mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-20 04:43:37 +00:00
updates
This commit is contained in:
Paolo Matarazzo
@ -67,7 +67,7 @@ To enforce processing of the group policy, you can run `gpupdate /force`.
|
||||
|
||||
### Enable Windows Defender Credential Guard by using Microsoft Intune
|
||||
|
||||
1. In the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices**.
|
||||
1. In the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices**.
|
||||
|
||||
1. Select **Configuration Profiles**.
|
||||
|
||||
|
||||
@ -49,7 +49,7 @@ We recommend that you disable or manage Windows Hello for Business provisioning
|
||||
|
||||
The following method explains how to disable Windows Hello for Business enrollment using Intune.
|
||||
|
||||
1. Sign into the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Sign into the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
2. Go to **Devices** > **Enrollment** > **Enroll devices** > **Windows enrollment** > **Windows Hello for Business**. The Windows Hello for Business pane opens.
|
||||
3. If you don't want to enable Windows Hello for Business during device enrollment, select **Disabled** for **Configure Windows Hello for Business**.
|
||||
|
||||
|
||||
@ -106,7 +106,7 @@ Once these requirements are met, a policy can be configured in Intune that provi
|
||||
|
||||
This section describes how to configure a SCEP policy in Intune. Similar steps can be followed to configure a PKCS policy.
|
||||
|
||||
1. Go to the <a href="https://go.microsoft.com/fwlink/?linkid=2109431" target="_blank"><b>Microsoft Endpoint Manager admin center</b></a>
|
||||
1. Go to the <a href="https://go.microsoft.com/fwlink/?linkid=2109431" target="_blank"><b>Microsoft Intune admin center</b></a>
|
||||
1. Select **Devices > Configuration profiles > Create profile**
|
||||
1. Select **Platform > Windows 10 and later** and **Profile type > Templates > SCEP Certificate**
|
||||
1. Select **Create**
|
||||
|
||||
@ -129,7 +129,7 @@ Before you can remotely reset PINs, your devices must be configured to enable PI
|
||||
|
||||
You can configure Windows devices to use the **Microsoft PIN Reset Service** using Microsoft Intune.
|
||||
|
||||
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Select **Devices** > **Configuration profiles** > **Create profile**.
|
||||
1. Enter the following properties:
|
||||
- **Platform**: Select **Windows 10 and later**.
|
||||
@ -151,7 +151,7 @@ You can configure Windows devices to use the **Microsoft PIN Reset Service** usi
|
||||
|
||||
>[!NOTE]
|
||||
> You can also configure PIN recovery from the **Endpoint security** blade:
|
||||
> 1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
> 1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
> 1. Select **Endpoint security** > **Account protection** > **Create Policy**.
|
||||
|
||||
#### [:::image type="icon" source="../../images/icons/group-policy.svg"::: **GPO**](#tab/gpo)
|
||||
@ -232,7 +232,7 @@ The [ConfigureWebSignInAllowedUrls](/windows/client-management/mdm/policy-csp-au
|
||||
|
||||
### Configure Web Sign-in Allowed URLs using Microsoft Intune
|
||||
|
||||
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431)
|
||||
1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431)
|
||||
1. Select **Devices** > **Configuration profiles** > **Create profile**
|
||||
1. Enter the following properties:
|
||||
- **Platform**: Select **Windows 10 and later**
|
||||
|
||||
@ -848,7 +848,7 @@ Sign-in a workstation with access equivalent to a _domain user_.
|
||||
|
||||
Sign-in a workstation with access equivalent to a _domain user_.
|
||||
|
||||
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
|
||||
2. Select **Devices**, and then select **Configuration Profiles**.
|
||||
|
||||
@ -901,7 +901,7 @@ Sign-in a workstation with access equivalent to a _domain user_.
|
||||
|
||||
Sign-in a workstation with access equivalent to a _domain user_.
|
||||
|
||||
1. Sign-in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Sign-in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
|
||||
2. Select **Devices**, and then select **Configuration Profiles**.
|
||||
|
||||
|
||||
@ -242,7 +242,7 @@ The domain controllers have a certificate that includes the new CRL distribution
|
||||
|
||||
To configure devices with Microsoft Intune, use a custom policy:
|
||||
|
||||
1. Go to the <a href="https://go.microsoft.com/fwlink/?linkid=2109431" target="_blank"><b>Microsoft Endpoint Manager admin center</b></a>
|
||||
1. Go to the <a href="https://go.microsoft.com/fwlink/?linkid=2109431" target="_blank"><b>Microsoft Intune admin center</b></a>
|
||||
1. Select **Devices > Configuration profiles > Create profile**
|
||||
1. Select **Platform > Windows 8.1 and later** and **Profile type > Trusted certificate**
|
||||
1. Select **Create**
|
||||
|
||||
@ -119,12 +119,12 @@ There are different ways to enable and configure Windows Hello for Business in I
|
||||
|
||||
To check the Windows Hello for Business policy applied at enrollment time:
|
||||
|
||||
1. Sign in to the <a href="https://endpoint.microsoft.com/" target="_blank"><b>Microsoft Endpoint Manager admin center</b></a>
|
||||
1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Select **Devices** > **Windows** > **Windows Enrollment**
|
||||
1. Select **Windows Hello for Business**
|
||||
1. Verify the status of **Configure Windows Hello for Business** and any settings that may be configured
|
||||
|
||||
:::image type="content" source="images/whfb-intune-disable.png" alt-text="Disablement of Windows Hello for Business from Microsoft Endpoint Manager admin center." border="true" lightbox="images/whfb-intune-disable.png":::
|
||||
:::image type="content" source="images/whfb-intune-disable.png" alt-text="Disablement of Windows Hello for Business from Microsoft Intune admin center." lightbox="images/whfb-intune-disable.png":::
|
||||
|
||||
If the tenant-wide policy is enabled and configured to your needs, you can skip to [Enroll in Windows Hello for Business](#enroll-in-windows-hello-for-business). Otherwise, follow the instructions below to create a policy using an *account protection* policy.
|
||||
|
||||
@ -132,7 +132,7 @@ If the tenant-wide policy is enabled and configured to your needs, you can skip
|
||||
|
||||
To configure Windows Hello for Business using an *account protection* policy:
|
||||
|
||||
1. Go to the <a href="https://go.microsoft.com/fwlink/?linkid=2109431" target="_blank"><b>Microsoft Endpoint Manager admin center</b></a>
|
||||
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Select **Endpoint security** > **Account protection**
|
||||
1. Select **+ Create Policy**
|
||||
1. For *Platform**, select **Windows 10 and later** and for *Profile* select **Account protection**
|
||||
@ -147,7 +147,7 @@ To configure Windows Hello for Business using an *account protection* policy:
|
||||
1. Assign the policy to a security group that contains as members the devices or users that you want to configure > **Next**
|
||||
1. Review the policy configuration and select **Create**
|
||||
|
||||
:::image type="content" source="images/whfb-intune-account-protection-cert-enable.png" alt-text="Enablement of Windows Hello for Business from Microsoft Endpoint Manager admin center using an account protection policy." border="true" lightbox="images/whfb-intune-account-protection-cert-enable.png":::
|
||||
:::image type="content" source="images/whfb-intune-account-protection-cert-enable.png" alt-text="Enablement of Windows Hello for Business from Microsoft Intune admin center using an account protection policy." lightbox="images/whfb-intune-account-protection-cert-enable.png":::
|
||||
|
||||
---
|
||||
|
||||
|
||||
@ -98,7 +98,7 @@ If you already enabled Windows Hello for Business, you can skip to **configure t
|
||||
|
||||
You can also follow these steps to create a device configuration policy instead of using the device enrollment policy:
|
||||
|
||||
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Select **Devices** > **Windows** > **Configuration Profiles** > **Create profile**.
|
||||
1. For Platform, select **Windows 10 and later**.
|
||||
1. For Profile Type, select **Templates** and select the **Identity Protection** Template.
|
||||
@ -116,7 +116,7 @@ Windows Hello for Business settings are also available in the settings catalog.
|
||||
|
||||
To configure the cloud Kerberos trust policy, follow the steps below:
|
||||
|
||||
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Select **Devices** > **Windows** > **Configuration Profiles** > **Create profile**.
|
||||
1. For Profile Type, select **Templates** and select the **Custom** Template.
|
||||
1. Name the profile with a familiar name. For example, "Windows Hello for Business cloud Kerberos trust".
|
||||
|
||||
@ -35,12 +35,12 @@ There are different ways to enable and configure Windows Hello for Business in I
|
||||
|
||||
To check the Windows Hello for Business policy applied at enrollment time:
|
||||
|
||||
1. Sign in to the <a href="https://endpoint.microsoft.com/" target="_blank"><b>Microsoft Endpoint Manager admin center</b></a>
|
||||
1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Select **Devices** > **Windows** > **Windows Enrollment**
|
||||
1. Select **Windows Hello for Business**
|
||||
1. Verify the status of **Configure Windows Hello for Business** and any settings that may be configured
|
||||
|
||||
:::image type="content" source="images/whfb-intune-disable.png" alt-text="Disablement of Windows Hello for Business from Microsoft Endpoint Manager admin center." border="true" lightbox="images/whfb-intune-disable.png":::
|
||||
:::image type="content" source="images/whfb-intune-disable.png" alt-text="Disablement of Windows Hello for Business from Microsoft Intune admin center." lightbox="images/whfb-intune-disable.png":::
|
||||
|
||||
If the tenant-wide policy is enabled and configured to your needs, you can skip to [Enroll in Windows Hello for Business](#enroll-in-windows-hello-for-business). Otherwise, follow the instructions below to create a policy using an *account protection* policy.
|
||||
|
||||
@ -48,7 +48,7 @@ If the tenant-wide policy is enabled and configured to your needs, you can skip
|
||||
|
||||
To configure Windows Hello for Business using an *account protection* policy:
|
||||
|
||||
1. Go to the <a href="https://go.microsoft.com/fwlink/?linkid=2109431" target="_blank"><b>Microsoft Endpoint Manager admin center</b></a>
|
||||
1. Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Select **Endpoint security** > **Account protection**
|
||||
1. Select **+ Create Policy**
|
||||
1. For *Platform**, select **Windows 10 and later** and for *Profile* select **Account protection**
|
||||
@ -62,7 +62,7 @@ To configure Windows Hello for Business using an *account protection* policy:
|
||||
1. Assign the policy to a security group that contains as members the devices or users that you want to configure > **Next**
|
||||
1. Review the policy configuration and select **Create**
|
||||
|
||||
:::image type="content" source="images/whfb-intune-account-protection-enable.png" alt-text="Enablement of Windows Hello for Business from Microsoft Endpoint Manager admin center using an account protection policy." border="true" lightbox="images/whfb-intune-account-protection-enable.png":::
|
||||
:::image type="content" source="images/whfb-intune-account-protection-enable.png" alt-text="Enablement of Windows Hello for Business from Microsoft Intune admin center using an account protection policy." lightbox="images/whfb-intune-account-protection-enable.png":::
|
||||
|
||||
#### [:::image type="icon" source="../../images/icons/group-policy.svg"::: **GPO**](#tab/gpo)
|
||||
|
||||
|
||||
@ -295,9 +295,9 @@ The following sample is a sample plug-in VPN profile. This blob would fall under
|
||||
|
||||
## Apply ProfileXML using Intune
|
||||
|
||||
After you configure the settings that you want using ProfileXML, you can create a custom profile in the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). After it's created, you deploy this profile to your devices.
|
||||
After you configure the settings that you want using ProfileXML, you can create a custom profile in the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431). After it's created, you deploy this profile to your devices.
|
||||
|
||||
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
1. Sign in to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||
2. Select **Devices** > **Configuration profiles** > **Create profile**.
|
||||
3. Enter the following properties:
|
||||
|
||||
|
||||
Reference in New Issue
Block a user