Windows Hello for Business Cloud Trust and Windows 11 Passkey feature

Question

Our company already successfully implemented SSO Passwordless Sign-on with Windows Hello for Business Cloud Trust. During that implementation, there was a Kerberos AD RODC object created, and Active Directory Connector was all set up accordingly.

We are now looking to implement the Windows 11 "Passkey" feature on top of the PIN, Biometric, and FIDO Security Key that they are already in use. Is there a new Kerberos AD Server object that needs to be created or we can continue to rely on the previous object we created to implement the "Passkey"?

Appreciated.

WC

Answer 1

since you already have Windows Hello for Business Cloud Trust and related Kerberos AD RODC objects set up, you've got a good foundation for additional authentication features.

Compatibility with Existing Kerberos AD RODC Object Typically, the Win 11 Passkey feature would work in conjunction with your existing Azure Active Directory and Intune configurations. Since you already have a Kerberos AD RODC object and Active Directory Connector set up for Windows Hello for Business, it's likely that you can continue to rely on these existing objects for implementing the Passkey feature.

I'd still recommend documenting and testing in a controlled environment, hope this helps!

Answer 2

@Woody Chiu at RASI Thank you for reaching out to us, there is no need to create another Azure Kerberos AD Server object again, passkeys work along with existing Windows Hello configuration which you have already.

Reference: https://support.microsoft.com/en-us/windows/passkeys-in-windows-301c8944-5ea2-452b-9886-97e4d2ef4422

Let me know if you have any further questions, feel free to post back.