Dudes, I love your videos. I love how it always goes wrong but you always manage to fix it. This is exactly how me and my co-worker work! keep on the great work guys
@jordanross51334 жыл бұрын
Thank you for your wonderful videos and the time and effort it takes to make them. It's a breath of fresh air to see a start to finish on this topic that includes some bloopers.
@michaelwaterman35534 жыл бұрын
Good video, although lengthy. I did appreciate the honesty of the first part, seems that the most knowledgeable among us also struggle with the same stuff we all do. As it happens I was actually in need of this knowledge as I was running into the exact same issue. Going to give it a try next week. Thanks!!!
@IntuneTraining4 жыл бұрын
I just started going through all of this again for my prod env and following the steps to confirm what already exists vs what we need to add. Message me on Twitter DM if you get stuck. @AdamGrossTX
@michaelwaterman35534 жыл бұрын
Intune Training I will do that! Thanks for offering.
@zorlacmc5 жыл бұрын
Glad I'm not the only one that found the docs disjointed and impossible to follow - thanks for the video!
@thomasbalder4275 жыл бұрын
The day before yesterday I spent the whole day figuring out how to get the partner center stuff going so I can use autopilot with only s/n+model+manufacturer without opening the box to get the hardware hash. What a pain that was!
@TaozenTaiji3 жыл бұрын
A lot of microsoft docs are great, but good lord the WHfB docs are bad....disjointed and impossible to follow is the most accurate description I've seen of them.
@YLCGUK3 жыл бұрын
Great video, very useful, thank you! volume normalisation between the 2 of you would be good though. I have to have one of you booming in order to hear the other clearly.
@DeepFriedLettuce4 жыл бұрын
Well I feel like a dummy, but I'm one happy dummy right now. I went over the entire video three times trying to figure out where I was going wrong... I never made my PDC the 2016 server. Once I got this issue resolved, it resolved 3-4 other issues I had in queue for this. Thank you guys so much for this content and providing the sources you're using. I wouldn't have figured out my noob-like blunder otherwise!
@lltagged3 жыл бұрын
Haha hilarious watching the entire thing. :) Enjoyed it a lot, thanks!
@iliyatodorov93204 жыл бұрын
Great tutorial ! - thank you ! In regards of the CDP folder permissions - To avoid adding "EveryOne -> Full" - place the folder on another server ( tested OK ) , or it might work on another drive .
@oliverpetherick875 жыл бұрын
Hey guys, really loving these guides. As an IT admin completely new to a pre-existing Intune setup, these guides have proven invaluable for me to begin to understand how it works. It is also reassuring that despite my frustrations with Intune at times, even experienced professionals still have their difficulties with it too. With that said, I also have been having a bit of trouble with fluctuations with my enrolled device's compliance and frequently see false positives occur. Is this normal behaviour for Intune when changes occur (like new OS versions being released) or does something in the configuration need addressing?
@andrewenglish3810Ай бұрын
@IntuneTraining the links no longer work, can you please update them?
@omarserpas53233 жыл бұрын
Great and honest video. Appreciate the hard work. Been watching for awhile and slowly deploying Intune in our environment. But had a question, at the end where it was working as I'm a bit confused.. is this still considered Hybrid Azure AD Key Trust model. It's supposed to not have any certificates deployed to machines and yet you uploaded the rootca into a config profile and deployed it to all devices. So doesn't that make this the Hybrid Azure Ad Certificate model??
@IntuneTraining3 жыл бұрын
Hybrid key trust only needs to have the root CA deployed, while cert trust needs to have a user/device cert along with the root ca
@Ramsas1542 жыл бұрын
Is there more up-to date blog/video how to achive hybrid-ad windows hello? The blog post in the description is dead :(
@IntuneTraining2 жыл бұрын
Check out Hybrid Cloud Trust. It’s far easier to configure and much faster user provisioning. docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust If you get stuck, come over to aka.ms/WinAdmins and ask for @AJF or @AdamGrossTX
@taksiobs3 жыл бұрын
Hi Guys, will this work with Hybrid AD Joined Windows 10 Devices?
@yanniskahnwald5042 Жыл бұрын
If I am interested in on-premise implementation can I do that only with pt. 2 of the episode?
@KJ-yr7gi3 жыл бұрын
Hi, Thanks for making this great video. I just wonder to know If we could Remote Desktop login with fingerprint ?
@jackh1252 жыл бұрын
As the SCCM administrator, and having no access to our cloud based infrastructure... watching this made me sad that we'll simply never be able to enjoy this feature. Way too many asks for those above my paygrade. Excellent video regardless of the complexity.
@IntuneTraining2 жыл бұрын
That’s a bummer. Check back next week - we’re going to be covering Hybrid Cloud Trust. It only takes a few mins and a few lines of PowerShell.
@justinschlatter41893 жыл бұрын
What rights are actually needed on the cdp folder?
@andrewmilne57134 жыл бұрын
Hey Steve/Adam. Great Video, when you filming the first attempt live, what was the cause of the problem or did you just start again? I only ask because, although I can see Kerberos tickets been granted using the keys, I still get a message saying that it can't reach the a domain controller?
@mpdesousa2 жыл бұрын
Hey, I've been getting "Your credentials could not be verified" after setting up Win Hello on MDM, would the above solve this issue?
@IntuneTraining2 жыл бұрын
Probably. If you haven’t configured trust then you aren’t using hello for business, just hello. They aren’t the same. Stay tuned, we have a video on Hybrid Cloud Trust coming soon which should make this easier to set up.
@mpdesousa2 жыл бұрын
@@IntuneTraining yea thought as much after some digging and the troubleshooting article you posted on one of the vids. Thanks looking forward to it.
@Domp67453 жыл бұрын
Hello guys, after first pin registration, Could I use WHFB without internet connection?
@dontaylor78083 жыл бұрын
Please post the complete steps on how you get this set up
@silicondt13 жыл бұрын
Do you have to be on the same network as the resource and DC? For example: what if you opened up a port through firewall to http on IIS that uses NT auth. Yet the computer is on a random hotel wifi network. Not VPN to coorporate.
@IntuneTraining3 жыл бұрын
Use Azure App Proxy to do that.
@silicondt13 жыл бұрын
@@IntuneTraining Thanks, so to verify you do have to be on the same network as your DC for this to work? Also I assume the on prem AD dns? Not just line of site to the resource, but line of site to the DC and be on the DNS of on prem AD.
@MatthewMorris24104 жыл бұрын
Quick question as I'm new to all of this. When I change the certificate what happens to the on-prem machines? Are there any issues with changing the DC cert or does it just work? Thanks for your help and your videos are brilliant. Helped me alot.
@narasimhamurthyboya89874 жыл бұрын
How do you get password or pin notification in AAD joined machines when it's getting expired or how users will know password or pin expiry
@charliemaroun91512 жыл бұрын
Hey Thanks for that, I'm having issues where after autopilot it takes an hour or two to start working, if i add the certificate manually and restart, it works straight away. Any insight into this?
@IntuneTraining2 жыл бұрын
Do you see it on your home network too? Or just in the office? If in office check to see if you have the SSL inspection removed from the Intune endpoints
@charliemaroun91512 жыл бұрын
@@IntuneTraining just in the office, SSL inspection has been removed already, is it possible that its waiting for an ADSync to replicate before working?
@IntuneTraining2 жыл бұрын
It absolutely must wait for AAD Connect to sync, so that could be impacting you
@charlessloane3 жыл бұрын
Is this information still accurate given the fact that the blog post you are referencing was written in 2017?
@martincayer26154 жыл бұрын
Thank you for the video. I have a question regarding 2012R2 domain controllers. If i understood correctly, we can deploy Hybrid Azure AD Key Trust, as long as the Schema is 2016. Is there a disadvantage to doing this?
@jan10101103 жыл бұрын
You need a 2016 DC in every AD site. The Schema can be 2012R2. You see your sites in the program Active Directory Sites and Services.
@MalteseNinja222 жыл бұрын
Hey guys, love the vids... thanks a lot! At the moment I'm trying to turn windows hello pin OFF for all our users though intune and remove any current pins that are put in place. Is this possible?
@IntuneTraining2 жыл бұрын
There are policies to disable hello and hello pin/biometrics
@darts26804 жыл бұрын
Hi @all Have U got a Blog documentating Part2 of this Setup? Great Work - but hard to follow up :-)
@DeepFriedLettuce4 жыл бұрын
Part 2 was added to the end of their first video. Start at about 75 minutes into the video and you'll see where Adam starts over again.
@comeon6844 жыл бұрын
Steve & Adam... Do you still recommend following the first article you mention for setting up?
@IntuneTraining4 жыл бұрын
Yes
@comeon6844 жыл бұрын
@@IntuneTraining - Wanted to thank you for this video. This is going to helps us transition to a pure cloud solution. I enjoyed seeing the troubleshooting and it gave me more of in depth look at how this worked. I have it up and working for specific users.
@Soqotra35 жыл бұрын
Nice, was struggling with this the other day...
@justinpfeil27752 жыл бұрын
This video is just what I needed, but I paused it because I'm having a serious problem with the Certificate Template not being available to be issued.
@IntuneTraining2 жыл бұрын
have a look at this updated video: kzbin.info/www/bejne/p2G8ZZpmmciCj5Y where Steve and Adam talk about the newer option of Windows Hello for Business, that is way more easier to implement and use
@ferryknol95823 жыл бұрын
I'm just wondering, have safe is using a PIN really? Because i can predict that people will use the same PIN for all there devices. So changes that the PIN will be compromised is very high. Fingerprint, Face recognition or a hardware key seems a better/safer solution in my opinion. in combination with a PIN gives you 2FA if that is possible. But why is it that we need to configure a PIN as a backup login solution when you choose any Windows Hello option? Sure i understand that it is for when you Windows Hello Face, Finger or Hardware key doesn't work, but this makes the whole Windows Hello solution insecure in my opinion.
@taksiobs3 жыл бұрын
HI Guys, can anyone confirm if I need ADFS for me to enable Windows Hello on a Hybrid AD joined devices?
@IntuneTraining3 жыл бұрын
At a high level ADFS is not required for windows hello for business, it's only required if doing certificate based trust model which isn't a great solution to be honest, whole heap more moving parts then hybrid key trust.
@taksiobs3 жыл бұрын
@@IntuneTraining thanks a lot ❤️
@yaserrafiq74825 жыл бұрын
Great session thanks for your efforts
@TekkDomains3 жыл бұрын
Steve, I followed along and got all this setup to work with a Hybrid Azure AD joined device. However, I am still running into the same issue where login is not possible to use the PIN or finger print. I want to offer and suggest asking to come on to your show with my environment and working what ever the issue is to get this exact same setup / configuration to work with a Windows 10 Hybrid Azure AD joined device. Lets do a real/live troubleshooting session? Thanks Lacy Phoenixtekk SCCM/Endpoint Architects ExMSIT
@localgod133 жыл бұрын
Can you please do another cleaner video on this topic,
@IntuneTraining3 жыл бұрын
Try this one that Steve did at a user group. kzbin.info/www/bejne/sGS7gH2EpKx0qqs
@marcelvis52175 жыл бұрын
Steve and Adam, I like your Intune Trainings a lot, but on this particular Episode.... it's a bit difficult to follow as a viewer, Well like Adam says" We're doing it live"
@AWausF4 жыл бұрын
Hey Guys, you made my day! I followed the docs and read the blablabla up and down, from left to right and at some point there was only a whaaat??? 😅 I don't understand why there is no better connector for this shit, or a clean documentation. I came from local server 2008 Domain and i am new with Azure, so i spent the hole last week to solve that issue! But PIN Login with hybrid joint devices doesnt seems to work with this guide 🤬 Azure only is no way to go now, i need gpos for printerconnection, offline devices, application deploy and so on. My nightmare goes on with EAS not working with Proxy enabled, Hello with hybrid AD joined devices and the thing with upgrade exchange 2010 to 2019 with hybrid environment 🥶🥶🥶
@mukhtarh54354 жыл бұрын
I’m kind a late but I recently got a Microsoft support job supporting this type of stuff were you able to deploy windows Hello for business using everything here? I need to build a mandatory windows Hello for business lab later
@hyugai4 ай бұрын
i love your video, steve im based in sydney as well and would love to meet up with you one day
@IntuneTraining4 ай бұрын
Make sure you come on down to workplace ninja in a couple of weeks 😏
@hyugai4 ай бұрын
@@IntuneTraining is it 27 august at denison north sydney?
@IntuneTraining4 ай бұрын
Sign up here www.meetup.com/workplace-ninja-user-group-australia/events/302012219
@georgetzikas93404 жыл бұрын
Need to add an option on how to assign windows 10 hello for business for some users not all users. That would be great. thanks guys
@IntuneTraining4 жыл бұрын
You can create a Device Configuration Profile - select "Identity protection" as your Profile type.
@georgetzikas93404 жыл бұрын
Intune Training - thanks guys, worked perfectly
@mrhallman642 жыл бұрын
I found that end users forgot their passwords more often because they did not have to type them in very often. lol
@justinpfeil50182 жыл бұрын
Implementing this has been one of the worst experiences. Nothing seems to ever work.
@IntuneTraining2 жыл бұрын
We agree. Have you seen Hybrid Cloud Trust? Same result, WAAAYY simpler. S04E03 - Configuring Hybrid Cloud Trust - (I.T) kzbin.info/www/bejne/p2G8ZZpmmciCj5Y
@justinpfeil50182 жыл бұрын
@@IntuneTraining I have, and I followed that video, now I'm in a situation where Windows Hello will activate when the configuration profile is activated, but after implementation all PCS go directly to 'Not available at this time.' I cannot determine the cause yet. Very frustrating.
@MK-78176 ай бұрын
not sure, what you are trying to accomplish.. video is not clear to understand.
@ITUnwrapped4 жыл бұрын
To be fair, 90% of your troubles was basic understanding of how remote access to VM's and certificates work.