From 0a1d2ff749369703432c8df539b642d594141e80 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Tue, 13 Dec 2022 11:04:29 -0500
Subject: [PATCH] updates
---
.../hello-cert-trust-validate-ad-prereq.md | 4 +--
.../hello-cert-trust-validate-deploy-mfa.md | 30 +++++++++++--------
.../hello-cert-trust-validate-pki.md | 4 +--
.../hello-key-trust-validate-ad-prereq.md | 4 +--
.../hello-key-trust-validate-deploy-mfa.md | 5 ++--
.../hello-key-trust-validate-pki.md | 4 +--
.../hello-for-business/toc.yml | 4 +--
7 files changed, 31 insertions(+), 24 deletions(-)
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
index 06108fd275..6931620e57 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
@@ -1,5 +1,5 @@
---
-title: Validate Active Directory prerequisites
+title: Validate Active Directory prerequisites in an on-premises certificate trust
description: Validate Active Directory prerequisites when deploying Windows Hello for Business in a certificate trust model.
ms.date: 12/12/2022
appliesto:
@@ -7,7 +7,7 @@ appliesto:
- ✅ Windows Server 2016 and later
ms.topic: tutorial
---
-# Validate Active Directory prerequisites
+# Validate Active Directory prerequisites - on-premises certificate trust
[!INCLUDE [hello-on-premises-cert-trust](../../includes/hello-on-premises-cert-trust.md)]
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
index 28d010fbd8..6267f15663 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
@@ -1,25 +1,31 @@
---
title: Validate and Deploy MFA for Windows Hello for Business with certificate trust
-description: How to Validate and Deploy Multi-factor Authentication (MFA) Services for Windows Hello for Business with certificate trust
-ms.date: 08/19/2018
+description: Validate and deploy multi-factor authentication (MFA) for Windows Hello for Business in an on-premises certificate trust model.
+ms.date: 12/13/2022
appliesto:
- ✅ Windows 10 and later
- ✅ Windows Server 2016 and later
-ms.topic: article
+ms.topic: tutorial
---
-# Validate and Deploy Multi-Factor Authentication feature
+
+# Validate and deploy multi-factor authentication - on-premises certificate trust
[!INCLUDE [hello-on-premises-cert-trust](../../includes/hello-on-premises-cert-trust.md)]
-Windows Hello for Business requires all users perform multi-factor authentication prior to creating and registering a Windows Hello for Business credential. On-premises deployments can use certificates, third-party authentication providers for AD FS, or a custom authentication provider for AD FS as an on-premises MFA option.
+Windows Hello for Business requires users perform multi-factor authentication (MFA) prior to enroll in the service. On-premises deployments can use, as MFA option:
-For information on available third-party authentication methods, see [Configure Additional Authentication Methods for AD FS](/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs). For creating a custom authentication method, see [Build a Custom Authentication Method for AD FS in Windows Server](/windows-server/identity/ad-fs/development/ad-fs-build-custom-auth-method)
+- certificates
+- third-party authentication providers for AD FS
+- custom authentication provider for AD FS
-Follow the integration and deployment guide for the authentication provider you select to integrate and deploy it to AD FS. Make sure that the authentication provider is selected as a multi-factor authentication option in the AD FS authentication policy. For information on configuring AD FS authentication policies, see [Configure Authentication Policies](/windows-server/identity/ad-fs/operations/configure-authentication-policies).
+> [!IMPORTANT]
+> As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multi-factor authentication from their users should use cloud-based Azure AD Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1 will be able to download the latest version, future updates and generate activation credentials as usual.
+
+For information on available third-party authentication methods see [Configure Additional Authentication Methods for AD FS](/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs). For creating a custom authentication method see [Build a Custom Authentication Method for AD FS in Windows Server](/windows-server/identity/ad-fs/development/ad-fs-build-custom-auth-method)
+
+Follow the integration and deployment guide for the authentication provider you select to integrate and deploy it to AD FS. Make sure that the authentication provider is selected as a multi-factor authentication option in the AD FS authentication policy. For information on configuring AD FS authentication policies see [Configure Authentication Policies](/windows-server/identity/ad-fs/operations/configure-authentication-policies).
## Follow the Windows Hello for Business on premises certificate trust deployment guide
-1. [Validate Active Directory prerequisites](hello-cert-trust-validate-ad-prereq.md)
-2. [Validate and Configure Public Key Infrastructure](hello-cert-trust-validate-pki.md)
-3. [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-cert-trust-adfs.md)
-4. Validate and Deploy Multi-factor Authentication Services (MFA) (*You're here*)
-5. [Configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md)
\ No newline at end of file
+
+> [!div class="nextstepaction"]
+> [Next: configure Windows Hello for Business Policy settings](hello-cert-trust-policy-settings.md)
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
index ffab876886..109480cb18 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
@@ -1,5 +1,5 @@
---
-title: Configure and validate the Public Key Infrastructure
+title: Configure and validate the Public Key Infrastructure in an on-premises certificate trust model
description: Configure and validate the Public Key Infrastructure the Public Key Infrastructure when deploying Windows Hello for Business in a certificate trust model.
ms.date: 12/12/2022
appliesto:
@@ -7,7 +7,7 @@ appliesto:
- ✅ Windows Server 2016 and later
ms.topic: tutorial
---
-# Configure and validate the Public Key Infrastructure in an on-premises certificate trust model
+# Configure and validate the Public Key Infrastructure
[!INCLUDE [hello-on-premises-cert-trust](../../includes/hello-on-premises-cert-trust.md)]
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
index 8bbb54cd55..74c1c9edec 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
@@ -1,5 +1,5 @@
---
-title: Validate Active Directory prerequisites
+title: Validate Active Directory prerequisites in an on-premises key trust
description: Validate Active Directory prerequisites when deploying Windows Hello for Business in a key trust model.
ms.date: 12/12/2022
appliesto:
@@ -7,7 +7,7 @@ appliesto:
- ✅ Windows Server 2016 and later
ms.topic: tutorial
---
-# Validate Active Directory prerequisites
+# Validate Active Directory prerequisites - on-premises key trust
[!INCLUDE [hello-on-premises-key-trust](../../includes/hello-on-premises-key-trust.md)]
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md
index 826ef0c871..6e057a76b8 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md
@@ -1,13 +1,14 @@
---
title: Validate and Deploy MFA for Windows Hello for Business with key trust
-description: Validate and deploy multi-factor authentication (MFA) for Windows Hello for Business in a key trust model.
+description: Validate and deploy multi-factor authentication (MFA) for Windows Hello for Business in an on-premises key trust model.
ms.date: 12/12/2022
appliesto:
- ✅ Windows 10 and later
- ✅ Windows Server 2016 and later
ms.topic: tutorial
---
-# Validate and deploy multi-factor authentication
+
+# Validate and deploy multi-factor authentication - on-premises key trust
[!INCLUDE [hello-on-premises-key-trust](../../includes/hello-on-premises-key-trust.md)]
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
index 1b9a349909..af43bee7fb 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
@@ -1,5 +1,5 @@
---
-title: Configure and validate the Public Key Infrastructure
+title: Configure and validate the Public Key Infrastructure in an on-premises key trust model
description: Configure and validate the Public Key Infrastructure when deploying Windows Hello for Business in a key trust model.
ms.date: 12/12/2022
appliesto:
@@ -7,7 +7,7 @@ appliesto:
- ✅ Windows Server 2016 and later
ms.topic: tutorial
---
-# Configure and validate the Public Key Infrastructure in an on-premises key trust model
+# Configure and validate the Public Key Infrastructure
[!INCLUDE [hello-on-premises-key-trust](../../includes/hello-on-premises-key-trust.md)]
diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml
index 502a196109..fb4c92826f 100644
--- a/windows/security/identity-protection/hello-for-business/toc.yml
+++ b/windows/security/identity-protection/hello-for-business/toc.yml
@@ -99,7 +99,7 @@
href: hello-deployment-key-trust.md
- name: Validate Active Directory prerequisites
href: hello-key-trust-validate-ad-prereq.md
- - name: Validate and configure Public Key Infrastructure (PKI)
+ - name: Configure and validate Public Key Infrastructure (PKI)
href: hello-key-trust-validate-pki.md
- name: Prepare and deploy Active Directory Federation Services (AD FS)
href: hello-key-trust-adfs.md
@@ -113,7 +113,7 @@
href: hello-deployment-cert-trust.md
- name: Validate Active Directory prerequisites
href: hello-cert-trust-validate-ad-prereq.md
- - name: Validate and configure Public Key Infrastructure (PKI)
+ - name: Configure and validate Public Key Infrastructure (PKI)
href: hello-cert-trust-validate-pki.md
- name: Prepare and Deploy Active Directory Federation Services (AD FS)
href: hello-cert-trust-adfs.md