deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 05:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md

Browse Source
This commit is contained in:
MaratMussabekov 2022-03-22 08:59:46 +05:00 committed by GitHub
parent 62f1a1424d
commit d52acf881f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
View File

@ -29,6 +29,9 @@ The credentials are placed in Credential Manager as a "\*Session" credential.
A "\*Session" credential implies that it is valid for the current user session. A "\*Session" credential implies that it is valid for the current user session.
The credentials are also cleaned up when the WiFi or VPN connection is disconnected. The credentials are also cleaned up when the WiFi or VPN connection is disconnected.
> [!NOTE]
> In Windows 10 version 21h2 or newer, "\*Session" credential is not visible in Credential Manager.
For example, if someone using Microsoft Edge tries to access a domain resource, Microsoft Edge has the right Enterprise Authentication capability. This allows [WinInet](/windows/win32/wininet/wininet-reference) to release the credentials that it gets from the Credential Manager to the SSP that is requesting it. For example, if someone using Microsoft Edge tries to access a domain resource, Microsoft Edge has the right Enterprise Authentication capability. This allows [WinInet](/windows/win32/wininet/wininet-reference) to release the credentials that it gets from the Credential Manager to the SSP that is requesting it.
For more information about the Enterprise Authentication capability, see [App capability declarations](/windows/uwp/packaging/app-capability-declarations). For more information about the Enterprise Authentication capability, see [App capability declarations](/windows/uwp/packaging/app-capability-declarations).
@ -93,4 +96,4 @@ Domain controllers must have appropriate KDC certificates for the client to trus
Domain controllers must be using certificates based on the updated KDC certificate template Kerberos Authentication. Domain controllers must be using certificates based on the updated KDC certificate template Kerberos Authentication.
This requires that all authenticating domain controllers run Windows Server 2016, or you'll need to enable strict KDC validation on domain controllers that run previous versions of Windows Server. This requires that all authenticating domain controllers run Windows Server 2016, or you'll need to enable strict KDC validation on domain controllers that run previous versions of Windows Server.
For more information, see [Enabling Strict KDC Validation in Windows Kerberos](https://www.microsoft.com/download/details.aspx?id=6382). For more information, see [Enabling Strict KDC Validation in Windows Kerberos](https://www.microsoft.com/download/details.aspx?id=6382).