Hi to Everyone. Happy New Year!!!!
I would like to implement and configure Windows Hello for business using On Premise infrestructure only by Windows 10 clients.
According to the Microsoft documentation, there are 5 steps that I need to configure:
- Validate Active Directory prerequisites
- Validate and Configure Public Key Infrastructure
- Prepare and Deploy Windows Server 2016 Active Directory Federation Services
4. Validate and Deploy Multifactor Authentication Services (MFA)
- Configure Windows Hello for Business Policy settings
Following previous steps, I have configured and implemented some prerequisites, but I have a question:
For the MFA with AD FS, there are some tools that could be used it. I used Azure MFA but this feature needs licenses with MFA included, in this point I cannot continue because is not clear for me. The company works as the following infrastructure:
-Company has AD Connect configured to sync users to O365, and Office E1, E3 and E5 licenses are used
-Windows Server 2016 (Level Forest and Domain 2016)
-Schema is the latest
My dudes are:
I need to configure AD Connect with AD FS Service for Windows Hello?
I suppose to have to buy license with MFA feature included, if I use Azure MFA, right?
And the latest point "Configure Windows Hello for Business Policy settings", mention Enable the policy Use certificate for on-premises authentication on the Group Policy Management Editor from Active Directory, but it does not appear this option, Why? I imagine this option is a key to Windows Hello works
I hope you can could help me, I have a lot of days but I cannot on going!! :(
The documentation is not clear and I think everybody needs to look for another blogs to reolve their dudes!!
Best regards from Mexico
Luis Reyes