mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-18 20:03:40 +00:00
Delete unused web sign-in images
This commit is contained in:
Paolo Matarazzo
Binary file not shown.
|
Before Width: | Height: | Size: 2.7 MiB |
Binary file not shown.
|
Before Width: | Height: | Size: 362 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 3.0 MiB |
Binary file not shown.
|
Before Width: | Height: | Size: 328 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 3.3 MiB |
Binary file not shown.
|
Before Width: | Height: | Size: 322 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 3.3 MiB |
Binary file not shown.
|
Before Width: | Height: | Size: 433 KiB |
@ -77,17 +77,18 @@ Alternatively, you can configure devices using a [custom policy][INT-1] with the
|
||||
|
||||
Once the devices are configured, a new sign-in experience becomes available, as indicated by the presence of the Web sign-in credential provider :::image type="icon" source="images/web-sign-in-credential-provider.svg" border="false"::: in the Windows lock screen.
|
||||
|
||||
:::image type="content" source="images/lock-screen.png" border="false" lightbox="images/lock-screen.png" alt-text="Screenshot of the Windows lock screen showing the Web sign-in credential provider.":::
|
||||
:::image type="content" source="images/lock-screen.png" border="false" alt-text="Screenshot of the Windows lock screen showing the Web sign-in credential provider.":::
|
||||
|
||||
Here's a list of key scenarios supported by Web sign-in, and a brief animation showing the user experience. Select the thumbnail to start the animation.
|
||||
|
||||
### Passwordless sign-in
|
||||
|
||||
:::row:::
|
||||
:::column span="3":::
|
||||
:::column span="2":::
|
||||
Users can sign in to Windows passwordless, even before enrolling in Windows Hello for Business. For example, by using the Microsoft Authenticator app as a sign-in method.
|
||||
:::column-end:::
|
||||
:::column span="1":::
|
||||
:::image type="content" source="images/web-sign-in-authenticator.png" border="false" lightbox="images/web-sign-in-authenticator.gif" alt-text="Animation of the Web sign-in experience with Microsoft Authenticator.":::
|
||||
:::column span="2":::
|
||||
> [!VIDEO https://learn-video.azurefd.net/vod/player?id=974e445a-b78a-4555-86db-919473907535]
|
||||
:::column-end:::
|
||||
:::row-end:::
|
||||
|
||||
@ -102,11 +103,11 @@ To learn more:
|
||||
### Windows Hello for Business PIN reset
|
||||
|
||||
:::row:::
|
||||
:::column span="3":::
|
||||
:::column span="2":::
|
||||
The Windows Hello PIN reset flow is seamless and more robust than in previous versions.
|
||||
:::column-end:::
|
||||
:::column span="1":::
|
||||
:::image type="content" source="images/web-sign-in-pin-reset.png" border="false" lightbox="images/web-sign-in-pin-reset.gif" alt-text="Animation of the PIN reset in experience.":::
|
||||
:::column span="2":::
|
||||
> [!VIDEO https://learn-video.azurefd.net/vod/player?id=310f7665-6276-4ad8-b76e-429073c10972]
|
||||
:::column-end:::
|
||||
:::row-end:::
|
||||
|
||||
@ -115,36 +116,37 @@ For more information, see [PIN reset](../hello-for-business/hello-feature-pin-re
|
||||
### Temporary Access Pass (TAP)
|
||||
|
||||
:::row:::
|
||||
:::column span="3":::
|
||||
:::column span="2":::
|
||||
A Temporary Access Pass (TAP) is a time-limited passcode granted by an administrator to a user. Users can sign in with a TAP using the Web sign-in credential provider. For example:
|
||||
|
||||
- to onboard Windows Hello for Business or a FIDO2 security key
|
||||
- if lost or forgotten FIDO2 security key and unknown password
|
||||
|
||||
:::column-end:::
|
||||
:::column span="1":::
|
||||
:::image type="content" source="images/web-sign-in-tap.png" border="false" lightbox="images/web-sign-in-tap.gif" alt-text="Animation of the TAP sign in experience.":::
|
||||
:::column span="2":::
|
||||
> [!VIDEO https://learn-video.azurefd.net/vod/player?id=8d80bef4-96a8-4467-8e67-e0637bdabcd8]
|
||||
:::column-end:::
|
||||
:::row-end:::
|
||||
|
||||
For more information, see [Use a Temporary Access Pass][AAD-3].
|
||||
|
||||
### Sign in with a federated identity
|
||||
### Federated authentication
|
||||
|
||||
:::row:::
|
||||
:::column span="3":::
|
||||
:::column span="2":::
|
||||
If the Microsoft Entra tenant is federated with a third-party SAML-P identity provider (IdP), federated users can sign using the Web sign-in credential provider.
|
||||
:::column-end:::
|
||||
:::column span="1":::
|
||||
:::image type="content" source="images/web-sign-in-federated-auth.png" border="false" lightbox="images/web-sign-in-federated-auth.gif" alt-text="Animation of the sign in experience with a federated user.":::
|
||||
:::column span="2":::
|
||||
> [!VIDEO https://learn-video.azurefd.net/vod/player?id=88ad0efb-9031-428c-a3cf-612c47810ecf]
|
||||
:::column-end:::
|
||||
:::row-end:::
|
||||
|
||||
> [!TIP]
|
||||
> To improve the user experience for federated identities:
|
||||
>
|
||||
> - Configure the *preferred Microsoft Entra tenant name* feature, which allows users to select the domain name during the sign-in process. The users are then automatically redirected to the identity provider sign-in page.
|
||||
> - Enable Windows Hello for Business. Once the user signs in, the user can enroll in Windows Hello for Business and then use it to sign in to the device
|
||||
> - Configure the *preferred Microsoft Entra tenant name* feature, which allows users to select the domain name during the sign-in process. The users are then automatically redirected to the identity provider sign-in page
|
||||
> :::image type="content" source="images/web-sign-in-preferred-tenant.png" alt-text="Screenshot of the Windows lock screen with preferred tenant configured.":::
|
||||
|
||||
For more information about preferred tenant name, see [Authentication CSP - PreferredAadTenantDomainName][WIN-1].
|
||||
|
||||
|
||||
Reference in New Issue
Block a user