Event banner
Event details
For an AADJ device that has Windows Hello, we allow users to utilize PINs to unlock and sign into their device. However, this method of signing in can cause issues with some of our on-prem resources. Sometimes users will get a popup that says "Windows needs their current credentials" and need to lock their device and sign in with their password when they are on the company network. We still utilize AD and network shares in our company environment. Is there a way where we can allow our on-prem systems to recognize and associate users signed in with Windows Hello PINs on AADJ devices with their on-prem AD account?
I've looked into cloud trust Intune configs, but it either didn't solve my issue, or I didn't implement it correctly.
- EricMoe
Microsoft
You're on the right track - you need the Intune Hybrid Cloud Kerberos Trust configuration to support SSO to on-prem resources. The guidance is here, Windows Hello for Business cloud Kerberos trust deployment guide | Microsoft Learn There are quite a few steps, so make sure you step your way through.
