Forum Discussion
How to: Enabling MFA for Active Directory Domain Admins with Passwordless Authentication
Administer on premise Active Directory
Using Azure Passwordless Authentication
removing Domain Admins passwords
Hello Guys,
I am here just to...
Hi Stefano, Try to update the GPO admx templates on the domain following : https://docs.microsoft.com/en-us/troubleshoot/windows-client/group-policy/create-and-manage-central-store
Hello
I've followed the steps provided but I've some problems.
After creating the GPO to enable the security key login and applied to the Test PC it doesn't show up additional login providers, only the classic username and password.
Thee same on a windows 2016 test server.
Am I missing anything?
I've followed the steps provided but I've some problems.
After creating the GPO to enable the security key login and applied to the Test PC it doesn't show up additional login providers, only the classic username and password.
Thee same on a windows 2016 test server.
Am I missing anything?
- Confirm Hybrid Device Join is working properly. Confirm your Windows 10 version 2004+ PC are Hybrid Device Joined : dsregcmd /status must report AzurePRT ON. Review other requirements : https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises
- after updating the W10 client to the latest feature now I have the option to select the Sign-in via USB.
Still having issue with the windows 2016 server tough which is not joining Azure AD
Thanks - A part from being able to authenticate my issue is that the option of selecting the usb key does not appear at all on the client, and I supposed this should be enabled by the GPO.
The client is showing as joined into the azure portal.
The test server, however, is not joining the hybrid configuration even if I configured AD connect to do it- Hello please, for the FIDO sign on, review requirements here https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key and here https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises , after, enable the GPO turn on security key sign on. Check windows 10 version at least 2004. Currently FIDO sign in is not supported on servers but you can use FIDO to SSO to services after physically signed to a Windows machines . To test don't use RDP/virtualization .. FIDO keys must be used physically.