Configure Device Registration for Hybrid key trust Windows Hello for Business

Applies to

  • Windows 10, version 1703 or later
  • Hybrid deployment
  • Key trust

You are ready to configure device registration for your hybrid environment. Hybrid Windows Hello for Business deployment needs device registration to enable proper device authentication.


Before proceeding, you should familiarize yourself with device registration concepts such as:

  • Azure AD registered devices
  • Azure AD joined devices
  • Hybrid Azure AD joined devices

You can learn about this and more by reading Introduction to Device Management in Azure Active Directory.

Configure Azure for Device Registration

Begin configuring device registration to support Hybrid Windows Hello for Business by configuring device registration capabilities in Azure AD.

To do this, follow the Configure device settings steps under Setting up Azure AD Join in your organization

Next, follow the guidance on the How to configure hybrid Azure Active Directory joined devices page. In the Configuration steps section, identify your configuration at the top of the table (either Windows current and password hash sync or Windows current and federation) and perform only the steps identified with a check mark.

Follow the Windows Hello for Business hybrid key trust deployment guide

  1. Overview
  2. Prerequisites
  3. New Installation Baseline
  4. Configure Directory Synchronization
  5. Configure Azure Device Registration (You are here)
  6. Configure Windows Hello for Business settings
  7. Sign-in and Provision