deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 18:33:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

test data matrix

Browse Source
This commit is contained in:
Paolo Matarazzo
2024-01-02 15:01:26 -05:00
parent 2387844140
commit 3252269223
1 changed files with 47 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

88
windows/security/identity-protection/hello-for-business/deploy/index.md
View File

@ -97,12 +97,12 @@ Cloud Kerberos trust is the only hybrid deployment option that doesn't require t
|| Deployment model | Trust type | PKI required? |
|--|--|--|--|
| ** :black_square_button: ** | **Cloud-only** | n/a | no |
| ** :black_square_button: ** | **Hybrid** | Cloud Kerberos | no |
| ** :black_square_button: ** | **Hybrid** | Key | yes |
| ** :black_square_button: ** | **Hybrid** | Certificate | yes |
| ** :black_square_button: ** | **On-premises** | Key | yes |
| ** :black_square_button: ** | **On-premises** | Certificate | yes |
| **:black_square_button:** | **Cloud-only** | n/a | no |
| **:black_square_button:** | **Hybrid** | Cloud Kerberos | no |
| **:black_square_button:** | **Hybrid** | Key | yes |
| **:black_square_button:** | **Hybrid** | Certificate | yes |
| **:black_square_button:** | **On-premises** | Key | yes |
| **:black_square_button:** | **On-premises** | Certificate | yes |
## Authentication
@ -114,15 +114,15 @@ Here's a list of requirements for federated and nonfederated deployments.
|| Deployment model | Trust type | Authentication to Microsoft Entra ID | Requirements |
|--|--|--|--|--|
| ** :black_square_button: ** | **Cloud-only** | n/a | non-federated | n/a |
| ** :black_square_button: ** | **Cloud-only** | n/a | federated | third-party federation service |
| ** :black_square_button: ** | **Hybrid** | Cloud Kerberos | non-federated | Microsoft Entra Kerberos |
| ** :black_square_button: ** | **Hybrid** | Key | non-federated | [Password hash synchronization (PHS)][ENTRA-6] or [pass-through authentication (PTA)][ENTRA-7]|
| ** :black_square_button: ** | **Hybrid** | Key | federated | AD FS or third-party federation service. It doesn't support [PTA][ENTRA-7] or [PHS][ENTRA-6] |
| ** :black_square_button: ** | **Hybrid** | Certificate | non-federated | AD FS |
| ** :black_square_button: ** | **Hybrid** | Certificate | federated | AD FS |
| ** :black_square_button: ** | **On-premises** | Certificate | n/a | AD FS |
| ** :black_square_button: ** | **On-premises** | Certificate | n/a | AD FS |
| **:black_square_button:** | **Cloud-only** | n/a | non-federated | n/a |
| **:black_square_button:** | **Cloud-only** | n/a | federated | third-party federation service |
| **:black_square_button:** | **Hybrid** | Cloud Kerberos | non-federated | Microsoft Entra Kerberos |
| **:black_square_button:** | **Hybrid** | Key | non-federated | [Password hash synchronization (PHS)][ENTRA-6] or [pass-through authentication (PTA)][ENTRA-7]|
| **:black_square_button:** | **Hybrid** | Key | federated | AD FS or third-party federation service. It doesn't support [PTA][ENTRA-7] or [PHS][ENTRA-6] |
| **:black_square_button:** | **Hybrid** | Certificate | non-federated | AD FS |
| **:black_square_button:** | **Hybrid** | Certificate | federated | AD FS |
| **:black_square_button:** | **On-premises** | Certificate | n/a | AD FS |
| **:black_square_button:** | **On-premises** | Certificate | n/a | AD FS |
### Device registration
@ -173,11 +173,11 @@ The goal of Windows Hello for Business is to move organizations away from passwo
|| Deployment model | MFA options |
|--|--|--|
| ** :black_square_button: ** | **Cloud-only** | Microsoft Entra MFA |
| ** :black_square_button: ** | **Cloud-only** | Third-party MFA via Microsoft Entra ID custom controls or federation |
| ** :black_square_button: ** | **Hybrid** | Microsoft Entra MFA |
| ** :black_square_button: ** | **Hybrid** | Third-party MFA via Microsoft Entra ID custom controls or federation|
| ** :black_square_button: ** | **On-premises** | AD FS MFA adapter |
| **:black_square_button:** | **Cloud-only** | Microsoft Entra MFA |
| **:black_square_button:** | **Cloud-only** | Third-party MFA via Microsoft Entra ID custom controls or federation |
| **:black_square_button:** | **Hybrid** | Microsoft Entra MFA |
| **:black_square_button:** | **Hybrid** | Third-party MFA via Microsoft Entra ID custom controls or federation|
| **:black_square_button:** | **On-premises** | AD FS MFA adapter |
For more information how to configure Microsoft Entra multifactor authentication, see [Configure Microsoft Entra multifactor authentication settings][ENTRA-4].
@ -210,12 +210,12 @@ Windows Hello for Business provides organizations with a rich set of granular po
|| Deployment model | Device configuration options|
|--|--|--|
| ** :black_square_button: ** | **Cloud-only** | CSP |
| ** :black_square_button: ** | **Cloud-only** | GPO (local) |
| ** :black_square_button: ** | **Hybrid** | CSP |
| ** :black_square_button: ** | **Hybrid** | GPO (Active Directory or local) |
| ** :black_square_button: ** | **On-premises** | CSP |
| ** :black_square_button: ** | **On-premises** | GPO (Active Directory or local) |
| **:black_square_button:** | **Cloud-only** | CSP |
| **:black_square_button:** | **Cloud-only** | GPO (local) |
| **:black_square_button:** | **Hybrid** | CSP |
| **:black_square_button:** | **Hybrid** | GPO (Active Directory or local) |
| **:black_square_button:** | **On-premises** | CSP |
| **:black_square_button:** | **On-premises** | GPO (Active Directory or local) |
## Licensing for cloud services
@ -229,12 +229,12 @@ Here are some considerations regarding licensing requirements for cloud services
|| Deployment model | Trust type | Cloud services licenses (minimum)|
|--|--|--|--|
| ** :black_square_button: ** | **Cloud-only** | n/a | not required |
| ** :black_square_button: ** | **Hybrid** | Cloud Kerberos | not required |
| ** :black_square_button: ** | **Hybrid** | Key| not required |
| ** :black_square_button: ** | **Hybrid** | Certificate | Microsoft Entra ID P1 |
| ** :black_square_button: ** | **On-premises** | Key | Azure MFA, if used as MFA solution |
| ** :black_square_button: ** | **On-premises** | Certificate | Azure MFA, if used as MFA solution |
| **:black_square_button:** | **Cloud-only** | n/a | not required |
| **:black_square_button:** | **Hybrid** | Cloud Kerberos | not required |
| **:black_square_button:** | **Hybrid** | Key| not required |
| **:black_square_button:** | **Hybrid** | Certificate | Microsoft Entra ID P1 |
| **:black_square_button:** | **On-premises** | Key | Azure MFA, if used as MFA solution |
| **:black_square_button:** | **On-premises** | Certificate | Azure MFA, if used as MFA solution |
## Windows requirements
@ -242,24 +242,24 @@ All supported Windows 10 and Windows 11 versions can be used with Windows Hello
|| Deployment model | Trust type | Windows version|
|--|--|--|--|
| ** :black_square_button: ** | **Cloud-only** | n/a | All supported versions |
| ** :black_square_button: ** | **Hybrid** | Cloud Kerberos | - Windows 10 21H2, with [KB5010415][KB-1] and later<br>- Windows 11 21H2, with [KB5010414][KB-2] and later |
| ** :black_square_button: ** | **Hybrid** | Key | All supported versions |
| ** :black_square_button: ** | **Hybrid** | Certificate | All supported versions |
| ** :black_square_button: ** | **On-premises** | Key| All supported versions |
| ** :black_square_button: ** | **On-premises** | Certificate | All supported versions |
| **:black_square_button:** | **Cloud-only** | n/a | All supported versions |
| **:black_square_button:** | **Hybrid** | Cloud Kerberos | - Windows 10 21H2, with [KB5010415][KB-1] and later<br>- Windows 11 21H2, with [KB5010414][KB-2] and later |
| **:black_square_button:** | **Hybrid** | Key | All supported versions |
| **:black_square_button:** | **Hybrid** | Certificate | All supported versions |
| **:black_square_button:** | **On-premises** | Key| All supported versions |
| **:black_square_button:** | **On-premises** | Certificate | All supported versions |
## Windows Server requirements
All supported Windows Server versions can be used with Windows Hello for Business as Domain Controller. However, cloud Kerberos trust requires minimum versions:
|| Deployment model | Trust type | Domain Controller OS version |
|-----------------------------|------------------|----------------|-----------------------------------------------------------------------------------------------------------|
| ** :black_square_button: ** | **Cloud-only** | n/a | All supported versions |
| ** :black_square_button: ** | **Hybrid** | Cloud Kerberos | - Windows Server 2016, [KB3534307][KB-3]<br>- Windows Server 2019, [KB4534321][KB-4], Windows Server 2022 |
| ** :black_square_button: ** | **Hybrid** | Key | All supported versions |
| ** :black_square_button: ** | **Hybrid** | Certificate | All supported versions |
| ** :black_square_button: ** | **On-premises** | Key | All supported versions |
| ** :black_square_button: ** | **On-premises** | Certificate | All supported versions |
| **:black_square_button:** | **Cloud-only** | n/a | All supported versions |
| **:black_square_button:** | **Hybrid** | Cloud Kerberos | - Windows Server 2016, [KB3534307][KB-3]<br>- Windows Server 2019, [KB4534321][KB-4], Windows Server 2022 |
| **:black_square_button:** | **Hybrid** | Key | All supported versions |
| **:black_square_button:** | **Hybrid** | Certificate | All supported versions |
| **:black_square_button:** | **On-premises** | Key | All supported versions |
| **:black_square_button:** | **On-premises** | Certificate | All supported versions |
## Prepare users to use Windows Hello