Jul 20 2021
05:10 AM
- last edited on
Jan 14 2022
03:26 PM
by
TechCommunityAP
Jul 20 2021
05:10 AM
- last edited on
Jan 14 2022
03:26 PM
by
TechCommunityAP
Good morning !!! Hope you had a good start of the day.
I am actually setting up “WHfB with cert-trust-model” and have one quick and binary question. Appreciate your help.
Is "device writeback" mandatory for JUST "Windows-Hello Cert-Trust-Model" ?
I am NOT interested in obtaining enterprise-PRT through ADFS.
Mine is a simple use-case of Hybrid Azure AD join authentication using a Certificate
MS has done a good job depicting the flow below but if you focus on the bottom part of the flow where “certificate-creation-request” is sent from the hybrid-device to “Certificate-RA”, my understanding is, that request NEED NOT have to be signed by the device-private-key.
Of course user-key or at least user-key-receipt is needed but cert-generation is NOT dependent on device-writeback.
Later on, if enterprise-PRT through ADFS is requested then definitely device-writeback is mandatory but that is not I am interested in.
Am I correct in my understanding ?
Thanks.