diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md index 84377c36b5..1b222da4f8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md @@ -1,5 +1,5 @@ --- -title: Using Certificates for AADJ On-premises Single-sign On single sign-on +title: Use Certificates to enable SSO for Azure AD join devices description: If you want to use certificates for on-premises single-sign on for Azure Active Directory-joined devices, then follow these additional steps. ms.date: 08/19/2018 appliesto: @@ -9,7 +9,7 @@ ms.topic: article # Using Certificates for AADJ On-premises Single-sign On -[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-keycert-trust-aad.md)] +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cert-trust-aad.md)] If you plan to use certificates for on-premises single-sign on, then follow these **additional** steps to configure the environment to enroll Windows Hello for Business certificates for Azure AD-joined devices. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md index b999c78a75..1acc6aa213 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md @@ -8,6 +8,8 @@ ms.topic: article --- # Azure AD Join Single Sign-on Deployment +[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-keycert-trust-aad.md)] + Windows Hello for Business combined with Azure Active Directory-joined devices makes it easy for users to securely access cloud-based resources using a strong, two-factor credential. Some resources may remain on-premises as enterprises transition resources to the cloud and Azure AD-joined devices may need to access these resources. With additional configurations to your current hybrid deployment, you can provide single sign-on to your on-premises resources for Azure Active Directory-joined devices using Windows Hello for Business, using a key or a certificate. ## Key vs. Certificate diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml index 17c221406d..4a54576434 100644 --- a/windows/security/identity-protection/hello-for-business/toc.yml +++ b/windows/security/identity-protection/hello-for-business/toc.yml @@ -22,15 +22,7 @@ - name: Deployment prerequisite overview href: hello-identity-verification.md - name: Cloud-only deployment - items: - - name: Azure AD join - href: hello-aad-join-cloud-only-deploy.md - - name: On-premises SSO for Azure AD joined devices - href: hello-hybrid-aadj-sso.md - - name: Configure Azure AD joined devices for on-premises SSO - href: hello-hybrid-aadj-sso-base.md - - name: Using certificates for on-premises SSO - href: hello-hybrid-aadj-sso-cert.md + href: hello-aad-join-cloud-only-deploy.md - name: Hybrid deployments items: - name: Cloud Kerberos trust deployment @@ -61,6 +53,10 @@ href: hello-hybrid-key-whfb-settings-policy.md - name: Sign-in and provision Windows Hello for Business href: hello-hybrid-key-whfb-provision.md + - name: On-premises SSO for Azure AD joined devices + href: hello-hybrid-aadj-sso.md + - name: Configure Azure AD joined devices for on-premises SSO + href: hello-hybrid-aadj-sso-base.md - name: Certificate trust deployment items: - name: Overview @@ -87,6 +83,12 @@ href: hello-hybrid-cert-whfb-settings-policy.md - name: Sign-in and provision Windows Hello for Business href: hello-hybrid-cert-whfb-provision.md + - name: On-premises SSO for Azure AD joined devices + href: hello-hybrid-aadj-sso.md + - name: Configure Azure AD joined devices for on-premises SSO + href: hello-hybrid-aadj-sso-base.md + - name: Using certificates for on-premises SSO + href: hello-hybrid-aadj-sso-cert.md - name: Planning for Domain Controller load href: hello-adequate-domain-controllers.md - name: On-premises deployments