This is for the _ActiveDirectory_. If your machine is joined into a domain, the keys will be stored ...

cyberax • yesterday at 8:36 PM • 2 replies • view on HN

This is for the _ActiveDirectory_. If your machine is joined into a domain, the keys will be stored in the AD.

This does not apply to standalone devices. MS doesn't have a magic way to reach into your laptop and pluck the keys.

Replies

> MS doesn't have a magic way to reach into your laptop and pluck the keys.

Of course they do! They can just create a Windows Update that does it. They have full administrative access to every single PC running Windows in this way.

➕ show 1 reply

shawnz • yesterday at 8:59 PM

Furthermore it seems like it's specific to Azure AD, and I'm guessing it probably only has effect if you enable to option to back up the keys to AD in the first place, which is not mandatory

I'd be curious to see a conclusive piece of documentation about this, though

➕ show 1 reply

alt Hacker News

Replies