Prerequisites
You need to set up Certificate Trust model based on the deployment scenario.
-
For hybrid AADJ certificate trust deployment, refer to the Microsoft document at https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.
-
For AADJ single sign-on deployment, refer to the Microsoft document at: https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.
-
To configure AADJ devices for on-premises single sign-on using WHFB, refer to the Microsoft document at: https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base
-
To use certificates for AADJ on-premises single sign-on, refer to the Microsoft document at: https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.
-
To set up Azure portal to achieve automatic enrolment to Intune, refer to the Microsoft document at: https://docs.microsoft.com/en-us/intune/enrollment/windows-enroll.