Forum Discussion
Cloud Trust and AD prerequisites
LainRobertsonthanks for you reply. The URL you referenced is related to Entra Password Protection which is already installed and working in our environment. My question was related to the Cloud Trust for Passwordless method as you see in this URL https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/deploy/#windows-server-requirements
. Thanks again for your time.
That table is referring solely to the operating system version, however, despite the new name (I've never heard of "Cloud Trust" before now), it reads identically to the Azure AD Kerberos trust authentication we set up back in late 2022. We use it for Azure SQL MI to get last-mile Windows-based resources onto Azure resources that only support Windows authentication, but the same mechanic is also used by Intune (and probably other things I'm unfamiliar with).
Cloud Kerberos guide:
Azure AD Kerberos incoming trust (from the Azure SQL MI documentation):
- How to set up Windows Authentication for Azure SQL Managed Instance using Microsoft Entra ID and Kerberos - Azure SQL Managed Instance | Microsoft Learn
- How to set up Windows Authentication for Microsoft Entra ID with the incoming trust-based flow - Azure SQL Managed Instance | Microsoft Learn
The reason I've linked the latter are that they mention having a minimum domain functional level of 2012, where the former article does not.
Given you're already on a higher domain functional level, there won't be any issues. The reason you see consistent references to Server 2016 and later is for the same reason I mentioned above, which is that they're still under mainstream or extended support.
Cheers,
Lain