Forum Discussion
Windows hello for business for Hybrid Entra Join
Environment: -No UPN matching between onprem AD and Azure, Third party federation and User provisioning . -Hybrid Entra Joined devices -Enrolled to Intune using device credentials as SCCM is setup...
Hi, i’ve written a guide on this maybe this can help you out. Check it out here: https://intunestuff.com/2024/07/02/cloud-kerberos-trust-wfhb-intune/
- Thanks for your reply, The pre-requisites for Kerberos is kinda what the problem is here which is why I posted this topic.
A DC (server 2016 or 2019 with the latest updates) -> Available (Any DC? We have multiple DCs for different domains due to mergers, etc...)
MFA --------> What kind of MFA? As third party is also providing MFA currently as identity is third party federated.
AzureAD AD Kerberos powershell module-> Available
AD Connect configured (I have User Sync, Password Hash Sync, Password Writeback enabled in my Demo lab) -----------------> Not available, Ad connect is setup to sync computers only, reason being users are third party federated and provisioned(domain is changed to cloud domain upon provisioning by third party ) i.e. no upn match between onpremise AD and Cloud.
A client PC (Windows 10 or Windows 11 with the latest updates) -> Available
An intune license ->Available
A device or VM with a TPM 2.0 chip -> Available
