Microsoft Cloud PKI - Windows Hello RDP sign in

Question

Hello guys,

I've been trying to use the new Microsoft Cloud PKI to set up Windows Hello RDP sign in to an RDS Collection. Before we've used SCEPman for this exact use case, however we would love to change that into the Microsoft Cloud PKI.

I cant seem to find a way to generate a Domain Controller Certificate, which is needed for "Smartcard authentication" towards an RDS server. The smartcard authentication in this case is just Windows Hello for business.

In SCEPman there is a client to setup such certificate, but this doesn't seem to be the case for Cloud PKI (microsoft)

Does that mean this is not possible? Would love to hear from you!

Thanks in advance

Answer 1

@Dylan Berghuis, Thanks for posting in Q&A.

I have done some research about this issue, and currently Cloud PKI only supports devices managed by Intune, like Windows, Android, iOS, macOS. And due to the DC exists in Windows Server, Cloud PKI doesn't support Windows Server, so it doesn't support Smartcard authentication.

https://learn.microsoft.com/en-us/mem/intune/protect/microsoft-cloud-pki-overview

However, this function maybe in the future will be applied to Windows Server.

Thanks for your kind understanding.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Forgot to mention but i did import the Certificates in RootCA, subCA and NTauth stores.

This does however not let me authenticate using kerberos.