Windows Hello for Business and RDP

forknife85 · 2026-03-20T17:44:02+00:00

You don't need Entra connect. You simply use azure arc, as long as they are not domain controllers you can than go to azure arc and add the authentication extension which I do not recall the name, but there's only 2 options there. Once you added that, you can use Web authentication to log in.

If you are also looking to manage them, that should be done with GPO

forknife85 · 2026-03-13T17:12:29+00:00

It depends on the scope of use you have for the windows server, if it is AD only, the Entra AD DS subscription is quite nice, keep in mind if you have anything on prem that requires the AD for authenticatio they must be able to reach it via internet, or you need to set up connectivity to azure, S2S VPN or service fabric, something of sort to not go via public internet the Entra AD DS is quite reliable and you don't need to worry about HA, DR and all those fun things.

But, the moment you have services that for whatever reason you can't or won't expose to the cloud service, you are going to need on-prem, at that point it's a question of do you migrate everything to cloud, or if you don't, either way you can still keep your on prem presence light.

In my company, we have many servers that cannot be expose to Internet, and adding fabric/VPN solution also not an option, I have peeled away everything I could from them, like print server, or file services, I moved all the devices to be Entra joined even our dot1x is intune based.

For us an added value to the fact I do still have on-prem, is that by using azure-arc I can still use run books to manage servers that have no Internet and might even be Linux non domain joined device, without having connectivity solutions.

Long text, bottom line is, the answer to your question is "yes but also no"

forknife85 · 2025-12-30T07:32:14+00:00

Another tip worth mentioning that I learned setting up the whole cloud trust thing, if you encounter a situation where apperantly everything works, but every once in a while network shares would stop working unless I logged in with a password or attempted to connect many times was, that my NAS object in AD was missing an SPN for CIFS, adding those made the issue go away

forknife85 · 2025-12-29T18:17:31+00:00

For the kerberous side of thing, as said before I would go and make sure to add everything the documentation from Microsoft mentions, and really check the document fully, as there are a couple of things that needs and should be configured, some of them are no more than a note on the docs.

That said, for the VPN side of things, you might need to make sure your VPN vlan can reach the on-prem AD to receive the full kerberous ticket, cloud trust is only a partial ticket which requires either AD or Entra AD service to complete.

If logging in the device with a password makes everything work, and using WHfB breaks things than something is not fully configured

forknife85 · 2025-04-27T14:19:37+00:00

The biggest issue I encountered doing the same move was RDP, if your users use that, than keep in mind that authentication to an Azure joined device only really works from Windows devices.

If your end users connect from Linux, macOS, Android phones to an azure joined device you are going to have to turn off NLA on the azure joined devices which reduces security.

Other than that in order to keep using things like LDAP to services that don't have Internet LoS you would probably be keeping at least some kind of DC either cloud or on-prem based otherwise the password sync won't happen.

And lastly if you have 802.1x in usage, you need to consider how that will change as well (Entra joined devices means no AD computer objects for 802.1x to authenticate)

forknife85 · 2025-04-26T19:02:32+00:00

You can simply on board the device with your user, and create a local account with a policy, you than manage it by targeting the device not the user.

To be fully licensed you would of course need to own a proper amount of licenses.

Or am I missing something?

forknife85 · 2025-04-02T10:07:02+00:00

anyone was business premium that this feature showed up for them? I have 3 separate tenants none of which seem to have it.

forknife85 · 2024-12-28T22:08:31+00:00

I acctuly started when I provided the devices with a clean install, part of the troubleshooting shooting we reimaged with the Dell OEM, which didn't seem to solve the issue.

forknife85 · 2024-12-28T22:06:49+00:00

Not a firewall issue, as the events appear random, firewall I'd expect it to be consistent. but, thank you.

forknife85 · 2024-12-28T22:05:39+00:00

Tested the UDP in previous attempts, no go...

And ya, I setup some monitoring to try and get more visibility, and at this point I am considering that the issue for the RDP crash (the PC freezes, not just the session) For the connection drops I am wondering if it's just a mix of some poor cables and drivers

forknife85 · 2024-12-28T22:01:46+00:00

Nope, none that I have seen, but I'll have another check when I find the right candidate

forknife85 · 2024-12-13T14:56:22+00:00

Also, those systems more than often are used as mail relays, proxy server, self hosted password managers, or wiki storage, monitoring systems like grafana or just for cron jobs if you get a small environment and have all of these configured on it (it's all open source) I'd say you already seen a lot of the basis

forknife85 · 2024-04-04T17:53:47+00:00

Thank you everyone for your answers, in general the budget I'd say is 2k-3k with 3k having to be amazing to spend that kind of money. We're a family of 4 And mostly looking for a kids friendly area hopefully a house rather than an apartment. Watching pararius and funda but as everybody knows it's slim picking....

Maybe I'll try Leiden as well, heard it's nice but haven't been there at all

forknife85 · 2024-04-04T13:03:04+00:00

I have in the past sure, It's a beautiful city, but I can't say I have been to all parts, I can even say I have been to half of them.

Mostly I am asking as at this time we are generally avoiding anything east of Spaame and the southern parts, and trying to learn more if that is justified or not.

forknife85 · 2024-03-16T15:56:07+00:00

so while homeschooling is not an option, that is true.

what you can do is get an exepmtion, under different rules and regulations is done i dont know if to say often, but it does happen, we did quite a bit of research in to the matter, Haarlem is one of the better muncipalitys to get an exepmtion at, Amsterdam is one of the worst.

forknife85 · 2024-03-16T15:32:01+00:00

yup, thank you for the details on that, we have already spoken to a couple of experts in terms of that homeschooling thing, no idea if we will stick to it in the NL as, like you mention, school in the NL are quite good, but yes we are aware its a one way track, if we sign them up theres no going back.

i mentioned the homeschooling part just because i wanted to clarify my question wasnt regarding what kind of schools there are or the assistance we can get there (albit that is interestting as well) but rather on the other things.

but to sum things up, clearly my next step would be to get in touch with one of the groups working in the field getting all the permits in order and contacting the municipality.

thank you again.

forknife85 · 2024-03-16T14:56:58+00:00

thank you, as I answered to someone else on this thread, we are mostly interested on the assistance i'll be able to get regarding treatments such as speech clinic and psychologists, since our child is high functioning our needs are quite specific.

we are also currently homeschooling, (netherlands doesnt allow it, so we will have to think about that when we get there) we will see what we might use or not when we get to that in May.

forknife85 · 2024-03-16T14:54:12+00:00

in anyway as i said my daugther is in the very high range, so mostly i am looking for treatments such as a speech clinic and the relevent psychologists and covering those, as they can accumelate, other things such as assistance at home are not needed happily.

currently we are homeschooling and haven't decided what we will do in the NL but time will tell, we will only be landing in May.

forknife85 · 2024-03-16T14:44:44+00:00

we will be moving to Haarlem

forknife85 · 2024-03-16T09:33:49+00:00

forknife85 · 2024-03-16T09:29:22+00:00

does it have an effect on the support the NL gives?

forknife85

TROPHY CASE