S01E20 - Using Windows Hello for Business to Access On-Premises Resources - (I.T)

Published: Nov 19, 2019 by Intune.Training

In this episode, Steve and Adam struggle to get Windows Hello for Business working using the Hybrid Key trust. Hybrid Key Trust will allow you to access on-premises resources using Windows Hello for Business credentials.

• 00:00 - Intro
• 02:58 - Part 1
• 07:35 - Azure AD join accessing on-premises resources
• 12:26 - Setting up Windows Hello for Business with Intune
  https://microscott.azurewebsites.net/2017/12/16/setting-up-windows-hello-for-business-with-intune/
  https://twitter.com/scottduf
• 15:00 - Configure Azure AD Connection
• 16:59 - Set extra permissions for Azure AD Connect Service Account
• 18:51 - Configure a new KDC Certificate Template
• 25:37 - Certificate CRL
• 35:06 - dsregcmd /status
• 39:03 - Updating DC certificate
• 43:00 - Ldp
• 50:46 - Using Setupconfig.ini to Manage Feature Updates in the Enterprise
  https://www.asquaredozen.com/2019/08/25/windows-10-feature-updates-using-setupconfig-ini-to-manage-feature-updates-in-the-enterprise/
• 1:15:56 - Part 2
• 1:19:45 - Configure Azure AD Connection
• 1:20:19 - Configure Windows Hello client settings
• 1:21:34 - Configure a new KDC Certificate Template
• 1:25:42 - Create trusted certificate profiles
  https://docs.microsoft.com/mem/intune/protect/certificates-configure#create-trusted-certificate-profiles
• 1:28:03 - CRL Distribution Point
• 1:43:53 - Windows Hello for Business documentation
  https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-identity-verification
• 1:44:51 - Configure Hybrid Windows Hello for Business: Public Key Infrastructure
  https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki
• 1:45:21 - Configure Azure AD joined devices for On-premises Single-Sign On using Windows Hello for Business
  https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base
• 1:47:50 - Hybrid Windows Hello for Business Provisioning
  https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision#provisioning
• 1:49:30 - Success

We started using this guide but the content was missing some bits. https://microscott.azurewebsites.net/2017/12/16/setting-up-windows-hello-for-business-with-intune/

We then switched to Microsoft’s docs for it. https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso

Here’s the starting point for WHfB. https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-identity-verification