diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md index 9cae1df1de..ec3e102ad3 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md @@ -17,6 +17,7 @@ ms.date: 08/19/2018 - Windows 10 - Azure Active Directory joined - Hybrid Deployment +- Certificate trust If you plan to use certificates for on-premises single-sign on, then follow these **addtional** steps to configure the environment to enroll a Windows Hello for Business certificates for Azure AD joined devices. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md index 1fa2a59b67..33d6215205 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md @@ -14,9 +14,10 @@ ms.date: 08/19/2018 # Windows Hello for Business Certificate Trust New Installation **Applies to** -- Windows 10 +- Windows 10, version 1703 or later +- Hybrid deployment +- Certificate trust ->This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher. Windows Hello for Business involves configuring distributed technologies that may or may not exist in your current infrastructure. Hybrid certificate trust deployments of Windows Hello for Business rely on these technologies diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md index 4f795e5493..1ad4aaad24 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md @@ -14,9 +14,10 @@ ms.date: 08/18/2018 # Configure Device Registration for Hybrid Windows Hello for Business **Applies to** -- Windows 10 +- Windows 10, version 1703 or later +- Hybrid deployment +- Certificate trust ->This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher. You're environment is federated and you are ready to configure device registration for your hybrid environment. Hybrid Windows Hello for Business deployment needs device registration and device write-back to enable proper device authentication. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md index 99e376399b..3885bdbc50 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md @@ -14,11 +14,11 @@ ms.date: 08/19/2018 # Hybrid Windows Hello for Business Prerequisites **Applies to** -- Windows 10 +- Windows 10, version 1703 or later +- Hybrid deployment +- Certificate trust ->This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher. - Hybrid environments are distributed systems that enable organizations to use on-premises and Azure-based identities and resources. Windows Hello for Business uses the existing distributed system as a foundation on which organizations can provide two-factor authentication that provides a single sign-in like experience to modern resources. The distributed systems on which these technologies were built involved several pieces of on-premises and cloud infrastructure. High-level pieces of the infrastructure include: diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md index 97b72c76a3..30efcbd805 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md @@ -14,9 +14,9 @@ ms.date: 09/08/2017 # Hybrid Azure AD joined Certificate Trust Deployment **Applies to** -- Windows 10 - ->This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher. +- Windows 10, version 1703 or later +- Hybrid deployment +- Certificate trust Windows Hello for Business replaces username and password sign-in to Windows with strong user authentication based on asymmetric key pair. The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in a hybrid certificate trust scenario. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md index 044564711e..124a34248b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md @@ -14,11 +14,11 @@ ms.date: 08/19/2018 # Hybrid Windows Hello for Business Provisioning **Applies to** -- Windows 10 +- Windows 10, version 1703 or later +- Hybrid deployment +- Certificate trust ->This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher. - ## Provisioning The Windows Hello for Business provisioning begins immediately after the user has signed in, after the user profile is loaded, but before the user receives their desktop. Windows only launches the provisioning experience if all the prerequisite checks pass. You can determine the status of the prerequisite checks by viewing the **User Device Registration** in the **Event Viewer** under **Applications and Services Logs\Microsoft\Windows**. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md index 7273b0af95..4395d9c432 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md @@ -14,9 +14,10 @@ ms.date: 08/19/2018 # Configuring Windows Hello for Business: Active Directory **Applies to** -- Windows 10 +- Windows 10, version 1703 or later +- Hybrid deployment +- Certificate trust ->This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher. The key synchronization process for the hybrid deployment of Windows Hello for Business needs the Windows Server 2016 Active Directory schema. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md index b895f11186..25208af1bd 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md @@ -9,17 +9,16 @@ ms.pagetype: security, mobile ms.localizationpriority: medium author: mikestephens-MS ms.author: mstephen -ms.date: 08/06/2018 +ms.date: 08/20/2018 --- # Configure Windows Hello for Business: Active Directory Federation Services **Applies to** -- Windows10 +- Windows10, version 1703 or later +- Hybrid deployment +- Certificate trust ## Federation Services - ->This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher. - The Windows Server 2016 Active Directory Federation Server Certificate Registration Authority (AD FS RA) enrolls for an enrollment agent certificate. Once the registration authority verifies the certificate request, it signs the certificate request using its enrollment agent certificate and sends it to the certificate authority. The Windows Hello for Business Authentication certificate template is configured to only issue certificates to certificate requests that have been signed with an enrollment agent certificate. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md index bad24d1a9c..7464c27892 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md @@ -14,9 +14,10 @@ ms.date: 10/23/2017 # Configure Hybrid Windows Hello for Business: Directory Synchronization **Applies to** -- Windows 10 +- Windows 10, version 1703 or later +- Hybrid deployment +- Certificate trust ->This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher. ## Directory Synchronization diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md index dcf4752f16..f6a16d45b9 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md @@ -15,11 +15,10 @@ ms.date: 08/19/2018 # Configure Hybrid Windows Hello for Business: Public Key Infrastructure **Applies to** -- Windows 10 +- Windows 10, version 1703 or later - Hybrid Deployment - Certificate Trust ->This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher. Windows Hello for Business deployments rely on certificates. Hybrid deployments uses publicly issued server authentication certificates to validate the name of the server to which they are connecting and to encrypt the data that flows them and the client computer. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md index 142682b7cf..9728d0ac98 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md @@ -14,9 +14,10 @@ ms.date: 08/19/2018 # Configure Hybrid Windows Hello for Business: Group Policy **Applies to** -- Windows 10 +- Windows 10, version 1703 or later +- Hybrid deployment +- Certificate trust ->This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher. ## Policy Configuration diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md index b7090aa9d8..f3f298b684 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md @@ -14,9 +14,10 @@ ms.date: 08/19/2018 # Configure Windows Hello for Business **Applies to** -- Windows 10 +- Windows 10, version 1703 or later +- Hybrid deployment +- Certificate trust ->This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher. You're environment is federated and you are ready to configure your hybrid environment for Windows Hello for business using the certificate trust model. > [!IMPORTANT] diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md index 4aabb4581d..8ec23ffcaa 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md @@ -14,11 +14,10 @@ ms.date: 08/19/2018 # Windows Hello for Business Key Trust New Installation **Applies to** -- Windows 10 +- Windows 10, version 1703 or later - Hybrid deployment - Key trust ->This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher. Windows Hello for Business involves configuring distributed technologies that may or may not exist in your current infrastructure. Hybrid key trust deployments of Windows Hello for Business rely on these technologies diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md index 7a69aa6510..c4ddccad00 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md @@ -14,10 +14,10 @@ ms.date: 08/19/2018 # Configure Device Registration for Hybrid key trust Windows Hello for Business **Applies to** -- Windows 10 +- Windows 10, version 1703 or later +- Hybrid deployment +- Key trust - ->This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher. You are ready to configure device registration for your hybrid environment. Hybrid Windows Hello for Business deployment needs device registration to enable proper device authentication. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md index 6567d47146..041c3f0a23 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md @@ -14,11 +14,10 @@ ms.date: 08/19/2018 # Configure Directory Synchronization for Hybrid key trust Windows Hello for Business **Applies to** -- Windows 10 +- Windows 10, version 1703 or later - Hybrid deployment - Key trust ->This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher. You are ready to configure directory synchronization for your hybrid environment. Hybrid Windows Hello for Business deployment needs both a cloud and an on-premises identity to authenticate and access resources in the cloud or on-premises. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index 77cd051896..1f52484fec 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -9,16 +9,16 @@ ms.pagetype: security, mobile author: mikestephens-MS ms.author: mstephen localizationpriority: high -ms.date: 05/05/2018 +ms.date: 08/20/2018 --- # Hybrid Key trust Windows Hello for Business Prerequisites **Applies to** -- Windows 10 +- Windows 10, version 1703 or later +- Hybrid deployment +- Key trust ->This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher. - Hybrid environments are distributed systems that enable organizations to use on-premises and Azure-based identities and resources. Windows Hello for Business uses the existing distributed system as a foundation on which organizations can provide two-factor authentication that provides a single sign-in like experience to modern resources. The distributed systems on which these technologies were built involved several pieces of on-premises and cloud infrastructure. High-level pieces of the infrastructure include: diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md index 397e878d3c..8fb2bf361a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md @@ -9,14 +9,14 @@ ms.pagetype: security, mobile author: mikestephens-MS ms.author: mstephen ms.localizationpriority: medium -ms.date: 10/20/2017 +ms.date: 08/20/2018 --- # Hybrid Azure AD joined Key Trust Deployment **Applies to** -- Windows 10 - ->This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher. +- Windows 10, version 1703 or later +- Hybrid deployment +- Key trust Windows Hello for Business replaces username and password sign-in to Windows with strong user authentication based on asymmetric key pair. The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in a hybrid key trust scenario. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md index ce0710525a..fecb1059be 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md @@ -9,16 +9,16 @@ ms.pagetype: security, mobile author: mikestephens-MS ms.author: mstephen ms.localizationpriority: medium -ms.date: 10/20/2017 +ms.date: 08/20/2018 --- # Hybrid Windows Hello for Business Provisioning **Applies to** -- Windows 10 +- Windows 10, version 1703 or later +- Hybrid deployment +- Key trust ->This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher. - ## Provisioning The Windows Hello for Business provisioning begins immediately after the user has signed in, after the user profile is loaded, but before the user receives their desktop. Windows only launches the provisioning experience if all the prerequisite checks pass. You can determine the status of the prerequisite checks by viewing the **User Device Registration** in the **Event Viewer** under **Applications and Services Logs\Microsoft\Windows**. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md index 595a7ae46c..c2821a19f1 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md @@ -9,14 +9,15 @@ ms.pagetype: security, mobile ms.localizationpriority: medium author: mikestephens-MS ms.author: mstephen -ms.date: 05/05/2018 +ms.date: 08/20/2018 --- # Configuring Hybrid key trust Windows Hello for Business: Active Directory **Applies to** -- Windows 10 +- Windows 10, version 1703 or later +- Hybrid deployment +- Key trust ->This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher. Configure the appropriate security groups to efficiently deploy Windows Hello for Business to users. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md index 46cb0337c9..4679d66c11 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md @@ -14,9 +14,10 @@ ms.date: 08/19/2018 # Configure Hybrid Windows Hello for Business: Directory Synchronization **Applies to** -- Windows 10 +- Windows 10, version 1703 or later +- Hybrid deployment +- Key trust ->This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher. ## Directory Syncrhonization diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md index 334e00c666..21befdf74e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md @@ -15,11 +15,10 @@ ms.date: 08/19/2018 # Configure Hybrid Windows Hello for Business: Public Key Infrastructure **Applies to** -- Windows 10 +- Windows 10, version 1703 or later - Hybrid Deployment - Key trust ->This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher. Windows Hello for Business deployments rely on certificates. Hybrid deployments uses publicly issued server authentication certificates to validate the name of the server to which they are connecting and to encrypt the data that flows them and the client computer. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md index 8192d6a21d..1a0b808710 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md @@ -9,14 +9,15 @@ ms.pagetype: security, mobile localizationpriority: high author: mikestephens-MS ms.author: mstephen -ms.date: 05/05/2018 +ms.date: 08/20/2018 --- # Configure Hybrid Windows Hello for Business: Group Policy **Applies to** -- Windows 10 +- Windows 10, version 1703 or later +- Hybrid deployment +- Key trust ->This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher. ## Policy Configuration diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md index 49ac794f2d..c28c97dce0 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md @@ -14,9 +14,10 @@ ms.date: 08/19/2018 # Configure Hybrid Windows Hello for Business key trust settings **Applies to** -- Windows 10 +- Windows 10, version 1703 or later +- Hybrid deployment +- Key trust ->This guide only applies to Hybrid deployments for Windows 10, version 1703 or higher. You are ready to configure your hybrid key trust environment for Windows Hello for Business.