This summary of the video was created by an AI. It might contain some inaccuracies.
00:00:00 – 00:10:48
The YouTube video discusses configuring Azure AD Kerberos and Windows Hello for Business to access on-premises resources with passwordless credentials. Steps include setting up TLS 1.2, installing modules, creating Kerberos user account, and deploying Windows Hello for Business enrollment profile. Windows Hello for Business configuration involves using TPM, PIN setup, biometric authentication, and creating a custom profile. The demonstration includes setting up a new device in Azure AD, enabling MFA, PIN, and Hello for Business, demonstrating file share access without passwords. The video emphasizes accessing on-premises resources with Azure AD joined devices using Windows Hello for Business and mentions exploring security key implementation in the future. Additional work is needed for Hello for Business devices to function in an Azure AD joined environment.
00:00:00
In this part of the video, the speaker addresses the need to configure Azure AD Kerberos and a Windows Hello for Business policy to access on-premises resources with passwordless credentials. The steps include running scripts in PowerShell ISE to set up TLS 1.2, installing necessary modules, setting up Azure AD Kerberos with admin credentials, and deploying a Windows Hello for Business enrollment profile via the InTune portal. The process involves creating a Kerberos server user account and configuring the necessary settings for passwordless access.
00:03:00
In this segment of the video, the speaker shows how to configure Windows Hello for Business. They recommend using a trusted platform module for security verification and set the minimum PIN length to six and the maximum to 227. Biometric authentication and enhanced anti-spoofing can be enabled. The next step involves creating a custom configuration profile for Windows Hello for Business Cloud Trust. The profile is set up with a specific string including the device vendor and tenant ID, with the data type set to Boolean. Finally, the profile is saved and deployed to all users without any applicability rules. The video also briefly showcases a demo file share environment for testing purposes.
00:06:00
In this segment of the video, the speaker sets up a new device by joining it to an Azure AD environment as a corporate machine. They configure Multi-Factor Authentication (MFA), set up a PIN, and enable Hello for Business. By running the command ‘k-list’, they show how tickets are created for users connecting to domain controllers and Azure AD, allowing access to on-premise resources without a password.
00:09:00
In this segment of the video, the speaker showcases the process of accessing a domain controller (dc1) successfully from an Azure ID joined device. The device is not domain joined or hybrid domain joined but is Azure ID joined with a user on premises. They demonstrate accessing a file share by typing /dc1 in the file share, showing read-only and writeable file shares. The speaker emphasizes accessing on-premises resources using an Azure ID joined computer with Windows Hello for Business, highlighting the lack of password requirement for accessing the file share. They mention exploring different methods like using a security key with Windows Hello for Business in a future video. The video concludes by mentioning that some additional work is required to make Hello for Business devices function in an Azure AD joined environment.