From 4e5db7c46371774ddd85ee909e840f6391eeacab Mon Sep 17 00:00:00 2001 From: Daniel Vazome <46573198+vazome@users.noreply.github.com> Date: Tue, 8 Nov 2022 11:44:56 +0300 Subject: [PATCH 1/4] Update windows/security/identity-protection/hello-for-business/hello-faq.yml Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../identity-protection/hello-for-business/hello-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index 3a044684d8..7203802fbf 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -72,7 +72,7 @@ sections: - question: How to delete Windows Hello for Business container on a device? answer: | - You can effectively disable Windows Hello for Business by launching `certutil.exe -deleteHelloContainer` on the end device under a user account. Reboot is required. + You can effectively disable Windows Hello for Business by launching `certutil.exe -deleteHelloContainer` on the end device under a user account, and then restarting the device. - question: How does Windows Hello for Business work with Azure AD registered devices? answer: | From 2f78d0113e7bba510fd4c1d0b87af39327261530 Mon Sep 17 00:00:00 2001 From: Daniel Vazome <46573198+vazome@users.noreply.github.com> Date: Tue, 8 Nov 2022 11:45:02 +0300 Subject: [PATCH 2/4] Update windows/security/identity-protection/hello-for-business/hello-faq.yml Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../identity-protection/hello-for-business/hello-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index 7203802fbf..4e3090ec6c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -66,7 +66,7 @@ sections: - question: What's a container? answer: | - In the context of Windows Hello for Business it is shorthand for a logical grouping of key material or data. Windows 10 or Windows 11 Hello uses a single container that holds user key material for personal accounts, including key material associated with the user's Microsoft account or with other consumer identity providers, and credentials associated with a workplace or school account. + In the context of Windows Hello for Business, it is shorthand for a logical grouping of key material or data. Windows 10 or Windows 11 Hello uses a single container that holds user key material for personal accounts, including key material associated with the user's Microsoft account or with other consumer identity providers, and credentials associated with a workplace or school account. It's important to keep in mind that there are no physical containers on disk, in the registry, or elsewhere. Containers are logical units used to group related items. The keys, certificates, and credentials Windows Hello stores are protected without the creation of actual containers or folders. The container actually contains a set of keys, some of which are used to protect other keys. The following image shows an example: the protector key is used to encrypt the authentication key, and the authentication key is used to encrypt the individual keys stored in the container. [Each logical container holds one or more sets of keys.](./images/passport-fig3-logicalcontainer.png) From 89a4d90325092f0def9b023569a6dc80daf80286 Mon Sep 17 00:00:00 2001 From: Daniel Vazome <46573198+vazome@users.noreply.github.com> Date: Tue, 8 Nov 2022 11:45:13 +0300 Subject: [PATCH 3/4] Update windows/security/identity-protection/hello-for-business/hello-faq.yml Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../identity-protection/hello-for-business/hello-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index 4e3090ec6c..01e86a2060 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -70,7 +70,7 @@ sections: It's important to keep in mind that there are no physical containers on disk, in the registry, or elsewhere. Containers are logical units used to group related items. The keys, certificates, and credentials Windows Hello stores are protected without the creation of actual containers or folders. The container actually contains a set of keys, some of which are used to protect other keys. The following image shows an example: the protector key is used to encrypt the authentication key, and the authentication key is used to encrypt the individual keys stored in the container. [Each logical container holds one or more sets of keys.](./images/passport-fig3-logicalcontainer.png) - - question: How to delete Windows Hello for Business container on a device? + - question: How do I delete a Windows Hello for Business container on a device? answer: | You can effectively disable Windows Hello for Business by launching `certutil.exe -deleteHelloContainer` on the end device under a user account, and then restarting the device. From 285909f0b4356568221741fc34324835e7c3e4da Mon Sep 17 00:00:00 2001 From: Daniel Vazome <46573198+vazome@users.noreply.github.com> Date: Tue, 8 Nov 2022 11:46:11 +0300 Subject: [PATCH 4/4] Update windows/security/identity-protection/hello-for-business/hello-faq.yml Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../identity-protection/hello-for-business/hello-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index 01e86a2060..2838d6030d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -67,7 +67,7 @@ sections: - question: What's a container? answer: | In the context of Windows Hello for Business, it is shorthand for a logical grouping of key material or data. Windows 10 or Windows 11 Hello uses a single container that holds user key material for personal accounts, including key material associated with the user's Microsoft account or with other consumer identity providers, and credentials associated with a workplace or school account. - It's important to keep in mind that there are no physical containers on disk, in the registry, or elsewhere. Containers are logical units used to group related items. The keys, certificates, and credentials Windows Hello stores are protected without the creation of actual containers or folders. + It's important to keep in mind that there are no physical containers on disk, in the registry, or elsewhere. Containers are logical units used to group related items. The keys, certificates, and credentials of Windows Hello stores are protected without the creation of actual containers or folders. The container actually contains a set of keys, some of which are used to protect other keys. The following image shows an example: the protector key is used to encrypt the authentication key, and the authentication key is used to encrypt the individual keys stored in the container. [Each logical container holds one or more sets of keys.](./images/passport-fig3-logicalcontainer.png) - question: How do I delete a Windows Hello for Business container on a device?