Forum Discussion
Windows Hello for Business HAADJ & AADJ
I have a customer who wants to implement Windows Hello for Business. The devices are Co-managed and are HAADJ. The infrastructure is meeting all the pre-reqs for a KEY trust method so I am planning t...
I would use the new Hybrid Trust model before dive in to CRL, it should be complete replacement for that complex infrastructure. Cloud trust uses Azure AD Kerberos that doesn't require any PKI to get the user a TGT.
Fyi, I use it for authenticating Azure AD devices against traditional file share using WHFB, it’s magic, no certificate server. It should cover Hybrid Devices with WHFB as well.
Moe
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust
Thanks Moe. I will love to use it, but since it is in still in preview and considering the limitations, unfortunately I can't implement this just yet.