This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 74%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
Query/technical details...
Hybrid AADJ setup with certificate trust (we use RDP quite a bit).
NDES/SCEP setup with intune for AAD joined devices. Certificates are getting pushed pushed out to ad joined devices correctly.
On premise ADFS 4 (server 2019) setup for on premise certificate deployment of the hybrid devices. Using GPO to enable certificate trust for WHFB.
I'm stuck on the dsregcmd /status output of adfsraisready : no. Which means the windows 10 machine is not getting it's WHFB certificate from ADFS to kick start the process.
What I'm trying to find out is if there's any info on how the win10 machine discovers the ADFS RA settings. Have redone the config a few times and sanity checked but I keep getting the same result and just not sure what to start tracing.
Any clues as to which direction to head would be useful.