Skip to content

Commit 170ae3f

Browse files
ktoliverktoliver
authored
Merge pull request #88630 from AlexFilipin/patch-7
Updated guidance for passwordless authentication
2 parents e7e395c + 12a2e7a commit 170ae3f

File tree

1 file changed

+6
-2
lines changed

1 file changed

+6
-2
lines changed

articles/active-directory/devices/azuread-join-sso.md

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -39,9 +39,13 @@ If you have a hybrid environment, with both Azure AD and on-premises AD, it's li
3939
1. The local security authority (LSA) service enables Kerberos and NTLM authentication on the device.
4040

4141
> [!NOTE]
42-
> Windows Hello for Business requires additional configuration to enable on-premises SSO from an Azure AD joined device. For more information, see [Configure Azure AD joined devices for On-premises Single-Sign On using Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base).
42+
> Additional configuration is required when passwordless authentication to Azure AD joined devices is used.
4343
>
44-
> FIDO2 security key based passwordless authentication with Windows 10 or newer requires additional configuration to enable on-premises SSO from an Azure AD joined device. For more information, see [Enable passwordless security key sign-in to on-premises resources with Azure Active Directory](../authentication/howto-authentication-passwordless-security-key-on-premises.md).
44+
> For FIDO2 security key based passwordless authentication and Windows Hello for Business Hybrid Cloud Trust, see [Enable passwordless security key sign-in to on-premises resources with Azure Active Directory](../authentication/howto-authentication-passwordless-security-key-on-premises.md).
45+
>
46+
> For Windows Hello for Business Hybrid Key Trust, see [Configure Azure AD joined devices for On-premises Single-Sign On using Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base).
47+
>
48+
> For Windows Hello for Business Hybrid Certificate Trust, see [Using Certificates for AADJ On-premises Single-sign On](/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert).
4549
4650
During an access attempt to a resource requesting Kerberos or NTLM in the user's on-premises environment, the device:
4751

0 commit comments

Comments
 (0)