From f9428cbd5cf7917295207e3c69c9e0e563ec90df Mon Sep 17 00:00:00 2001 From: Nagappan Veerappan Date: Tue, 26 Jan 2021 10:22:17 -0800 Subject: [PATCH] Update hello-key-trust-adfs.md added Cname required for enterpriseregistration entry for on-prem ADFS device registration --- .../hello-for-business/hello-key-trust-adfs.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md index a908e96533..39091b5f6e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md @@ -298,8 +298,14 @@ Sign-in the domain controller or administrative workstation with domain administ 3. In the navigation pane, select the node that has the name of your internal Active Directory domain name. 4. In the navigation pane, right-click the domain name node and click **New Host (A or AAAA)**. 5. In the **name** box, type the name of the federation service. In the **IP address** box, type the IP address of your federation server. Click **Add Host**. +6. Right-click the domain_name node, and then click New Alias (CNAME). +7. In the New Resource Record dialog box, type enterpriseregistration in the Alias name box. +8. In the fully qualified domain name (FQDN) of the target host box, type federation_service_farm_name.domain_name.com, and then click OK. 6. Close the DNS Management console +Note: if your forest has multiple UPN suffix. please make sure, you have enterpriseregistration.upnsuffix.com present for each suffix + + ## Configure the Intranet Zone to include the federation service The Windows Hello provisioning presents web pages from the federation service. Configuring the intranet zone to include the federation service enables the user to authenticate to the federation service using integrated authentication. Without this setting, the connection to the federation service during Windows Hello provisioning prompts the user for authentication.