Passwordless - Cloud Kerberos Trust benefits in Hybrid Join Devices

Emanuele Signorin 46 Reputation points
2024-03-25T09:51:42.34+00:00

Hi all,

I cannot understand the real benefits of using Cloud Kerberos Trust on Hybrid Joined devices.

In a device hybrid joined, I'm already able to access both Entra ID and Active Directory resources (for the last one, with a Kerberos ticket released by a Domain Controller). Which benefits can give me the Cloud Kerberos Trust?

Thank you in advantage.

Best regards,

Emanuele

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,531 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,726 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Andy David - MVP 147.9K Reputation points MVP
    2024-03-25T10:30:55.9633333+00:00

  2. Andy David - MVP 147.9K Reputation points MVP
    2024-03-25T10:53:19.23+00:00

    You dont need to configure it , though IMO the biggest advantage is described here:

    https://learn.microsoft.com/en-us/entra/identity/authentication/howto-authentication-passwordless-security-key-on-premises

    User's image

    0 comments No comments

  3. Yanhong Liu 9,605 Reputation points Microsoft Vendor
    2024-03-26T06:29:59.5033333+00:00

    Hello

    Cloud Kerberos Trust mainly provides the advantage of simplifying the deployment of Windows Hello for Business and supporting password -free login experience. This trust model uses the security keys to support Hybrid Azure AD to support Hybrid Azure AD and the infrastructure introduced by local resource access, reducing additional deployment requirements. Specifically, Cloud Kerberos Trust allows users to use Azure Ad Kerberos to synchronize the access of local resources in the mixed environment without complicated public key infrastructure (PKI) and Azure Ad Connect.

     

    In addition, Cloud Kerberos Trust also provides the following benefits:

     

    Simplified deployment: Compared with traditional key trust and certificate trust deployment model, Cloud Kerberos Trust does not need to maintain complex PKI or wait for Azure Adnect to synchronize.

    Password -free security: By using Cloud Kerberos Trust, it can achieve a safer non -password authentication method, which is safer than traditional passwords.

    Modern identity verification: Cloud Kerberos Trust supports modern and powerful two -factor authentication methods that use at least two unique factors, such as what users know (PIN) or the biological characteristics of users, combined with what they have (physical visits to the equipment (physical access to the equipment To.

    Improve user experience: Users can log in more conveniently to device and cloud services.

    Reduce the dependence on the regional controller: Through Cloud Kerberos Trust, Azure AD can generate some Kerberos tickets to grant tickets (TGT), thereby reducing dependence on regional controllers.

    Best Regards,

    Yanhong Liu

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.