{"id":1307,"date":"2022-07-15T07:00:00","date_gmt":"2022-07-15T05:00:00","guid":{"rendered":"https:\/\/scloud.work\/?p=1307"},"modified":"2023-08-18T09:16:04","modified_gmt":"2023-08-18T07:16:04","slug":"windows-hello-for-business-cloud-trust-hybrid","status":"publish","type":"post","link":"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/","title":{"rendered":"Windows Hello for Business - Cloud Trust - Hybrid"},"content":{"rendered":"\n<p>With the \"Hybrid Cloud Trust Deployment\" it is finally possible to log on to local \/ on-premises resources with Windows Hello (face, PIN, key) without much effort. This was previously only possible with great effort and in connection with a CA (Certificate Authority). <\/p>\n\n\n<h2 class=\"simpletoc-title\">Table of Contents<\/h2>\n<ul class=\"simpletoc-list\">\n<li><a href=\"#voraussetzungen\">Requirements<\/a>\n\n<\/li>\n<li><a href=\"#azure-ad-konfiguration-kerberos\">Azure AD Configuration - Kerberos<\/a>\n\n<\/li>\n<li><a href=\"#windows-hello-for-business-richtline-mit-intune\">Windows Hello for Business policy with Intune<\/a>\n\n\n<ul><li>\n<a href=\"#windows-hello-for-business-aktivieren\">Activate Windows Hello for Business<\/a>\n\n\n<ul><li>\n<a href=\"#aktivierung-tenantweit\">Activation tenant-wide<\/a>\n\n<\/li>\n<li><a href=\"#aktivierung-mit-einer-richtlinie\">Activation with a policy<\/a>\n\n<\/li>\n<\/ul>\n<li><a href=\"#cloud-trust-richtline-erstellen\">Create Cloud Trust Policy<\/a>\n\n<\/li>\n<\/ul>\n<li><a href=\"#summary\">Summary<\/a>\n<\/li><\/ul>\n\n\n<p><\/p>\n\n\n<h2 class=\"wp-block-heading\" id=\"voraussetzungen\">Requirements<\/h2>\n\n\n<ul>\n<li>Windows 10, version 21H2 or Windows 11<\/li>\n\n\n\n<li>Multi factor authentication<\/li>\n\n\n\n<li>Fully patched Windows Server 2016 or later domain controllers<\/li>\n\n\n\n<li>Azure AD Kerberos PowerShell module<\/li>\n\n\n\n<li>MDM managed device<\/li>\n<\/ul>\n\n\n<h2 class=\"wp-block-heading\" id=\"azure-ad-konfiguration-kerberos\">Azure AD Configuration - Kerberos<\/h2>\n\n\n<p>First we install the module, for example on the Azure AD Connect Server. The easiest way to do this is with PowerShell (as admin):<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-1\" data-shcb-language-name=\"PowerShell\" data-shcb-language-slug=\"powershell\"><span><code class=\"hljs language-powershell\"><span class=\"hljs-comment\"># First, ensure TLS 1.2 for PowerShell gallery access.<\/span>\n&#91;<span class=\"hljs-type\">Net.ServicePointManager<\/span>]::SecurityProtocol = &#91;<span class=\"hljs-type\">Net.ServicePointManager<\/span>]::SecurityProtocol <span class=\"hljs-operator\">-bor<\/span> &#91;<span class=\"hljs-type\">Net.SecurityProtocolType<\/span>]::Tls12\n\n<span class=\"hljs-comment\"># Install the Azure AD Kerberos PowerShell Module.<\/span>\n<span class=\"hljs-built_in\">Install-Module<\/span> <span class=\"hljs-literal\">-Name<\/span> AzureADHybridAuthenticationManagement <span class=\"hljs-literal\">-AllowClobber<\/span><\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-1\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PowerShell<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">powershell<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>Second, we now create the Kerberos server object:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-2\" data-shcb-language-name=\"PowerShell\" data-shcb-language-slug=\"powershell\"><span><code class=\"hljs language-powershell\"><span class=\"hljs-variable\">$Domain<\/span> = <span class=\"hljs-variable\">$env:USERDNSDOMAIN<\/span>\n<span class=\"hljs-variable\">$CloudUPN<\/span> = <span class=\"hljs-built_in\">Read-Host<\/span> <span class=\"hljs-string\">\"A Global Administrator in your Azure AD.\"<\/span>\n<span class=\"hljs-variable\">$DomainCred<\/span> = <span class=\"hljs-built_in\">Get-Credential<\/span> <span class=\"hljs-literal\">-Message<\/span> <span class=\"hljs-string\">'An Active Directory user who is a member of the Domain Admins group.'<\/span> <span class=\"hljs-comment\"># local AD Admin<\/span>\n\n<span class=\"hljs-comment\"># Create and publish the new Azure AD Kerberos Server object<\/span>\n<span class=\"hljs-built_in\">Set-AzureADKerberosServer<\/span> <span class=\"hljs-literal\">-Domain<\/span> <span class=\"hljs-variable\">$Domain<\/span> <span class=\"hljs-literal\">-UserPrincipalName<\/span> <span class=\"hljs-variable\">$CloudUPN<\/span> <span class=\"hljs-literal\">-DomainCredential<\/span> <span class=\"hljs-variable\">$DomainCred<\/span>\n\n<span class=\"hljs-comment\"># Verify Kerberos object<\/span>\n<span class=\"hljs-built_in\">Get-AzureADKerberosServer<\/span> <span class=\"hljs-literal\">-Domain<\/span> <span class=\"hljs-variable\">$domain<\/span> <span class=\"hljs-literal\">-UserPrincipalName<\/span> <span class=\"hljs-variable\">$CloudUPN<\/span> <span class=\"hljs-literal\">-DomainCredential<\/span> <span class=\"hljs-variable\">$domainCred<\/span>\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-2\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PowerShell<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">powershell<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-video\"><video controls src=\"https:\/\/scloud.work\/wp-content\/uploads\/2022\/03\/Create-a-Kerberos-Server-object.mp4\"><\/video><\/figure>\n\n\n\n<p><\/p>\n\n\n<h2 class=\"wp-block-heading\" id=\"windows-hello-for-business-richtline-mit-intune\">Windows Hello for Business policy with Intune<\/h2>\n\n\n<p>Intune makes it very easy to configure the policy.<br><em>If you have a local infrastructure and want to distribute the policy with GPO's, you must have the ADMX files up to date. Microsoft has a post about this in the Docs:&nbsp;<a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/identity-protection\/hello-for-business\/hello-hybrid-cloud-trust#configure-using-group-policy\">Hybrid Cloud Trust Deployment (Windows Hello for Business) - Windows security | Microsoft Docs<\/a><\/em><\/p>\n\n\n<h3 class=\"wp-block-heading\" id=\"windows-hello-for-business-aktivieren\">Activate Windows Hello for Business<\/h3>\n\n\n<p>To enable Windows Hello for Business, you can either do it tenant-wide or just for a group with a policy.<\/p>\n\n\n<h4 class=\"wp-block-heading\" id=\"aktivierung-tenantweit\">Activation tenant-wide<\/h4>\n\n\n<p>You can activate tenant-wide under \"<a href=\"https:\/\/endpoint.microsoft.com\/#blade\/Microsoft_Intune_DeviceSettings\/DevicesWindowsMenu\/windowsEnrollment\" target=\"_blank\" rel=\"noreferrer noopener\">Devices &gt; Windows &gt; Windows enrollment<\/a>\". If you choose this option, all devices will ask for the Windows Hello configuration during enrollment.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/scloud.work\/wp-content\/uploads\/2022\/03\/image-27.png\"><img decoding=\"async\" src=\"https:\/\/scloud.work\/wp-content\/uploads\/2022\/03\/image-27-1024x484.png\" alt=\"Enable Windows Hello for Business, Tenant-wide\" class=\"wp-image-1360\"\/><\/a><\/figure>\n\n\n<h4 class=\"wp-block-heading\" id=\"aktivierung-mit-einer-richtlinie\">Activation with a policy<\/h4>\n\n\n<p>To activate only a certain circle, you can go to \"<a href=\"https:\/\/endpoint.microsoft.com\/#blade\/Microsoft_Intune_DeviceSettings\/DevicesWindowsMenu\/configProfiles\" target=\"_blank\" rel=\"noreferrer noopener\">Devices&gt; Windows&gt; Configuration profiles<\/a>\" create a new \"Identity Protection\" profile.<\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-1 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/scloud.work\/wp-content\/uploads\/2022\/03\/image-19-1024x574.png\"><img decoding=\"async\" src=\"https:\/\/scloud.work\/wp-content\/uploads\/2022\/03\/image-19-1024x574.png\" alt=\"Intune - Identity protection profile\" class=\"wp-image-1309\"\/><\/a><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/scloud.work\/wp-content\/uploads\/2022\/03\/image-26.png\"><img decoding=\"async\" src=\"https:\/\/scloud.work\/wp-content\/uploads\/2022\/03\/image-26-1024x574.png\" alt=\"Intune - Identity protection profile - name\" class=\"wp-image-1316\"\/><\/a><\/figure>\n<\/div>\n<\/div>\n\n\n\n<p>In the settings it is important that \"Use a Trusted Platform Module (TPM)\" is active.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/scloud.work\/wp-content\/uploads\/2022\/03\/image-21.png\"><img decoding=\"async\" src=\"https:\/\/scloud.work\/wp-content\/uploads\/2022\/03\/image-21-1024x638.png\" alt=\"Intune - Identity protection profile - settings\" class=\"wp-image-1311\"\/><\/a><\/figure>\n\n\n<h3 class=\"wp-block-heading\" id=\"cloud-trust-richtline-erstellen\">Create Cloud Trust Policy<\/h3>\n\n\n<p>To configure the Cloud Trust Policy, we create a \"Custom Profile\" with an OMA Uri. This OMA Uri shows the end device the way to the right tenant for authentication.<\/p>\n\n\n\n<p>You create the policy under \"<a href=\"https:\/\/endpoint.microsoft.com\/#blade\/Microsoft_Intune_DeviceSettings\/DevicesWindowsMenu\/configProfiles\">Devices &gt; Windows &gt; Configuration profiles +Create profile<\/a>\". <\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-2 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/scloud.work\/wp-content\/uploads\/2022\/03\/image-22.png\"><img decoding=\"async\" src=\"https:\/\/scloud.work\/wp-content\/uploads\/2022\/03\/image-22-1024x481.png\" alt=\"Intune - custom configuration profile\" class=\"wp-image-1312\"\/><\/a><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/scloud.work\/wp-content\/uploads\/2022\/03\/image-25.png\"><img decoding=\"async\" src=\"https:\/\/scloud.work\/wp-content\/uploads\/2022\/03\/image-25-1024x481.png\" alt=\"Intune - custom configuration profile - name and description\" class=\"wp-image-1315\"\/><\/a><\/figure>\n<\/div>\n<\/div>\n\n\n\n<p>Here you add an entry and enter the OMA-URI below. Don't forget, you must in the OMA-URI\"<strong>YourTenantID<\/strong>\" with your Tenant ID. (You can find the ID&nbsp;<a href=\"https:\/\/portal.azure.com\/#blade\/Microsoft_AAD_IAM\/ActiveDirectoryMenuBlade\/Overview\" target=\"_blank\" rel=\"noreferrer noopener\">here<\/a>)<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><strong>Name<\/strong><\/td><td>UseCloudTrustForOnPremAuth<\/td><\/tr><tr><td><strong>Beschreibung<\/strong><\/td><td>Windows Hello for Business cloud trust<\/td><\/tr><tr><td><strong>ORA-Uri<\/strong><\/td><td>.\/Device\/Vendor\/MSFT\/PassportForWork\/<strong>YourTenantID<\/strong>\/Policies\/UseCloudTrustForOnPremAuth<\/td><\/tr><tr><td><strong>Data type<\/strong><\/td><td>Boolean<\/td><\/tr><tr><td><strong>Value<\/strong><\/td><td>True<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/scloud.work\/wp-content\/uploads\/2022\/03\/image-24.png\"><img decoding=\"async\" src=\"https:\/\/scloud.work\/wp-content\/uploads\/2022\/03\/image-24-1024x481.png\" alt=\"Intune profile WH4B cloud trust\" class=\"wp-image-1314\"\/><\/a><\/figure>\n\n\n<h2 class=\"wp-block-heading\" id=\"summary\">Summary<\/h2>\n\n\n<p>Thanks to Windows Hello for Business Cloud Trust, it's much easier to get a Kerberos authentication trusted by Windows Hello from a cloud-only device (Azure AD joined).<br>For me, there are few to no reasons to use hybrid joined devices. - All thanks to this great feature!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>With the \"Hybrid Cloud Trust Deployment\" it is finally possible to log on to local \/ on-premises resources with Windows Hello (face, PIN, key) without much effort. This was previously only possible with great effort and in connection with a&#46;&#46;&#46;<\/p>\n","protected":false},"author":1,"featured_media":1966,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"image","meta":{"footnotes":""},"categories":[239,1022,1032,1034],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Windows Hello for Business - Cloud Trust - Hybrid | scloud<\/title>\n<meta name=\"description\" content=\"Ensure successful authentication and SSO via Kerberos to local resources with the Windows Hello for Business Cloud Trust.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Windows Hello for Business - Cloud Trust - Hybrid | scloud\" \/>\n<meta property=\"og:description\" content=\"Ensure successful authentication and SSO via Kerberos to local resources with the Windows Hello for Business Cloud Trust.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/\" \/>\n<meta property=\"og:site_name\" content=\"scloud\" \/>\n<meta property=\"article:published_time\" content=\"2022-07-15T05:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-18T07:16:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/scloud.work\/wp-content\/uploads\/2022\/07\/Hybrid-Cloud-Trust-Deployment.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Florian\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@FlorianSLZ\" \/>\n<meta name=\"twitter:site\" content=\"@FlorianSLZ\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Florian\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/\"},\"author\":{\"name\":\"Florian\",\"@id\":\"https:\/\/scloud.work\/#\/schema\/person\/351129a6ee6924cb8637f395e4b010d5\"},\"headline\":\"Windows Hello for Business - Cloud Trust - Hybrid\",\"datePublished\":\"2022-07-15T05:00:00+00:00\",\"dateModified\":\"2023-08-18T07:16:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/\"},\"wordCount\":419,\"commentCount\":4,\"publisher\":{\"@id\":\"https:\/\/scloud.work\/#\/schema\/person\/351129a6ee6924cb8637f395e4b010d5\"},\"image\":{\"@id\":\"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/scloud.work\/wp-content\/uploads\/2022\/07\/Hybrid-Cloud-Trust-Deployment.jpg\",\"articleSection\":[\"Microsoft Intune\",\"Security\",\"Windows 10\",\"Windows 11\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/\",\"url\":\"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/\",\"name\":\"Windows Hello for Business - Cloud Trust - Hybrid | scloud\",\"isPartOf\":{\"@id\":\"https:\/\/scloud.work\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/scloud.work\/wp-content\/uploads\/2022\/07\/Hybrid-Cloud-Trust-Deployment.jpg\",\"datePublished\":\"2022-07-15T05:00:00+00:00\",\"dateModified\":\"2023-08-18T07:16:04+00:00\",\"description\":\"Ensure successful authentication and SSO via Kerberos to local resources with the Windows Hello for Business Cloud Trust.\",\"breadcrumb\":{\"@id\":\"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/#primaryimage\",\"url\":\"https:\/\/scloud.work\/wp-content\/uploads\/2022\/07\/Hybrid-Cloud-Trust-Deployment.jpg\",\"contentUrl\":\"https:\/\/scloud.work\/wp-content\/uploads\/2022\/07\/Hybrid-Cloud-Trust-Deployment.jpg\",\"width\":1200,\"height\":630,\"caption\":\"Hybrid Cloud Trust Deployment\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/scloud.work\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Windows Hello for Business - Cloud Trust - Hybrid\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/scloud.work\/#website\",\"url\":\"https:\/\/scloud.work\/\",\"name\":\"scloud by Florian Salzmann\",\"description\":\"Mastering the Modern Workplace with Intune\",\"publisher\":{\"@id\":\"https:\/\/scloud.work\/#\/schema\/person\/351129a6ee6924cb8637f395e4b010d5\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/scloud.work\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/scloud.work\/#\/schema\/person\/351129a6ee6924cb8637f395e4b010d5\",\"name\":\"Florian\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/scloud.work\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/scloud.work\/wp-content\/uploads\/2022\/10\/Salzmann_Florian_2022_500x500px.jpg\",\"contentUrl\":\"https:\/\/scloud.work\/wp-content\/uploads\/2022\/10\/Salzmann_Florian_2022_500x500px.jpg\",\"width\":500,\"height\":500,\"caption\":\"Florian\"},\"logo\":{\"@id\":\"https:\/\/scloud.work\/#\/schema\/person\/image\/\"},\"sameAs\":[\"https:\/\/scloud.work\/about\/\",\"https:\/\/www.instagram.com\/florianslz_\/\",\"https:\/\/www.linkedin.com\/in\/fsalzmann\/\",\"https:\/\/x.com\/FlorianSLZ\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Windows Hello for Business - Cloud Trust - Hybrid | scloud","description":"Ensure successful authentication and SSO via Kerberos to local resources with the Windows Hello for Business Cloud Trust.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/","og_locale":"en_US","og_type":"article","og_title":"Windows Hello for Business - Cloud Trust - Hybrid | scloud","og_description":"Ensure successful authentication and SSO via Kerberos to local resources with the Windows Hello for Business Cloud Trust.","og_url":"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/","og_site_name":"scloud","article_published_time":"2022-07-15T05:00:00+00:00","article_modified_time":"2023-08-18T07:16:04+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/scloud.work\/wp-content\/uploads\/2022\/07\/Hybrid-Cloud-Trust-Deployment.jpg","type":"image\/jpeg"}],"author":"Florian","twitter_card":"summary_large_image","twitter_creator":"@FlorianSLZ","twitter_site":"@FlorianSLZ","twitter_misc":{"Written by":"Florian","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/#article","isPartOf":{"@id":"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/"},"author":{"name":"Florian","@id":"https:\/\/scloud.work\/#\/schema\/person\/351129a6ee6924cb8637f395e4b010d5"},"headline":"Windows Hello for Business - Cloud Trust - Hybrid","datePublished":"2022-07-15T05:00:00+00:00","dateModified":"2023-08-18T07:16:04+00:00","mainEntityOfPage":{"@id":"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/"},"wordCount":419,"commentCount":4,"publisher":{"@id":"https:\/\/scloud.work\/#\/schema\/person\/351129a6ee6924cb8637f395e4b010d5"},"image":{"@id":"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/#primaryimage"},"thumbnailUrl":"https:\/\/scloud.work\/wp-content\/uploads\/2022\/07\/Hybrid-Cloud-Trust-Deployment.jpg","articleSection":["Microsoft Intune","Security","Windows 10","Windows 11"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/","url":"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/","name":"Windows Hello for Business - Cloud Trust - Hybrid | scloud","isPartOf":{"@id":"https:\/\/scloud.work\/#website"},"primaryImageOfPage":{"@id":"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/#primaryimage"},"image":{"@id":"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/#primaryimage"},"thumbnailUrl":"https:\/\/scloud.work\/wp-content\/uploads\/2022\/07\/Hybrid-Cloud-Trust-Deployment.jpg","datePublished":"2022-07-15T05:00:00+00:00","dateModified":"2023-08-18T07:16:04+00:00","description":"Ensure successful authentication and SSO via Kerberos to local resources with the Windows Hello for Business Cloud Trust.","breadcrumb":{"@id":"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/#primaryimage","url":"https:\/\/scloud.work\/wp-content\/uploads\/2022\/07\/Hybrid-Cloud-Trust-Deployment.jpg","contentUrl":"https:\/\/scloud.work\/wp-content\/uploads\/2022\/07\/Hybrid-Cloud-Trust-Deployment.jpg","width":1200,"height":630,"caption":"Hybrid Cloud Trust Deployment"},{"@type":"BreadcrumbList","@id":"https:\/\/scloud.work\/windows-hello-for-business-cloud-trust-hybrid\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/scloud.work\/"},{"@type":"ListItem","position":2,"name":"Windows Hello for Business - Cloud Trust - Hybrid"}]},{"@type":"WebSite","@id":"https:\/\/scloud.work\/#website","url":"https:\/\/scloud.work\/","name":"scloud by Florian Salzmann","description":"Mastering the Modern Workplace with Intune","publisher":{"@id":"https:\/\/scloud.work\/#\/schema\/person\/351129a6ee6924cb8637f395e4b010d5"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/scloud.work\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/scloud.work\/#\/schema\/person\/351129a6ee6924cb8637f395e4b010d5","name":"Florian","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/scloud.work\/#\/schema\/person\/image\/","url":"https:\/\/scloud.work\/wp-content\/uploads\/2022\/10\/Salzmann_Florian_2022_500x500px.jpg","contentUrl":"https:\/\/scloud.work\/wp-content\/uploads\/2022\/10\/Salzmann_Florian_2022_500x500px.jpg","width":500,"height":500,"caption":"Florian"},"logo":{"@id":"https:\/\/scloud.work\/#\/schema\/person\/image\/"},"sameAs":["https:\/\/scloud.work\/about\/","https:\/\/www.instagram.com\/florianslz_\/","https:\/\/www.linkedin.com\/in\/fsalzmann\/","https:\/\/x.com\/FlorianSLZ"]}]}},"_links":{"self":[{"href":"https:\/\/scloud.work\/wp-json\/wp\/v2\/posts\/1307"}],"collection":[{"href":"https:\/\/scloud.work\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/scloud.work\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/scloud.work\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/scloud.work\/wp-json\/wp\/v2\/comments?post=1307"}],"version-history":[{"count":34,"href":"https:\/\/scloud.work\/wp-json\/wp\/v2\/posts\/1307\/revisions"}],"predecessor-version":[{"id":4452,"href":"https:\/\/scloud.work\/wp-json\/wp\/v2\/posts\/1307\/revisions\/4452"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/scloud.work\/wp-json\/wp\/v2\/media\/1966"}],"wp:attachment":[{"href":"https:\/\/scloud.work\/wp-json\/wp\/v2\/media?parent=1307"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/scloud.work\/wp-json\/wp\/v2\/categories?post=1307"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/scloud.work\/wp-json\/wp\/v2\/tags?post=1307"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}