Event banner
Event details
As an organisation we work primarily in less developed countries with poor quality, unreliable, high-latency and low-bandwidth Internet connections. This means our on-premises servers are frequently available, but cloud connectivity may not be on occasions.
We have on-premises domain controllers linked to Azure Active Directory. Which of the following deployment model for Windows Hello for Business model would you recommend in these scenarios?
- Cloud Kerberos trust
- Certificate trust
- Key trust
- Sean_McLaren
Microsoft
If your environment is all Windows 10 21H2 or newer, we recommend Cloud Kerberos Trust. It will require the least amount of setup work and you will also want to ensure you have completed all of the SSO for Azure AD Joined devices setup requirements for access to your server resources when connected over the VPN or in an office. You will have to have full connectivity for the provisioning process, but once you have successfully provisioned Windows Hello, your Windows clients will cache your credentials allowing you to sign into the machine even if the network service connectivity is offline or your servers are unreachable.
Eligible customers with 150 or more qualifying licenses, you may also request help from our FastTrack services for Windows Hello setup guidance.- OK - what user experience can we expect if a user signs in for the first time without cloud connection, under Cloud Kerberos Trust?
- Sean_McLarenYou will have the same sign in experience you do today with a cached credential. They can still use Windows Hello to sign into Windows (PIN or biometric) and work offline.
