Forum Discussion
On-prem access from an aad joined device with Windows Hello for Business
Recently one of my clients asked me to setup Windows Hello for Business as part of our Modern IT Management PoC. So currently they are using convenience pin and the use case was that on their Modern ...
Do you happen to know if renewing and rekeying ath Domain controller certificate as one of those steps adding the new CDP etc. will have any effects on current client machines etc?
Great discussion! One thing to point out that is not clearly mentioned for the Key Trust model is that you need to deploy a new certificate template to your domain controllers: the Kerberos Authentication template instead of the default Domain Controller Authentication template. It's not enough to add KDC Authentication in Intended Purposes on the old default template since this template does not have the FQDN of the domain in the certificate.