Site icon Infused Innovations

Windows Hello for Business Cloud Trust is in Preview

Windows Hello for Business Cloud Trust is in Preview 3

Windows Hello for Business is an enterprise login tool that verifies identity with biometrics: facial recognition or fingerprints. This eliminates the need to enter passwords, which saves time & hassle and increases employees’ productivity. Last week, Microsoft announced its Windows Hello for Business cloud trust, which applies to hybrid environments. This new authentication model considerably simplifies the deployment of passwordless login in hybrid scenarios, and it’s in preview now.

Simplifying Deployment with Windows Hello for Business Cloud Trust

On-premises single sign-on (SSO) with passwordless security keys makes employee login experiences in traditional workplaces simple and seamless. Until now, Windows Hello for Business has provided strong authentication either through an asymmetric key pair (the key trust method) or a user certificate (the certificate trust method)—both of which require a complicated deployment process. The addition of a new cloud trust method brings together the benefits of these resources without that hassle in setting it up. It can be be used for new deployments or administrators can switch existing ones to this model with policy controls.

Differences Between Key Trust, Certificate Trust, and Cloud Trust

All of these deployment models pertain to hybrid environments that include some on-premises credential verification. The key trust model does on-prem authentication through built-in Azure AD certificates with Kerberos in order to retrieve ticket-granting-tickets (TGTs). It requires public key infrastructure (PKI) and an adequate number of 2016 domain controllers to support authentication, as well as Active Directory Certificate Services. Certificate trust is similar to key trust but also offers certificates to end users (with possibilities of expiration and renewal), and it requires additional device registration at setup.

Cloud trust does not issue certificates and doesn’t require Active Directory Certificate Services. Since it doesn’t use public key infrastructure, there’s no need to deploy that or make any changes to existing PKI. This also means it doesn’t require the syncing of public keys between Azure AD and on-premises domain controllers. Users can access on-premises applications and resources without any delay between provisioning and authentication. Cloud trust is the new recommended method of deployment when certificates are not needed, replacing the key trust method as the default recommendation. But there are some prerequisites to using this model, and some scenarios won’t work with it.

Prerequisites for Cloud Trust

These are the requirements for deploying Windows Hello for Business cloud trust:

For more details on prerequisites, see Microsoft’s Deployment Prerequisite Overview.

Unsupported Scenarios

There are a few scenarios where you can’t use Windows Hello for Business cloud trust. These are:

Try Out Windows Hello for Business Cloud Trust

In any Windows Hello for Business setup, users will experience the same easy process when they log in to applications. The differences are on the administrators’ side, particularly in the deployment process.

Ready to check out this preview and deploy Windows Hello for Business more easily? Follow these deployment instructions.


More recent Microsoft news:

Exit mobile version