Hello Anubhavin, In Hybrid Environment, does Computers joined to Local AD or Azure AD ? Also, 9:42 Are you logging to local domain to see if you get Hello PIN or you are logging to Azure AD? The Certificate thing that you did on Server, Do we have import that Cert on Domain Joined PC or it will just stick to Domain Controller ?
I like the level of detail, Anubhav. Great video. One thing I don't understand is why we need to install a root certificate if we are doing hybrid key-based authentication? Your note says "Certificate on DC" is "For Azure AD joined devices" Do we still need to follow the installation of the cert?
Does the PIN work for any device the user logged on or only on that device? Because I have enabled the Windows Hello for everyone under Windows Enrolment without any certificates on DC and users are able to Set PIN and use Windows Hello for Business. I want to understand what is the difference?
Super informative. I was driving nuts to find the suitable hybrid WHFB
Hello Anubhavin, In Hybrid Environment, does Computers joined to Local AD or Azure AD ?
Also, 9:42 Are you logging to local domain to see if you get Hello PIN or you are logging to Azure AD?
The Certificate thing that you did on Server, Do we have import that Cert on Domain Joined PC or it will just stick to Domain Controller ?
I like the level of detail, Anubhav. Great video.
One thing I don't understand is why we need to install a root certificate if we are doing hybrid key-based authentication? Your note says "Certificate on DC" is "For Azure AD joined devices"
Do we still need to follow the installation of the cert?
Limited to the essentials and easy to follow. Thumb up!
Thank you very much for this video, very easy to understand and gave me great fundamentals of what I need to know to implement WHFB. Thanks! Martin
Great video. How do I get this to work with AVD as well? It asks user for PIN, but PIN login to AVD doesn't works.
Since your devices on AD joined on-prem you don't need to configure the CLR Distribution point?
Got stuck on the Certificate Authority issuing the cert. I have no certificates there at all.
Really appreciate your video presentation. I liked it.
is that the Certificate Server also a domain controller ? I have 2 domain controllers, 1 of them is primary and have Azure AD Connect
That's fine
Great video. With this setup, will an Azure AD Joined computer be able to access on-premise resources if the end user signs in with PIN or biometric?
Wondering the same
@Anubhavin If I do not enable MFA, will I get MFA prompt at the time of changing sign-in?
Does the PIN work for any device the user logged on or only on that device? Because I have enabled the Windows Hello for everyone under Windows Enrolment without any certificates on DC and users are able to Set PIN and use Windows Hello for Business. I want to understand what is the difference?
Thank you for creating this informative video, Anubhav. Have you tried Certificate based trust type hybrid deployment also?
No
How do I transfer the workload from SCCM to intune? and why would you need to do this if the device is co-managed?