deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 06:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #3543 from nenonix/patch-28

Browse Source 
Update hello-hybrid-cert-trust-prereqs.md
This commit is contained in:
Daniel Simpson 2019-05-08 09:32:27 -07:00 committed by GitHub
commit 061e614330
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
View File

@ -27,10 +27,10 @@ Hybrid environments are distributed systems that enable organizations to use on-
The distributed systems on which these technologies were built involved several pieces of on-premises and cloud infrastructure. High-level pieces of the infrastructure include: The distributed systems on which these technologies were built involved several pieces of on-premises and cloud infrastructure. High-level pieces of the infrastructure include:
* [Directories](#directories) * [Directories](#directories)
* [Public Key Infrastucture](#public-key-infrastructure) * [Public Key Infrastructure](#public-key-infrastructure)
* [Directory Synchronization](#directory-synchronization) * [Directory Synchronization](#directory-synchronization)
* [Federation](#federation) * [Federation](#federation)
* [MultiFactor Authentication](#multifactor-authentication) * [Multifactor Authentication](#multifactor-authentication)
* [Device Registration](#device-registration) * [Device Registration](#device-registration)
## Directories ## ## Directories ##
@ -57,7 +57,7 @@ Review these requirements and those from the Windows Hello for Business planning
## Public Key Infrastructure ## ## Public Key Infrastructure ##
The Windows Hello for Business deployment depends on an enterprise public key infrastructure as trust anchor for authentication. Domain controllers for hybrid deployments need a certificate in order for Windows 10 devices to trust the domain controller. The Windows Hello for Business deployment depends on an enterprise public key infrastructure as trust anchor for authentication. Domain controllers for hybrid deployments need a certificate in order for Windows 10 devices to trust the domain controller.
Certificate trust deployments need an enterprise public key infrastructure and a certificate registration authority to issue authentication certificates to users. When using Group Policy, hybrid certificate trust deployment use the Windows Server 2016 Active Directory Federation Server (AS FS) as a certificate registration authority. Certificate trust deployments need an enterprise public key infrastructure and a certificate registration authority to issue authentication certificates to users. When using Group Policy, hybrid certificate trust deployment uses the Windows Server 2016 Active Directory Federation Server (AD FS) as a certificate registration authority.
The minimum required enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012. The minimum required enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012.
@ -96,7 +96,7 @@ The AD FS farm used with Windows Hello for Business must be Windows Server 2016
## Multifactor Authentication ## ## Multifactor Authentication ##
Windows Hello for Business is a strong, two-factor credential the helps organizations reduce their dependency on passwords. The provisioning process lets a user enroll in Windows Hello for Business using their username and password as one factor. but needs a second factor of authentication. Windows Hello for Business is a strong, two-factor credential the helps organizations reduce their dependency on passwords. The provisioning process lets a user enroll in Windows Hello for Business using their username and password as one factor. but needs a second factor of authentication.
Hybrid Windows Hello for Business deployments can use Azures Multifactor Authentication service or they can use multifactor authentication provides by Windows Server 2016 Active Directory Federation Services, which includes an adapter model that enables third parties to integrate their multifactor authentication into AD FS. Hybrid Windows Hello for Business deployments can use Azures Multifactor Authentication service, or they can use multifactor authentication provides by Windows Server 2016 Active Directory Federation Services, which includes an adapter model that enables third parties to integrate their multifactor authentication into AD FS.
### Section Review ### Section Review
> [!div class="checklist"] > [!div class="checklist"]
@ -119,7 +119,7 @@ Hybrid certificate trust deployments need the device write back feature. Authen
<br> <br>
### Next Steps ### ### Next Steps ###
Follow the Windows Hello for Business hybrid certificate trust deployment guide. For proof-of-concepts, labs, and new installations, choose the **New Installation Basline**. Follow the Windows Hello for Business hybrid certificate trust deployment guide. For proof-of-concepts, labs, and new installations, choose the **New Installation Baseline**.
If your environment is already federated, but does not include Azure device registration, choose **Configure Azure Device Registration**. If your environment is already federated, but does not include Azure device registration, choose **Configure Azure Device Registration**.