▲ 4 r/sophos

New Sophos Academy Interface

Hi guys, just logged into the new sophos academy interface and im pretty overrun.
I just cant seem to find my way around in it. Looking back i enjoyed the simple style of the old interface, but there surely is no way of going back. With time maybe I'll find my way around.

To the question, where can i now see my own completed certifications and courses and their respective expiration date ? In the FAQ the explanation to finding my certs doesnt lead me anywhere, but surely there is still an overview somewhere.

reddit.com
u/Virtual_Fondant7424 — 10 days ago
▲ 3 r/entra+3 crossposts

RDS Farm and WhfB Cloud Trust - Need Input

Hi everyone,

We're currently implementing passwordless Windows logon using YubiKeys (FIDO2) with Microsoft Entra ID Hybrid Authentication in an on-premises environment.

The client devices and Windows logon workflow are working as expected so far.

Our challenge is with our Remote Desktop Services deployment:

  • 2x Session Hosts
  • RD Connection Broker
  • RD Gateway
  • RemoteApps published through the farm
  • High availability and load balancing via the Broker

For passwordless sign-in, we found that we can publish RemoteApps through RAWeb and enable "Use Web Sign-In" in the RDP file/settings.

However, Web Sign-In seems to require the client to authenticate directly against the target server and validate the certificate presented by that server.

Because of this, it appears that:

  1. The RD Gateway and/or Connection Broker do not understand or participate in the Entra/FIDO2 authentication flow.
  2. We cannot use the normal farm name / broker-based connection workflow.
  3. We would have to publish RemoteApps directly against individual Session Hosts.
  4. This effectively removes the high availability and redundancy provided by the Broker.

Our current assumption is that Web Sign-In + FIDO2 passwordless authentication is not compatible with the traditional RDS Broker/Gateway farm architecture, at least not in a way that preserves load balancing and HA.

Questions:

  • Is our understanding correct?
  • Has anyone successfully deployed YubiKey/FIDO2 passwordless authentication with an on-prem RDS farm using Broker and Gateway?
  • Are there supported architectures that preserve HA and load balancing?
  • Is Azure Virtual Desktop the only Microsoft-supported solution for this scenario?
  • Are there third-party solutions that bridge this gap?

Any experiences, design recommendations, or Microsoft documentation references would be greatly appreciated.

Thanks!

reddit.com
u/Virtual_Fondant7424 — 14 days ago
▲ 4 r/entra

Overview or Cheatsheet - Windows Hello / H4B and the Auth Methods of each way

Hello, can anybody help me out with good visual material concerning the title ? Looking for visuals explaining the difference of Hello and Hello for Business and their respective possible authentication methods and in how far they are MFA. Impressive how many Customer's IT Managers are struggling keeping all the topics apart. Thanks !

reddit.com
u/Virtual_Fondant7424 — 19 days ago