Using CBA with a device certificate on Windows Server

Steel Contributor

Hi,

 

will it be possible to use CBA as "filter for devices" some day?

e.g. A Windows Server which is not hybrid joined or managed by Intune could then be identified as a "valid device" which is allowed to access Admin portal.

Like a RADIUS Auth.

 

BR

Stephan

2 Replies

Hi @StephanGee

 

With CBA, a certificate is associated with a user rather than a computer certificate. I doubt this will change in the near future. Personally, I prefer joining Windows Servers as Hybrid when there's a need to access an admin portal. Do you have any concerns or difficulties with this approach?

I know there might be better solutions... (e.g. Windows365)
But we have external suppliers that use a general login account. Therefore they are not hybrid joined, connecting from different IPs and cannot be recognized as threats.
I then would have the possiblity to scope on these certificates as "allowed devices"