Category Archives: Windows Hello for Business

Identity-related sessions at Microsoft Build 2024

Microsoft organizes Microsoft Build 2024 as a free digital event between Tuesday May 21st 6 PM CEST and Friday May 24th 11 AM CEST. Microsoft Build is Microsoft’s annual conference event, aimed at software engineers and web developers using Windows, Microsoft Azure and other Microsoft technologies. First held in 2011, it serves as a successor […]


Join us for the GET-IT Identity Management and Privileged Access Management Conference on March 30, 2023

A few weeks ago, I was invited as a speaker for’s GET-IT Identity Management and Privileged Access Management 1-Day Virtual Conference on March 30th, 2023.   About the GET-IT Identity Management and Privileged Access Management Conference GET-IT Conferences are 1-day virtual events, organized by The upcoming GET-IT Conference has Identity Management and Privileged Access Management […]


HOWTO: Troubleshoot Windows Hello for Business Hybrid Access

Windows Hello for Business on Azure AD-joined devices is capable of providing single sign-on access to Active Directory domain-joined services and servers in Hybrid Identity setups. Microsoft provides guides to configure this access in several ways: Certificate Trust, Key Trust and Hybrid Cloud Trust. Each of the three Windows Hello for Business Hybrid Access trust […]


Why Everyone’s talking about Hybrid Cloud Trust

In a world with both Active Directory and Azure AD, organizations have to make choices. It seems they can either stick with their proven Active Directory, or jump ahead to Azure AD. Luckily, there’s a third option. Using Azure AD Connect, organizations can have the best of the Active Directory and Azure AD worlds. The […]


TODO: Upgrade the Certificates for your Windows Server 2016-based Domain Controllers (and up) to enable Windows Hello for Business Hybrid Scenarios

While many Active Directory environments use the default settings from 2003, other environments have adapted to enable new functionality, like Windows Hello for Business. To do so, the default Domain Controllers certificates and certificate templates need to be replaced, as they do not fulfill all of the requirements set out for them. This blogpost shows […]


I’m co-organizing the KNVI Knowledge BBQ in Rotterdam

On Wednesday September 7th, 2022, I’m co-organizing KNVI’s Knowledge BBQ Dutch at ZiPPERZ in Rotterdam. Fellow speakers Raymond Comvalius and Erwin Derksen complete the line-up for this Microsoft-inspired event. About KNVI The Dutch Professional Association of Information and IT Professionals (KNVI) is an independent platform for sharing professional knowledge and expanding the personal networks of […]


TODO: Periodically reset the password for the KRBTGT_AzureAD account when using Hybrid Cloud Trust

Microsoft offers Hybrid Cloud Trust as a way to offer people with synchronized Work or School accounts on Azure AD-joined device seamless single sign-on access to Active Directory-integrated resources. When they sign in with Windows Hello for Business (WHfB), the Active Directory-integrated functionality doesn’t prompt for username and password.   How Hybrid Cloud Trust works […]


You’re invited to the IT-University Masterclass – Windows Hello for Business Hybrid Access explained

On March 7th, 2022, I will be presenting a masterclass, together with Raymond Comvalius for Dutch Raymond and I will be presenting on establishing device trust in the modern age. “Every time you choose Hybrid Azure AD Join over Azure AD Join an angel loses its wings.” The Microsoft product team makes it abundantly […]