If a Bluetooth based FIDO2 key is used, it must be connected by cable in this phase. After the successful sign-in, the computer is connected to the Azure AD (Azure AD Join) and enrolled in Intune if configured. When setting up Windows using the out-of-box experience, select “Setup for an Organization” and then the option “Sign-in with Security Key” is directly available in the Windows 10 20H2 version used here. *At the end of this blog I present a method with which a deployment is also possible via TAP using preview features of Autopilot and Intune. Now the setup of the Privileged Admin Workstation (PAW) can be performed. Unfortunately, the use of the Temporary Access Pass is not possible* during the initial setup of Windows using the out-of-box experience or Autopilot.
This initial sign-in had to be performed on an already set up device due to restrictions during Windows 10 enrollment. The administrator account we use for passwordless sign-in has now performed its initial sign-in and registered a FIDO2 security key for permanent log-in. PowerShell administration without a password.Windows 10 device onboarding and Windows Hello for Business.
0 kommentar(er)
