Forum Discussion

rahuljindal's avatar
rahuljindal
Bronze Contributor
Jun 16, 2022

Windows Hello for Business HAADJ & AADJ

I have a customer who wants to implement Windows Hello for Business. The devices are Co-managed and are HAADJ. The infrastructure is meeting all the pre-reqs for a KEY trust method so I am planning t...
Intune
mobile device management (mdm)
rahuljindal's avatar
rahuljindal
Bronze Contributor
Jun 16, 2022

Thanks for the response. I should have mentioned that I had already gone through the official documents before posting over here. Windows hello for business works out of the box for AAD devices. It doesn't need to authenticate with AD. However, what I am trying to establish is whether this can work along side hybrid setup for Windows hello for business to support HAADJ devices or not. If not and if AADJ devices do need to authenticate with AD for Windows Hello then will setting up CRL an absolute requirement?

Oktay Sari's avatar
Oktay Sari
Iron Contributor
Jun 16, 2022

Hi rahuljindal, I haven't had to deal with the exact same scenario you describe before so can't give you a definitive answer. However, in this case, personally I would configure WhfB from the https://endpoint.microsoft.com/#blade/Microsoft_Intune_Workflows/SecurityManagementMenu/accountprotection blade and target a test group. This way you can test and see if this kind of configuration meets your requirements fairly easy, and it won't affect production users.

 

Hope this helps (or that someone else can help you out with a better answer)

regards

Oktay

  • rahuljindal's avatar
    rahuljindal
    Bronze Contributor
    Jun 16, 2022
    Thanks. I intend to use the same. Cheers.