Updating for W365 support, a new PEM X.509 cert process, and completed documentation for the new process #2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
NOT COMPLETE - still needs more info but I want to make a coding change.
Updating for Windows 365 / Cloud PCs which have their JoinInfo child key as their Azure ID rather than the thumbprint
still not done
Fixed issue pertaining to Cloud PCs (Windows 365) devices ability to locate their AzureADDeviceID.
@AzureToTheMax Updated for Cloud PCs which don't have their thumbprint as their JoinInfo key name.
@AzureToTheMax - Updated to use X509 for the full public key with extended properties in the PEM format
@AzureToTheMax - Updated to no longer use Thumbprint field, now redundant.
Just adding a note for future someone. AzureToTheMax was here - this function does not appear to be used anywhere? If it is, it may need to be updated to accept a full PEM and use the X502 class like the others.
@AzureToTheMax - Updated to use full PEM cert via X502, extract the public key, and perform test like before using that.
@AzureToTheMax - Fixed issue pertaining to Cloud PCs (Windows 365) devices ability to locate their AzureADDeviceID.
@AzureToTheMax - Fixed issue pertaining to Cloud PCs (Windows 365) devices ability to locate their AzureADDeviceID.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This contains...
Updates to make the client side scripts better compatible with Windows 365 devices.
Updates to use the full PEM formatted X.509 public certificate as a single value upload to replace the fields for the Azure Device ID, Thumbprint, and raw public key as all three values are contained within this cert. This includes modifications to the client side scripts to generate this alternate base body, as well as a new function for the Function App and alterations to the Function App to be able to pull apart this certificate into the needed values. So far I have not had any issues in testing/deploying this to AAD and Hybrid Win10/11 devices.
There is a new sample script which exports the PEM X.509 public certificate to the .CER format for visual inspection. This is the same content which is passed in the body and allows visual confirmation that the private key is not part of this upload. The Base64 content simply needs to be broken into lines of a certain length, along with a header and footer added, to then be in the .CER format.
All of this is covered in the revamped and completed documentation regarding how the process works in the ReadMe.