diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index e289afe305..661971662b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -190,7 +190,7 @@ sections: Windows Hello for Business is two-factor authentication based on the observed authentication factors of: *something you have*, *something you know*, and *something that's part of you*. Windows Hello for Business incorporates two of these factors: something you have (the user's private key protected by the device's security module) and something you know (your PIN). With the proper hardware, you can enhance the user experience by introducing biometrics. By using biometrics, you can replace the "something you know" authentication factor with the "something that is part of you" factor, with the assurances that users can fall back to the "something you know factor". > [!NOTE] - > The Windows Hello for Business key meets Azure AD multifactor authentication (MFA) requirements and reduces the number of MFA prompts users will see when accessing resources. For more information, see [What is a Primary Refresh Token](/azure/active-directory/devices/concept-primary-refresh-token#when-does-a-prt-get-an-mfa-claim). + > The Windows Hello for Business key meets Microsoft Entra multifactor authentication (MFA) requirements and reduces the number of MFA prompts users will see when accessing resources. For more information, see [What is a Primary Refresh Token](/azure/active-directory/devices/concept-primary-refresh-token#when-does-a-prt-get-an-mfa-claim). - question: Which is a better or more secure for of authentication, key or certificate? answer: | Both types of authentication provide the same security; one is not more secure than the other. diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index 36755630f0..af0ff0de5a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -31,7 +31,7 @@ Microsoft Entra joined devices authenticate to Microsoft Entra ID during sign-in ## Microsoft Entra join authentication to Active Directory using cloud Kerberos trust -![Microsoft Entra join authentication to Azure AD.](images/howitworks/auth-aadj-cloudtrust-kerb.png) +![Microsoft Entra join authentication to Active Directory.](images/howitworks/auth-aadj-cloudtrust-kerb.png) | Phase | Description | | :----: | :----------- | diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md index d9716ad230..a0a36f2cc0 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md @@ -42,7 +42,7 @@ Hybrid Windows Hello for Business needs two directories: - An on-premises Active Directory - A Microsoft Entra tenant -The two directories must be synchronized with [Microsoft Entra Connect Sync][AZ-1], which synchronizes user accounts from the on-premises Active Directory to Azure AD.\ +The two directories must be synchronized with [Microsoft Entra Connect Sync][AZ-1], which synchronizes user accounts from the on-premises Active Directory to Microsoft Entra ID.\ During the Window Hello for Business provisioning process, users register the public portion of their Windows Hello for Business credential with Microsoft Entra ID. *Microsoft Entra Connect Sync* synchronizes the Windows Hello for Business public key to Active Directory. > [!NOTE] diff --git a/windows/security/identity-protection/web-sign-in/index.md b/windows/security/identity-protection/web-sign-in/index.md index edd4b03647..f13acff6dd 100644 --- a/windows/security/identity-protection/web-sign-in/index.md +++ b/windows/security/identity-protection/web-sign-in/index.md @@ -25,7 +25,7 @@ This article describes how to configure Web sign-in and the supported key scenar To use web sign-in, the clients must meet the following prerequisites: - Windows 11, version 22H2 with [5030310][KB-1], or later -- Must be Microsoft Entra joined +- Must be [Microsoft Entra joined](/entra/identity/devices/concept-directory-join) - Must have Internet connectivity, as the authentication is done over the Internet [!INCLUDE [federated-sign-in](../../../../includes/licensing/web-sign-in.md)]