Forum Discussion

StephanGee's avatar
StephanGee
Steel Contributor
Jul 31, 2024

Using CBA with a device certificate on Windows Server

Hi,

 

will it be possible to use CBA as "filter for devices" some day?

e.g. A Windows Server which is not hybrid joined or managed by Intune could then be identified as a "valid device" which is allowed to access Admin portal.

Like a RADIUS Auth.

 

BR

Stephan

  • Hi StephanGee

     

    With CBA, a certificate is associated with a user rather than a computer certificate. I doubt this will change in the near future. Personally, I prefer joining Windows Servers as Hybrid when there's a need to access an admin portal. Do you have any concerns or difficulties with this approach?

    • StephanGee's avatar
      StephanGee
      Steel Contributor
      I know there might be better solutions... (e.g. Windows365)
      But we have external suppliers that use a general login account. Therefore they are not hybrid joined, connecting from different IPs and cannot be recognized as threats.
      I then would have the possiblity to scope on these certificates as "allowed devices"

Resources