In this use case, we’re going to deploy a Windows 10 machine using Windows Autopilot. Moving on, let’s peek at the configuration User accounts exist in both the cloud and on-premise AD. Since these are AADJ devices, they will not be part of the on-premise Active Directory. Machines are built using Windows Autopilot and joined to the Azure Active Directory (AADJ). Leverage Single Sign-On (SSO) access to on-premise resources:.Use Credential Guard to isolate and protect secrets (e.g., NTLM hashes / Kerberos ticket-granting tickets).Use TPM-backed certificate authentication to provide secure access to the end-user both in deployment and access to:.Use Windows Hello for Business for Multi-Factor Authentication (MFA) via biometric gestures and PIN for fallback.Provision the machine using Windows Autopilot and onboard the user using multi-factor authentication (sans password).As way of demonstrating the platform capability, we: Here we take a Windows 10 version 1803 client and join it to the tenant Azure Active Directory. Finally, a single sign-on (SSO) path back to on-premise resources is a must. We’ll use Windows Autopilot to kick start a hypothetical migration from hybrid to cloud-only, in doing so using Microsoft Intune as an alternate for SCCM and on-premise GPO, rolling out Windows Hello for Business as part of the process, together with Wireless 802.1X and AlwaysOn VPN profiles. Most customer configurations we come across are those where a Hybrid Azure AD-join configuration has been opted for, with the on-premise identity being the dominant one. We assume the customer is in possession of a hybrid infrastructure, with on-premise pieces (Active Directory Domain Services, Certificate Services etc.). In this post we describe one route to incorporating passwordless technology that leverages customer investment in the Microsoft cloud, specifically Enterprise Mobility + Security.
This article is also uploaded to the Route443 blog here. let’s jump right back in with some Single Sign-On (SSO) passwordless fun with Windows 10, Azure AD Join, Microsoft Intune and Windows Hello for Business.
0 kommentar(er)
