mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-21 05:13:40 +00:00
Merge branch 'master' into design
This commit is contained in:
Greg Lindsay
GitHub
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Windows Hello for Business Trust New Installation (Windows Hello for Business)
|
||||
title: Hybrid Azure AD joined Windows Hello for Business Trust New Installation (Windows Hello for Business)
|
||||
description: Learn about new installations for Windows Hello for Business certificate trust and the various technologies hybrid certificate trust depoyments rely on.
|
||||
keywords: identity, PIN, biometric, Hello, passport, WHFB
|
||||
ms.prod: w10
|
||||
@ -13,10 +13,10 @@ manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/19/2018
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
---
|
||||
# Windows Hello for Business Certificate Trust New Installation
|
||||
# Hybrid Azure AD joined Windows Hello for Business Certificate Trust New Installation
|
||||
|
||||
**Applies to**
|
||||
- Windows 10, version 1703 or later
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Configure Device Registration for Hybrid Windows Hello for Business
|
||||
title: Configure Device Registration for Hybrid Azure AD joined Windows Hello for Business
|
||||
description: Azure Device Registration for Hybrid Certificate Trust Deployment (Windows Hello for Business)
|
||||
keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, cert-trust, device, registration
|
||||
ms.prod: w10
|
||||
@ -13,10 +13,10 @@ manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/18/2018
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
---
|
||||
# Configure Device Registration for Hybrid Windows Hello for Business
|
||||
# Configure Device Registration for Hybrid Azure AD joined Windows Hello for Business
|
||||
|
||||
**Applies to**
|
||||
- Windows 10, version 1703 or later
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Hybrid Windows Hello for Business Prerequisites
|
||||
title: Hybrid Azure AD joined Windows Hello for Business Prerequisites
|
||||
description: Learn these prerequisites for hybrid Windows Hello for Business deployments using certificate trust.
|
||||
keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust
|
||||
ms.prod: w10
|
||||
@ -13,10 +13,10 @@ manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/19/2018
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
---
|
||||
# Hybrid Windows Hello for Business Prerequisites
|
||||
# Hybrid Azure AD joined Windows Hello for Business Prerequisites
|
||||
|
||||
**Applies to**
|
||||
- Windows 10, version 1703 or later
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Hybrid Windows Hello for Business Provisioning (Windows Hello for Business)
|
||||
title: Hybrid Azure AD joined Windows Hello for Business Certificate Trust Provisioning (Windows Hello for Business)
|
||||
description: In this article, learn about provisioning for hybrid certificate trust deployments of Windows Hello for Businesss.
|
||||
keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust
|
||||
ms.prod: w10
|
||||
@ -13,10 +13,10 @@ manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/19/2018
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
---
|
||||
# Hybrid Windows Hello for Business Provisioning
|
||||
# Hybrid Azure AD joined Windows Hello for Business Certificate Trust Provisioning
|
||||
|
||||
**Applies to**
|
||||
- Windows 10, version 1703 or later
|
||||
@ -27,7 +27,7 @@ ms.reviewer:
|
||||
## Provisioning
|
||||
The Windows Hello for Business provisioning begins immediately after the user has signed in, after the user profile is loaded, but before the user receives their desktop. Windows only launches the provisioning experience if all the prerequisite checks pass. You can determine the status of the prerequisite checks by viewing the **User Device Registration** in the **Event Viewer** under **Applications and Services Logs\Microsoft\Windows**.
|
||||
|
||||
|
||||
|
||||
|
||||
The first thing to validate is the computer has processed device registration. You can view this from the User device registration logs where the check **Device is AAD joined (AADJ or DJ++): Yes** appears. Additionally, you can validate this using the **dsregcmd /status** command from a console prompt where the value for **AzureADJoined** reads **Yes**.
|
||||
|
||||
@ -81,4 +81,4 @@ The certificate authority validates the certificate was signed by the registrati
|
||||
3. [New Installation Baseline](hello-hybrid-cert-new-install.md)
|
||||
4. [Configure Azure Device Registration](hello-hybrid-cert-trust-devreg.md)
|
||||
5. [Configure Windows Hello for Business policy settings](hello-hybrid-cert-whfb-settings-policy.md)
|
||||
6. Sign-in and Provision (*You are here*)
|
||||
6. Sign-in and Provision (*You are here*)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Configure Hybrid Windows Hello for Business - Active Directory (AD)
|
||||
title: Configure Hybrid Azure AD joined Windows Hello for Business - Active Directory (AD)
|
||||
description: Discussing the configuration of Active Directory (AD) in a Hybrid deployment of Windows Hello for Business
|
||||
keywords: identity, PIN, biometric, Hello, passport, WHFB, ad
|
||||
ms.prod: w10
|
||||
@ -13,10 +13,10 @@ manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/19/2018
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
---
|
||||
# Configure Windows Hello for Business: Active Directory
|
||||
# Configure Hybrid Azure AD joined Windows Hello for Business: Active Directory
|
||||
|
||||
**Applies to**
|
||||
- Windows 10, version 1703 or later
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Configuring Hybrid Windows Hello for Business - Active Directory Federation Services (ADFS)
|
||||
title: Configuring Hybrid Azure AD joined Windows Hello for Business - Active Directory Federation Services (ADFS)
|
||||
description: Discussing the configuration of Active Directory Federation Services (ADFS) in a Hybrid deployment of Windows Hello for Business
|
||||
keywords: identity, PIN, biometric, Hello, passport, WHFB, adfs
|
||||
ms.prod: w10
|
||||
@ -13,10 +13,10 @@ manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 01/14/2021
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
---
|
||||
# Configure Windows Hello for Business: Active Directory Federation Services
|
||||
# Configure Hybrid Azure AD joined Windows Hello for Business: Active Directory Federation Services
|
||||
|
||||
**Applies to**
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Configure Hybrid Windows Hello for Business Directory Synch
|
||||
title: Configure Hybrid Azure AD joined Windows Hello for Business Directory Synch
|
||||
description: Discussing Directory Synchronization in a Hybrid deployment of Windows Hello for Business
|
||||
keywords: identity, PIN, biometric, Hello, passport, WHFB, dirsync, connect
|
||||
ms.prod: w10
|
||||
@ -13,11 +13,11 @@ manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 10/23/2017
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
---
|
||||
|
||||
# Configure Hybrid Windows Hello for Business: Directory Synchronization
|
||||
# Configure Hybrid Azure AD joined Windows Hello for Business: Directory Synchronization
|
||||
|
||||
**Applies to**
|
||||
- Windows 10, version 1703 or later
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Configuring Hybrid Windows Hello for Business - Public Key Infrastructure (PKI)
|
||||
title: Configuring Hybrid Azure AD joined Windows Hello for Business - Public Key Infrastructure (PKI)
|
||||
description: Discussing the configuration of the Public Key Infrastructure (PKI) in a Hybrid deployment of Windows Hello for Business
|
||||
keywords: identity, PIN, biometric, Hello, passport, WHFB, PKI
|
||||
ms.prod: w10
|
||||
@ -13,11 +13,11 @@ manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 01/14/2021
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
---
|
||||
|
||||
# Configure Hybrid Windows Hello for Business: Public Key Infrastructure
|
||||
# Configure Hybrid Azure AD joined Windows Hello for Business: Public Key Infrastructure
|
||||
|
||||
**Applies to**
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Configuring Hybrid Windows Hello for Business - Group Policy
|
||||
title: Configuring Hybrid Azure AD joined Windows Hello for Business - Group Policy
|
||||
description: Discussing the configuration of Group Policy in a Hybrid deployment of Windows Hello for Business
|
||||
keywords: identity, PIN, biometric, Hello, passport, WHFB
|
||||
ms.prod: w10
|
||||
@ -13,10 +13,10 @@ manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/19/2018
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
---
|
||||
# Configure Hybrid Windows Hello for Business: Group Policy
|
||||
# Configure Hybrid Azure AD joined Windows Hello for Business: Group Policy
|
||||
|
||||
**Applies to**
|
||||
- Windows 10, version 1703 or later
|
||||
|
||||
@ -13,10 +13,10 @@ manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/19/2018
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
---
|
||||
# Configure Windows Hello for Business
|
||||
# Configure Hybrid Azure AD joined Windows Hello for Business
|
||||
|
||||
**Applies to**
|
||||
- Windows 10, version 1703 or later
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Windows Hello for Business Key Trust New Installation
|
||||
title: Windows Hello for Business Hybrid Azure AD joined Key Trust New Installation
|
||||
description: Learn how to configure a hybrid key trust deployment of Windows Hello for Business for systems with no previous installations.
|
||||
keywords: identity, PIN, biometric, Hello, passport, WHFB
|
||||
ms.prod: w10
|
||||
@ -13,10 +13,10 @@ manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/19/2018
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
---
|
||||
# Windows Hello for Business Key Trust New Installation
|
||||
# Windows Hello for Business Hybrid Azure AD joined Key Trust New Installation
|
||||
|
||||
**Applies to**
|
||||
- Windows 10, version 1703 or later
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Configure Device Registration for Hybrid key trust Windows Hello for Business
|
||||
title: Configure Device Registration for Hybrid Azure AD joined key trust Windows Hello for Business
|
||||
description: Azure Device Registration for Hybrid Certificate Key Deployment (Windows Hello for Business)
|
||||
keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust, device, registration
|
||||
ms.prod: w10
|
||||
@ -13,10 +13,10 @@ manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/19/2018
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
---
|
||||
# Configure Device Registration for Hybrid key trust Windows Hello for Business
|
||||
# Configure Device Registration for Hybrid Azure AD joined key trust Windows Hello for Business
|
||||
|
||||
**Applies to**
|
||||
- Windows 10, version 1703 or later
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Configure Directory Synchronization for Hybrid key trust Windows Hello for Business
|
||||
title: Configure Directory Synchronization for Hybrid Azure AD joined key trust Windows Hello for Business
|
||||
description: Azure Directory Synchronization for Hybrid Certificate Key Deployment (Windows Hello for Business)
|
||||
keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust, directory, synchronization, AADConnect
|
||||
ms.prod: w10
|
||||
@ -13,10 +13,10 @@ manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/19/2018
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
---
|
||||
# Configure Directory Synchronization for Hybrid key trust Windows Hello for Business
|
||||
# Configure Directory Synchronization for Hybrid Azure AD joined key trust Windows Hello for Business
|
||||
|
||||
**Applies to**
|
||||
- Windows 10, version 1703 or later
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Hybrid Key trust Windows Hello for Business Prerequisites (Windows Hello for Business)
|
||||
title: Hybrid Azure AD joined Key trust Windows Hello for Business Prerequisites (Windows Hello for Business)
|
||||
description: Learn about the prerequisites for hybrid Windows Hello for Business deployments using key trust and what the next steps are in the deployment process.
|
||||
keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, key-trust
|
||||
ms.prod: w10
|
||||
@ -13,10 +13,10 @@ manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/20/2018
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
---
|
||||
# Hybrid Key trust Windows Hello for Business Prerequisites
|
||||
# Hybrid Azure AD joined Key trust Windows Hello for Business Prerequisites
|
||||
|
||||
**Applies to**
|
||||
- Windows 10, version 1703 or later
|
||||
@ -74,7 +74,7 @@ The minimum required Enterprise certificate authority that can be used with Wind
|
||||
* The certificate Enhanced Key Usage section must contain Client Authentication (1.3.6.1.5.5.7.3.2), Server Authentication (1.3.6.1.5.5.7.3.1), and KDC Authentication (1.3.6.1.5.2.3.5).
|
||||
* The certificate Subject Alternative Name section must contain the Domain Name System (DNS) name.
|
||||
* The certificate template must have an extension that has the value "DomainController", encoded as a [BMPstring](/windows/win32/seccertenroll/about-bmpstring). If you are using Windows Server Enterprise Certificate Authority, this extension is already included in the domain controller certificate template.
|
||||
* The domain controller certificate must be installed in the local computer's certificate store. See [Configure Hybrid Windows Hello for Business: Public Key Infrastructure](./hello-hybrid-cert-whfb-settings-pki.md) for details.
|
||||
* The domain controller certificate must be installed in the local computer's certificate store. See [Configure Hybrid Windows Hello for Business: Public Key Infrastructure](./hello-hybrid-key-whfb-settings-pki.md) for details.
|
||||
|
||||
|
||||
> [!IMPORTANT]
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Hybrid Windows Hello for Business key trust Provisioning (Windows Hello for Business)
|
||||
title: Hybrid Azure AD joined Windows Hello for Business key trust Provisioning (Windows Hello for Business)
|
||||
description: Learn about provisioning for hybrid key trust deployments of Windows Hello for Business and learn where to find the hybrid key trust deployment guide.
|
||||
keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust
|
||||
ms.prod: w10
|
||||
@ -13,10 +13,10 @@ manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/20/2018
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
---
|
||||
# Hybrid Windows Hello for Business Provisioning
|
||||
# Hybrid Azure AD joined Windows Hello for Business Key Trust Provisioning
|
||||
|
||||
**Applies to**
|
||||
- Windows 10, version 1703 or later
|
||||
@ -68,4 +68,4 @@ The remainder of the provisioning includes Windows Hello for Business requesting
|
||||
4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md)
|
||||
5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md)
|
||||
6. [Configure Windows Hello for Business settings](hello-hybrid-key-whfb-settings.md)
|
||||
7. Sign-in and Provision(*You are here*)
|
||||
7. Sign-in and Provision(*You are here*)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Configuring Hybrid key trust Windows Hello for Business - Active Directory (AD)
|
||||
title: Configuring Hybrid Azure AD joined key trust Windows Hello for Business - Active Directory (AD)
|
||||
description: Configuring Hybrid key trust Windows Hello for Business - Active Directory (AD)
|
||||
keywords: identity, PIN, biometric, Hello, passport, WHFB, ad, key trust, key-trust
|
||||
ms.prod: w10
|
||||
@ -13,10 +13,10 @@ manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/20/2018
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
---
|
||||
# Configuring Hybrid key trust Windows Hello for Business: Active Directory
|
||||
# Configuring Hybrid Azure AD joined key trust Windows Hello for Business: Active Directory
|
||||
|
||||
**Applies to**
|
||||
- Windows 10, version 1703 or later
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Hybrid Windows Hello for Business - Directory Synchronization
|
||||
title: Hybrid Azure AD joined Windows Hello for Business - Directory Synchronization
|
||||
description: How to configure Hybrid key trust Windows Hello for Business - Directory Synchronization
|
||||
keywords: identity, PIN, biometric, Hello, passport, WHFB, dirsync, connect, Windows Hello, AD Connect, key trust, key-trust
|
||||
ms.prod: w10
|
||||
@ -13,10 +13,10 @@ manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/19/2018
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
---
|
||||
# Configure Hybrid Windows Hello for Business: Directory Synchronization
|
||||
# Configure Hybrid Azure AD joined Windows Hello for Business: Directory Synchronization
|
||||
|
||||
**Applies to**
|
||||
- Windows 10, version 1703 or later
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Configure Hybrid key trust Windows Hello for Business
|
||||
title: Configure Hybrid Azure AD joined key trust Windows Hello for Business
|
||||
description: Configuring Hybrid key trust Windows Hello for Business - Public Key Infrastructure (PKI)
|
||||
keywords: identity, PIN, biometric, Hello, passport, WHFB, PKI, Windows Hello, key trust, key-trust
|
||||
ms.prod: w10
|
||||
@ -13,11 +13,11 @@ manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 01/14/2021
|
||||
ms.date: 04/30/2021
|
||||
ms.reviewer:
|
||||
---
|
||||
|
||||
# Configure Hybrid Windows Hello for Business: Public Key Infrastructure
|
||||
# Configure Hybrid Azure AD joined Windows Hello for Business: Public Key Infrastructure
|
||||
|
||||
**Applies to**
|
||||
|
||||
@ -50,7 +50,8 @@ Sign-in a certificate authority or management workstations with _Domain Admin_ e
|
||||
3. In the **Certificate Template Console**, right-click the **Kerberos Authentication** template in the details pane and click **Duplicate Template**.
|
||||
4. On the **Compatibility** tab, clear the **Show resulting changes** check box. Select **Windows Server 2008 R2** from the **Certification Authority** list. Select **Windows 7.Server 2008 R2** from the **Certification Recipient** list.
|
||||
5. On the **General** tab, type **Domain Controller Authentication (Kerberos)** in Template display name. Adjust the validity and renewal period to meet your enterprise's needs.
|
||||
**Note**If you use different template names, you'll need to remember and substitute these names in different portions of the lab.
|
||||
> [!NOTE]
|
||||
> If you use different template names, you'll need to remember and substitute these names in different portions of the lab.
|
||||
6. On the **Subject Name** tab, select the **Build from this Active Directory information** button if it is not already selected. Select **None** from the **Subject name format** list. Select **DNS name** from the **Include this information in alternate subject** list. Clear all other items.
|
||||
7. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list. Select **RSA** from the **Algorithm name** list. Type **2048** in the **Minimum key size** text box. Select **SHA256** from the **Request hash** list. Click **OK**.
|
||||
8. Close the console.
|
||||
@ -81,11 +82,12 @@ Sign-in a certificate authority or management workstations with _Enterprise Admi
|
||||
The certificate template is configured to supersede all the certificate templates provided in the certificate templates superseded templates list. However, the certificate template and the superseding of certificate templates is not active until you publish the certificate template to one or more certificate authorities.
|
||||
|
||||
> [!NOTE]
|
||||
> A domain controller's certificate must chain to a certificate in the NTAuth store in Active Directory. By default, online "Enterprise" Active Directory Certificate Authority certificates are added to the NTAuth store at installation time. If you are using a third-party CA, this is not done by default. If the domain controller certificate does not chain to a trusted CA in the NTAuth store, user authentication will fail.
|
||||
>
|
||||
> You can view an AD forest's NTAuth store (NTAuthCertificates) using PKIVIEW.MSC from an ADCS CA. Open PKIView.msc, then click the Action menu -> Manage AD Containers. To see all certificates in the NTAuth store, run **Certutil -viewstore -enterprise NTAuth** from the command-line interface (Cmd.exe).
|
||||
|
||||
### Publish Certificate Templates to a Certificate Authority
|
||||
> The domain controller's certificate must chain to a root in the NTAuth store. By default, the Active Directory Certificate Authority's root certificate is added to the NTAuth store. If you are using a third-party CA, this may not be done by default. If the domain controller certificate does not chain to a root in the NTAuth store, user authentication will fail.
|
||||
>you can view
|
||||
>
|
||||
>'''powershell
|
||||
>Certutil -view
|
||||
>Publish Certificate Templates to a Certificate Authority
|
||||
|
||||
The certificate authority may only issue certificates for certificate templates that are published to that certificate authority. If you have more than one certificate authority and you want that certificate authority to issue certificates based on a specific certificate template, then you must publish the certificate template to all certificate authorities that are expected to issue the certificate.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Configure Hybrid Windows Hello for Business - Group Policy
|
||||
title: Configure Hybrid Azure AD joined Windows Hello for Business - Group Policy
|
||||
description: Configuring Hybrid key trust Windows Hello for Business - Group Policy
|
||||
keywords: identity, PIN, biometric, Hello, passport, WHFB, Windows Hello, key trust, key-trust
|
||||
ms.prod: w10
|
||||
@ -13,10 +13,10 @@ manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/20/2018
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
---
|
||||
# Configure Hybrid Windows Hello for Business: Group Policy
|
||||
# Configure Hybrid Azure AD joined Windows Hello for Business: Group Policy
|
||||
|
||||
**Applies to**
|
||||
- Windows 10, version 1703 or later
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Configure Hybrid Windows Hello for Business key trust Settings
|
||||
title: Configure Hybrid Azure AD joined Windows Hello for Business key trust Settings
|
||||
description: Begin the process of configuring your hybrid key trust environment for Windows Hello for Business. Start with your Active Directory configuration.
|
||||
keywords: identity, PIN, biometric, Hello, passport, WHFB, hybrid, certificate-trust
|
||||
ms.prod: w10
|
||||
@ -13,18 +13,17 @@ manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/19/2018
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
---
|
||||
# Configure Hybrid Windows Hello for Business key trust settings
|
||||
# Configure Hybrid Azure AD joined Windows Hello for Business key trust settings
|
||||
|
||||
**Applies to**
|
||||
- Windows 10, version 1703 or later
|
||||
- Hybrid deployment
|
||||
- Key trust
|
||||
|
||||
|
||||
You are ready to configure your hybrid key trust environment for Windows Hello for Business.
|
||||
You are ready to configure your hybrid Azure AD joined key trust environment for Windows Hello for Business.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> Ensure your environment meets all the [prerequisites](hello-hybrid-key-trust-prereqs.md) before proceeding. Review the [New Installation baseline](hello-hybrid-key-new-install.md) section of this deployment document to learn how to prepare your environment for your Windows Hello for Business deployment.
|
||||
|
||||
Reference in New Issue
Block a user