24,7 +24,7 @@ From its release, Windows 10 has supported remote connections to PCs that are jo ## Set up - Both PCs (local and remote) must be running Windows 10, version 1607. Remote connection to an Azure AD-joined PC that is running earlier versions of Windows 10 is not supported. - +- Remote Credential Guard, a new feature in Windows 10, version 1607, must be disabled on the remote PC (link to be added when content published). - On the PC that you want to connect to: 1. Open system properties for the remote PC. 2. Enable **Allow remote connections to this computer** and select **Allow connections only from computers running Remote Desktop with Network Level Authentication**. @@ -34,35 +34,40 @@ From its release, Windows 10 has supported remote connections to PCs that are jo 3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users, click **Select Users**. 4. Enter **Authenticated Users**, then click **Check Names**. If the **Name Not Found** window opens, click **Locations** and select this PC. -- A windows RS1 feature called ‘Remote CredGuard’ must be disabled on the client ## Supported configurations -Federated Organizations -- RDP from domain joined device to AAD joined device using -o Password -o Smartcards -o Password for Work (PFW) if the organization has their domain managed by SCCM -- RDP from AAD device to domain joined device when the AAD joined device is on the corp network using -o Password -o Smartcards -o PFW if the organization has a MDM subscription. MDM enrolls for certificates here -o PFW without MDM subscription, requires at least some Server 2016 DCs and AAD key-back sync. On the client side X509Hints reg key needs to be enabled (SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider\X509HintsNeeded to 1). When the PFW Credential provider comes up it will have the UserName Hint dialog box. Here the NT4 style name for the user like \ should be entered. Please check with Venkatesh/Karanbir if this will be supported for this release -- RDP between 2 AAD joined devices using -o Password -o Smartcard -o Passport for Work(PWF) with or without MDM subscription +In organizations that have integrated Active Directory and Azure AD, you can connect from a domain-joined PC to an Azure AD-joined PC using: + +- Password +- Smartcards +- Windows Hello for Business, if the domain is managed by System Center Configuration Manager + +In organizations that have integrated Active Directory and Azure AD, you can connect from an Azure AD-joined PC to an AD-joined PC when the Azure AD-joined PC is on the corporate network using: + +- Password +- Smartcards +- Windows Hello for Business, if the organization has a mobile device management (MDM) subscription. + +In organizations that have integrated Active Directory and Azure AD, you can connect from an Azure AD-joined PC to another Azure AD-joined PC using: + +- Password +- Smartcards +- Windows Hello for Business, with or without an MDM subscription. + -Non-Federated Organizations, Pure AAD -- RDP between 2 AAD joined devices using -o Password -o Passport for Work(PWF) with or without MDM subscription +In organizations using only Azure AD, you can connect from an Azure AD-joined PC to another Azure AD-joined PC using: + +- Password +- Windows Hello for Business, with or without an MDM subscription. ## Related topics +[How to use Remote Desktop](http://windows.microsoft.com/en-us/windows-10/how-to-use-remote-desktop) +[Remote Desktop Connection: frequently asked questions](http://windows.microsoft.com/en-us/windows/remote-desktop-connection-faq#1TC=windows-8) (Windows 8.1 documentation, still applicable to Windows 10)   diff --git a/windows/whats-new/microsoft-passport.md b/windows/whats-new/microsoft-passport.md index 39a4a3d43b..a132b19ad6 100644 --- a/windows/whats-new/microsoft-passport.md +++ b/windows/whats-new/microsoft-passport.md @@ -15,7 +15,7 @@ author: jdeckerMS - Windows 10 - Windows 10 Mobile -> **Note:** When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multi-factor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics. +> **Note:** When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multi-factor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name in Windows 10, version 1607. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics. In Windows 10, Windows Hello replaces passwords with strong two-factor authentication that consists of an enrolled device and a Windows Hello (biometric) or PIN.