I'm trying to find the best method for authenticating my Entra Joined devices to our on-premises Active Directory using Windows Hello for Business. I currently have these components in place: Active Directory users synced via Entra Connect to M365, all user laptops managed by Intune, and a few AD Joined desktops accessed via RDP. There are also two legacy applications that rely on Active Directory for authentication. One is a SQL-backed analytics app, and the other is an email archiving solution that requires Active Directory credentials. My goal is to simplify authentication, ideally enabling Windows Hello for Business for RDP access as well. I'm curious about whether implementing this is worthwhile at this stage and what the best approach would be, especially given the legacy systems I'm working with. I came across an article about hybrid Azure AD Join and SSO, which seems relevant. Any tips?
2 Answers
Absolutely, make sure you're implementing cloud Kerberos. It's something I'm currently introducing in my workplace and it's making a big difference.
You definitely want to look into setting up a Kerberos trust between Entra and AD. I followed the steps for setting up MEDS with Azure Files for Kerberos, and it's been smooth sailing since then. Keep in mind that your setup might vary if you're integrating additional resources beyond a synced domain. Also, when setting this up, remember to enable token grabbing on login for a seamless experience.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures