as per internal discussion and tests, we confirmed with engineering team there is a known issue between cloud trust and real RODC:
1. WHfB Cloud trust would only work with RODC if the user’s password can’t be cached by that RODC (as per the password replicdation policy). that is, RODC will to return TGT_Revoked to the client after successfully verifying the partial tgt from WHfB cloud trust client if the user is supposed to have a password cached locally on local RODC.
2. Auth can be successful if the same RODC has KDC certs and then it can failover to Key trust.
The code changes include updating the FAQ and index files for the Windows Hello and Windows Hello for Business documentation. The changes provide clearer explanations of the differences between the two authentication technologies and highlight the security features of Windows Hello for Business.
Recent user commits:
- Merge pull request #10135 from MicrosoftDocs/main: OOB publish main to live: Remove & redirect Store for Business
- Merge pull request #10134 from MicrosoftDocs/ADO-9268422-retire-store-for-business: [ADO 9268422] Retire Store for Business
- Configure store for business as is_archived and is_retired
- Delete content in ./store-for-business/
- Redirect articles in ./store-for-business/ to "/microsoft-365/admin/"
- Merge pull request #10133 from MicrosoftDocs/main: Publish main to live 08/19/2024, 3:30 PM
- Merge pull request #11932 from joeltuckwell/patch-1: Update applications-that-can-bypass-wdac.md to fix MSBuild.exe original filename case
- Merge pull request #10132 from MicrosoftDocs/main: Publish main to live, Friday 10:30AM PDT, 08/19
- Merge pull request #10128 from vinaypamnani-msft/vp-csp-surfacehub: Add UpdateBootManager to Surface Hub CSP
- Merge branch 'main' into vp-csp-surfacehub
Recent repository commits:
- Merge pull request #10135 from MicrosoftDocs/main: OOB publish main to live: Remove & redirect Store for Business
- Merge pull request #10134 from MicrosoftDocs/ADO-9268422-retire-store-for-business: [ADO 9268422] Retire Store for Business
- Configure store for business as is_archived and is_retired
- Delete content in ./store-for-business/
- Redirect articles in ./store-for-business/ to "/microsoft-365/admin/"
- Merge pull request #10133 from MicrosoftDocs/main: Publish main to live 08/19/2024, 3:30 PM
- Merge pull request #11932 from joeltuckwell/patch-1: Update applications-that-can-bypass-wdac.md to fix MSBuild.exe original filename case
- Merge pull request #10132 from MicrosoftDocs/main: Publish main to live, Friday 10:30AM PDT, 08/19
- Merge pull request #10128 from vinaypamnani-msft/vp-csp-surfacehub: Add UpdateBootManager to Surface Hub CSP
- Merge branch 'main' into vp-csp-surfacehub
