deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 10:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

#6744 follow-up: convert Note text to Note blob

Browse Source 
Description:

In PR #6744, a Note text line was added to the page, but without the
common Note blob used in the default MS Docs code style.

This PR updates the Note to follow the MS Docs code style by adding the
MarkDown Note blob indent markers and the [!NOTE] tag or header. The
text content itself remains unchanged.

Changes proposed:
- Convert the Note text line to a standard MS Docs Note blob
- Remove redundant end-of-line whitespace (blanks) throughout the page

Ticket closure or reference:

Ref. PR #6744
This commit is contained in:
illfated
2020-05-20 01:55:31 +02:00
parent e2c7518e44
commit 2a5b0d5c06
1 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
View File

@ -16,6 +16,7 @@ localizationpriority: medium
ms.date: 10/23/2017
ms.reviewer:
---
# Configure Hybrid Windows Hello for Business: Directory Synchronization
**Applies to**
@ -26,7 +27,7 @@ ms.reviewer:
## Directory Synchronization
In hybrid deployments, users register the public portion of their Windows Hello for Business credential with Azure. Azure AD Connect synchronizes the Windows Hello for Business public key to Active Directory.
In hybrid deployments, users register the public portion of their Windows Hello for Business credential with Azure. Azure AD Connect synchronizes the Windows Hello for Business public key to Active Directory.
The key-trust model needs Windows Server 2016 domain controllers, which configures the key registration permissions automatically; however, the certificate-trust model does not and requires you to add the permissions manually.
@ -45,12 +46,12 @@ Sign-in a domain controller or management workstations with *Domain Admin* equiv
6. In the **Applies to** list box, select **Descendant User objects**.
7. Using the scroll bar, scroll to the bottom of the page and click **Clear all**.
8. In the **Properties** section, select **Read msDS-KeyCredentialLink** and **Write msDS-KeyCredentialLink**.
9. Click **OK** three times to complete the task.
9. Click **OK** three times to complete the task.
### Group Memberships for the Azure AD Connect Service Account
The KeyAdmins or KeyCredential Admins global group provides the Azure AD Connect service with the permissions needed to read and write the public key to Active Directory.
The KeyAdmins or KeyCredential Admins global group provides the Azure AD Connect service with the permissions needed to read and write the public key to Active Directory.
Sign-in a domain controller or management workstation with _Domain Admin_ equivalent credentials.
@ -61,14 +62,15 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
5. In the **Enter the object names to select** text box, type the name of the Azure AD Connect service account. Click **OK**.
6. Click **OK** to return to **Active Directory Users and Computers**.
Note: if your AD forest has multiple domains. Please make sure you add the ADConnect sync service account (ie. MSOL_12121212) into "Enterprise Key Admins" group to gain permission across the domains in the forest.
> [!NOTE]
> if your AD forest has multiple domains. Please make sure you add the ADConnect sync service account (ie. MSOL_12121212) into "Enterprise Key Admins" group to gain permission across the domains in the forest.
### Section Review
> [!div class="checklist"]
> * Configure Permissions for Key Synchronization
> * Configure group membership for Azure AD Connect
>
>
> [!div class="step-by-step"]
> [< Configure Active Directory](hello-hybrid-cert-whfb-settings-ad.md)
> [Configure PKI >](hello-hybrid-cert-whfb-settings-pki.md)