![]() Requirements check-list (per Windows Hello for Business trust model): Cloud-trust ![]() Now you know why you should replace your current setup or build your new setup with Windows Hello for Business cloud trust, lets first have a look at the requirements. No ADFS deployment required (only applicable for cert-trust deployments).No device write-back required (only applicable for cert-trust deployments).No Azure AD Connect synchronization dependency for writing back the Windows Hello for Business Public key to Active Directory.No PKI infrastructure is required, meaning no CRL replacement.Simple Windows Hello for Business deployment model.To summarize in short the reasons why you should move away from Windows Hello for Business key-trust to Windows Hello for Business cloud-trust are: Therefore, we need to wait for the sync interval to run before we can use the Windows Hello for Business credentials for on-premises resources (by default the synchronization interval of Azure AD Connect is set to 30 minutes). The last point is quite important with new device deployments or re-enrollments in Windows Hello for Business, this as with key-trust we have a dependency on Azure AD Connect which does a write-back of the public key to Active Directory. But even more important we can get rid of the synchronization of the public key to Active Directory. This new cloud-trust model has the advantage that we don’t require a PKI infrastructure, therefore we don’t need to publish the CRL and don’t need to put a certificate on domain controllers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |