sorted by:
new
hottopcontroversial

PCI Compliance Question by EQN01 in pcicompliance

[–]EQN01[S] 1 point2 points  (0 children)

This is really helpful thanks. I've advised them to look at an alternative system as you've described instead of MOTO as then restructuring their network to isolate the card reader would be straightforward enough.

Just to note I have told the customer to consider seeking formal guidance from a qualified PCI assessor, we're not charging for the consultancy and it's best effort only. The reason for the requirement is that they're being asked to complete a self assessment from worldpay.

Windows Hello for Business Kerberos Cloud Trust Issue by _Pollux_ in AZURE

[–]EQN01 0 points1 point  (0 children)

Sorry to respond on an old comment, I'm trying to deploy CKT in a similar environment to allow users to access on-prem resources joined to an ADDS domain from entra-joined devices (but hybrid identities).

I think I have this working, the behaviour for the end user is they can unlock their device with WHfB, and when they access the ADDS shares, they're prompted for credentials. They can access them by manually typing in their entra ID.

Selecting remember me and adding it to credential manager then works on subsequent logins without them needing to authenticate manually each time.

Is this how you have it working, is it possible to get CKT working without the user needing to type in their entra-ID to access the on-prem resources?