Do I need Azure Premium for cloud hybrid trust / key hybrid trust or not?

Mik Op 136 Reputation points
2023-04-13T11:03:03.63+00:00

Hello, we'd like to setup Windows Hello for Business to get MFA for Windows logon. We have fully on premise environment and can't really afford Azure Premium subsriptions for all our users. My question is: on MS sites, it is said you need Azure Premium for certificate trust. What about kerberos cloud hybrid trust and key hybrid trust. Can we go without subscriptions? I have already tried to set it up, successfully setup pin, but constantly getting errors when try to login with the pin:

  • 0xc000005e PIN code is not available and this function is not supported in your organization
  • this option is not available at the moment etc. Is that because we are missing subscriptions?
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,813 questions
0 comments No comments
{count} votes

Accepted answer
  1. Carlos Solís Salazar 16,786 Reputation points MVP
    2023-04-14T09:18:06.74+00:00

    Thank you for asking this question on the Microsoft Q&A Platform.

    I understand that you must implement Windows Hello for Business without any License, correct? Your investigation is correct, without any Azure AD license you only can implement cloud Kerberos trust Group Policy Key trust
    Group Policy or Modern managed
    according to the following table User's image

    Source: https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-identity-verification#hybrid-deployments Hope this helps!

    Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.

    NOTE: To answer you as quickly as possible, please mention me in your reply.

    0 comments No comments

0 additional answers

Sort by: Most helpful