deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 19:03:46 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md

Browse Source 
Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>
This commit is contained in:
Orlando Rodriguez
2019-05-13 11:57:49 -05:00
committed by GitHub
parent 0698551ddb
commit d42a7b0c3b
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
View File

@ -58,7 +58,7 @@ The Windows Hello for Business deployment depends on an enterprise public key in
Key trust deployments do not need client issued certificates for on-premises authentication. Active Directory user accounts are automatically configured for public key mapping by Azure AD Connect synchronizing the public key of the registered Windows Hello for Business credential to an attribute on the user's Active Directory object. Key trust deployments do not need client issued certificates for on-premises authentication. Active Directory user accounts are automatically configured for public key mapping by Azure AD Connect synchronizing the public key of the registered Windows Hello for Business credential to an attribute on the user's Active Directory object.
The minimum required enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012, but you can use a 3rd Party enterprise certification authority too. The detailed requieriments for the Domain Controller certificate are shown below. The minimum required enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012, but you can also use a third-party enterprise certification authority. The detailed requirements for the Domain Controller certificate are shown below.
* The certificate must have a CRL distribution-point extension that points to a valid certificate revocation list (CRL). * The certificate must have a CRL distribution-point extension that points to a valid certificate revocation list (CRL).
* Optionally, the certificate Subject section should contain the directory path of the server object (the distinguished name) * Optionally, the certificate Subject section should contain the directory path of the server object (the distinguished name)