deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-11 21:07:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md
Paolo Matarazzo 3e9b5143c1 updates
2022-11-18 16:37:54 -05:00

2.6 KiB
Raw Blame History

title, description, ms.date, appliesto, ms.topic
title description ms.date appliesto ms.topic
Configure Directory Synchronization for Hybrid Azure AD joined key trust Windows Hello for Business Azure Directory Synchronization for Hybrid Certificate Key Deployment (Windows Hello for Business) 4/30/2021
<a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
article

Configure Directory Synchronization for Hybrid Azure AD joined key trust Windows Hello for Business

[!INCLUDE hello-hybrid-key-trust]

You are ready to configure directory synchronization for your hybrid environment. Hybrid Windows Hello for Business deployment needs both a cloud and an on-premises identity to authenticate and access resources in the cloud or on-premises.

Deploy Azure AD Connect

Next, you need to synchronize the on-premises Active Directory with Azure Active Directory. To do this, first review the Integrating on-prem directories with Azure Active Directory and hardware and prerequisites needed and then download the software.

Note

If you installed Azure AD Connect prior to upgrading the schema, you will need to re-run the Azure AD Connect installation and refresh the on-premises AD schema to ensure the synchronization rule for msDS-KeyCredentialLink is configured.


If the user principal name (UPN) in your on-premises Active Directory is different from the UPN in Azure AD, you also need to complete the following steps:

  • Configure Azure AD Connect to sync the user's on-premises UPN to the onPremisesUserPrincipalName attribute in Azure AD.
  • Add the domain name of the on-premises UPN as a verified domain in Azure AD.

Note

Windows Hello for Business Hybrid key trust is not supported if your users' on-premises domain cannot be added as a verified domain in Azure AD.

Follow the Windows Hello for Business hybrid key trust deployment guide

  1. Overview
  2. Prerequisites
  3. New Installation Baseline
  4. Configure Directory Synchronization (You are here)
  5. Configure Azure Device Registration
  6. Configure Windows Hello for Business settings
  7. Sign-in and Provision