deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update passwordless strategy policies

Browse Source
This commit is contained in:
Paolo Matarazzo 2024-01-24 10:03:15 -05:00
parent c800796715
commit 361d61e5cf
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/identity-protection/passwordless-strategy/journey-step-2.md
View File

@ -88,10 +88,10 @@ The value to enter in the policy to hide the password credential provider is `{6
### Require Windows Hello for Business or a smart card
The *Require Windows Hello for Business or a smart card* policy setting can be used to require Windows Hello for Business or a smart card for interactive logon. When enabled, Windows prevents users from signing in or unlocking with a password. The password credential provider remains visible to the user. If a user tries to use a password, Windows informs the user they must use Windows Hello for Business or a smart card.
The *Require Windows Hello for Business or a smart card* policy setting can be used to require Windows Hello for Business or a smart card for interactive logon. When enabled, Windows prevents users from signing in or unlocking with a password. The password credential provider remains visible to the user. If a user tries to use a password, Windows informs the user they must use Windows Hello for Business or a smart card. Before enabling this policy, the user must be enrolled in Windows Hello for Business or have a smart card. Therefore, implementing this policy requires careful planning and coordination.
- GPO: **Computer Configuration** > **Windows Settings** > **Security Settings** > **Local Policies** > **Security Options** > **Interactive logon: Require Windows Hello for Business or smart card**
- CSP: `./Device/Vendor/MSFT/Policy/Config/Security/InteractiveLogon/`[RequireWindowsHelloForBusinessOrSmartCard](/windows/client-management/mdm/policy-csp-security-interactivelogon#requirewindowshelloforbusinessorsmartcard)
- CSP: not available
## Validate that none of the workflows needs passwords

7
windows/security/identity-protection/passwordless-strategy/journey-step-3.md
View File

@ -65,6 +65,13 @@ The users are effectively password-less because:
- The user isn't asked to change their password
- Domain controllers don't allow passwords for interactive authentication
#### Prompt user to change password before expiration
Determines how far in advance (in days) users are warned that their password is about to expire. When you set the policy setting to zero, there is no password expiration warning when the user logs on.
- GPO: **Computer Configuration** > **Windows Settings** > **Security Settings** > **Local Policies** > **Security Options** > **Interactive logon: Prompt user to change password before expiration**
- CSP: `./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/`[InteractiveLogon_PromptUserToChangePasswordBeforeExpiration](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#interactivelogon_promptusertochangepasswordbeforeexpiration)
### Password rotation
### Cloud-only users