deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-11 21:07:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md
Paolo Matarazzo 3e9b5143c1 updates
2022-11-18 16:37:54 -05:00

2.9 KiB
Raw Blame History

title, description, ms.date, appliesto, ms.topic
title description ms.date appliesto ms.topic
Configure Device Registration for Hybrid Azure AD joined key trust Windows Hello for Business Azure Device Registration for Hybrid Certificate Key Deployment (Windows Hello for Business) 05/04/2022
<a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
article

Configure Device Registration for Hybrid Azure AD joined key trust Windows Hello for Business

[!INCLUDE hello-hybrid-key-trust]

You're ready to configure device registration for your hybrid environment. Hybrid Windows Hello for Business deployment needs device registration to enable proper device authentication.

Note

Before proceeding, you should familiarize yourself with device registration concepts such as:

  • Azure AD registered devices
  • Azure AD-joined devices
  • Hybrid Azure AD-joined devices

You can learn about this and more by reading What is a device identity

Configure Hybrid Azure AD join

Begin configuring device registration to support Hybrid Windows Hello for Business by configuring device registration capabilities in Azure AD.

Follow the guidance on the How to configure hybrid Azure Active Directory-joined devices page. In the Select your scenario based on your identity infrastructure section, identify your configuration (either Managed environment or Federated environment) and perform only the steps applicable to your environment.

If the user principal name (UPN) in your on-premises Active Directory is different from the UPN in Azure AD, you also need to complete the following steps:

  • Configure Azure AD Connect to sync the user's on-premises UPN to the onPremisesUserPrincipalName attribute in Azure AD.
  • Add the domain name of the on-premises UPN as a verified domain in Azure AD.

You can learn more about this scenario by reading Review on-premises UPN support for Hybrid Azure Ad join.

Note

Windows Hello for Business Hybrid key trust is not supported if your users' on-premises domain cannot be added as a verified domain in Azure AD.

Follow the Windows Hello for Business hybrid key trust deployment guide

  1. Overview
  2. Prerequisites
  3. New installation baseline
  4. Configure directory synchronization
  5. Configure Azure Device Registration (you're here)
  6. Configure Windows Hello for Business settings
  7. Sign-in and provision