Kindly go through the following:
Windows Hello - not true passwordless for RemoteApp or RDP!!!
Hi, I have set Windows Hello & NDES/SECP certificates on my environment for my Azure AD joined devices. The users still use RemoteApps via a VPN to access virtual applications. I am trying to set it up that the users use WIndows Hello to access all on-prem applications.
So far, It authenticates with the biometrics or pin but when the RDP session opens it asks for the users credentials to access the session hosts. Is this the expected behaviour? I tried a normal RDP session to a server using Windows Hello biometrics and it takes me to the server but then I still need to enter my credentials?
Can anyone help or share their experience with Windows Hello and RDP?
2 answers
Sort by: Most helpful
-
-
Christian Laboy 1 Reputation point
2022-11-14T21:27:54.1+00:00 I had the same behavior. The issue is most likely with your cert. If it does not have the correct "Intended Purpose" values, it will cause this behavior.
Take a look at your NDES config, specifically what cert templates you have set in your registry. Remember, an NDES server can only issue certs from 1 template per usage (there are 3 total). They need to match your "key usage" chosen in Intune and the templates themselves need the correct entries in the "Extensions" tab.