cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

WHfB with cert-trust-model

testuser7
Brass Contributor

‎Jul 20 2021 05:10 AM - last edited on ‎Jan 14 2022 03:26 PM by

‎Jul 20 2021 05:10 AM - last edited on ‎Jan 14 2022 03:26 PM by

WHfB with cert-trust-model

Good morning !!!  Hope you had a good start of the day.

 

I am actually setting up  “WHfB with cert-trust-model”  and  have one quick and binary question. Appreciate your help.

 

Is "device writeback" mandatory for JUST "Windows-Hello Cert-Trust-Model" ?

I am NOT interested in obtaining enterprise-PRT through ADFS.

Mine is a simple use-case of Hybrid Azure AD join authentication using a Certificate

 

 

MS has done a good job depicting the flow below but if you focus on the bottom part of the flow where “certificate-creation-request”  is sent from the hybrid-device to  “Certificate-RA”,  my understanding is,  that request  NEED NOT have to be signed by the device-private-key.

 

Of course  user-key or at least  user-key-receipt  is needed but  cert-generation is NOT dependent on device-writeback.

Later on, if enterprise-PRT through ADFS is requested then definitely device-writeback is mandatory  but that is not I am interested in.

 

Am I correct in my understanding ?

 

Thanks.

 

 

testuser7_0-1626782948312.jpeg

 

 

586 Views
0 Likes
0 Replies
Reply
0 Replies