🔥 3-day streak
Microsoft Identity and Access Administrator126 / 126
Question 126 of 126

Contoso is deploying Windows Hello for Business to Azure AD-joined (Entra joined) devices. Users must be able to sign in with a PIN or biometric gesture and then access on-premises file shares that rely on Active Directory Kerberos authentication. The environment uses Entra Connect with password hash sync, and the security team wants the simplest deployment that avoids issuing per-user certificates and avoids deploying a Public Key Infrastructure. Which Windows Hello for Business trust model should you configure?

Reviewed for accuracy · Report an issue