Forum Discussion
Logging on to Remote Desktop using Windows Hello for Business & Biometrics
Although late, we have published information around WHfB with RDP :
MicrosoftAnders Gidlund you can follow the guide for using certificates with Azure AD Joined devices to enable SSO with Windows Hello for Business to on-prem (Using Certificates for AADJ On-premises Single-sign On single sign-on - Microsoft 365 Security | Microsoft Docs). For Azure AD Joined devices, AD FS cannot be used as a certificate RA so Intune and NDES have to be used to distribute certs. The method isn't unique to Azure AD Join and can be done with any modern managed device.
Matthew_Palko sorry If I am dumb, but I just want to make this clear.
Im setting up a Key Trust because I do not and cannot use ADFS in our environment. Youre referring to a guide for a Certificate Trust setup.
Im using these guides:
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki
Do you mean that I can setup a Key Trust deployment without ADFS and then just install NDES like in the guide your linking to (starting from here: https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert#install-and-configure-the-ndes-role) and then have functionality to login using WHfB to on-premises RDS servers?
Anders Gidlund I think that’s what he’s saying.
this is what we’ve done and it works perfectly
- Great! I will try this! Thanks!
