How does a windows 10 machine discover the ADFS RA for WHFB certificates?

John Benson 1 Reputation point

Query/technical details...
Hybrid AADJ setup with certificate trust (we use RDP quite a bit).
NDES/SCEP setup with intune for AAD joined devices. Certificates are getting pushed pushed out to ad joined devices correctly.
On premise ADFS 4 (server 2019) setup for on premise certificate deployment of the hybrid devices. Using GPO to enable certificate trust for WHFB.

I'm stuck on the dsregcmd /status output of adfsraisready : no. Which means the windows 10 machine is not getting it's WHFB certificate from ADFS to kick start the process.

What I'm trying to find out is if there's any info on how the win10 machine discovers the ADFS RA settings. Have redone the config a few times and sanity checked but I keep getting the same result and just not sure what to start tracing.

Any clues as to which direction to head would be useful.

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
953 questions
No comments
{count} votes