From 5ee70a52237e1e295dd3a1448f848c673516697a Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Mon, 24 Jun 2019 22:50:06 -0500 Subject: [PATCH 1/5] Solvin Issue #4071 --- .../identity-protection/hello-for-business/hello-overview.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md index d7b76ad3f5..972cb82175 100644 --- a/windows/security/identity-protection/hello-for-business/hello-overview.md +++ b/windows/security/identity-protection/hello-for-business/hello-overview.md @@ -53,9 +53,9 @@ Windows stores biometric data that is used to implement Windows Hello securely o ## The difference between Windows Hello and Windows Hello for Business -- Individuals can create a PIN or biometric gesture on their personal devices for convenient sign-in. This use of Windows Hello is unique to the device on which it is set up, however it is not backed by asymmetric (public/private key) or certificate-based authentication. +- Individuals can create a PIN or biometric gesture on their personal devices for convenient sign-in. This use of Windows Hello is unique to the device on which it is set up, using a simple password hash, however it is not backed by asymmetric (public/private key) or certificate-based authentication. -- Windows Hello for Business, which is configured by Group Policy or mobile device management (MDM) policy, uses key-based or certificate-based authentication. +- Windows Hello for Business, which is configured by Group Policy or mobile device management (MDM) policy, uses key-based or certificate-based authentication which increases significatively the security respect the regular Windows Hello. ## Benefits of Windows Hello @@ -95,7 +95,6 @@ For details, see [How Windows Hello for Business works](hello-how-it-works.md). Windows Hello for Business can use either keys (hardware or software) or certificates in hardware or software. Enterprises that have a public key infrastructure (PKI) for issuing and managing certificates can continue to use PKI in combination with Windows Hello. Enterprises that do not use PKI or want to reduce the effort associated with managing certificates can rely on key-based credentials for Windows Hello but still use certificates on their domain controllers as a root of trust. - ## Learn more [Implementing Windows Hello for Business at Microsoft](https://www.microsoft.com/en-us/itshowcase/implementing-windows-hello-for-business-at-microsoft) From 67fdff7e1bd5495b2a86d14a9df762a5285d9fae Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Tue, 25 Jun 2019 09:20:12 -0500 Subject: [PATCH 2/5] Update windows/security/identity-protection/hello-for-business/hello-overview.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../identity-protection/hello-for-business/hello-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md index 972cb82175..6c3e56cc4f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-overview.md +++ b/windows/security/identity-protection/hello-for-business/hello-overview.md @@ -53,7 +53,7 @@ Windows stores biometric data that is used to implement Windows Hello securely o ## The difference between Windows Hello and Windows Hello for Business -- Individuals can create a PIN or biometric gesture on their personal devices for convenient sign-in. This use of Windows Hello is unique to the device on which it is set up, using a simple password hash, however it is not backed by asymmetric (public/private key) or certificate-based authentication. +- Individuals can create a PIN or biometric gesture on their personal devices for convenient sign-in. This use of Windows Hello is unique to the device on which it is set up, using a simple password hash. However, it is not backed by asymmetric (public/private key) or certificate-based authentication. - Windows Hello for Business, which is configured by Group Policy or mobile device management (MDM) policy, uses key-based or certificate-based authentication which increases significatively the security respect the regular Windows Hello. From 569373acb3febb3235e529bdc6eea76666eac9bb Mon Sep 17 00:00:00 2001 From: Jose Gabriel Ortega Castro Date: Tue, 25 Jun 2019 09:20:39 -0500 Subject: [PATCH 3/5] Update windows/security/identity-protection/hello-for-business/hello-overview.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../identity-protection/hello-for-business/hello-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md index 6c3e56cc4f..f20722b47d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-overview.md +++ b/windows/security/identity-protection/hello-for-business/hello-overview.md @@ -55,7 +55,7 @@ Windows stores biometric data that is used to implement Windows Hello securely o - Individuals can create a PIN or biometric gesture on their personal devices for convenient sign-in. This use of Windows Hello is unique to the device on which it is set up, using a simple password hash. However, it is not backed by asymmetric (public/private key) or certificate-based authentication. -- Windows Hello for Business, which is configured by Group Policy or mobile device management (MDM) policy, uses key-based or certificate-based authentication which increases significatively the security respect the regular Windows Hello. +- Windows Hello for Business, which is configured by Group Policy or mobile device management (MDM) policy, uses key-based or certificate-based authentication which increases significantly the security in relation to the regular Windows Hello. ## Benefits of Windows Hello From 41814c641e4900b02e0a2589313a188ac715becc Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Tue, 25 Jun 2019 09:40:09 -0500 Subject: [PATCH 4/5] plyying @nenonix recommendations --- .../identity-protection/hello-for-business/hello-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md index f20722b47d..83ae51e686 100644 --- a/windows/security/identity-protection/hello-for-business/hello-overview.md +++ b/windows/security/identity-protection/hello-for-business/hello-overview.md @@ -55,7 +55,7 @@ Windows stores biometric data that is used to implement Windows Hello securely o - Individuals can create a PIN or biometric gesture on their personal devices for convenient sign-in. This use of Windows Hello is unique to the device on which it is set up, using a simple password hash. However, it is not backed by asymmetric (public/private key) or certificate-based authentication. -- Windows Hello for Business, which is configured by Group Policy or mobile device management (MDM) policy, uses key-based or certificate-based authentication which increases significantly the security in relation to the regular Windows Hello. +- **Windows Hello for Business**, which is configured by Group Policy or mobile device management (MDM) policy, uses key-based or certificate-based authentication. This makes it much more secure than **Windows Hello**. ## Benefits of Windows Hello From ea7864135055ac7e606cbe5f52c43eb4f1b6fe55 Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Tue, 25 Jun 2019 20:13:24 -0500 Subject: [PATCH 5/5] @mapalko sugestion for #4071 adition --- .../identity-protection/hello-for-business/hello-overview.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md index 83ae51e686..cd6424eb47 100644 --- a/windows/security/identity-protection/hello-for-business/hello-overview.md +++ b/windows/security/identity-protection/hello-for-business/hello-overview.md @@ -53,9 +53,9 @@ Windows stores biometric data that is used to implement Windows Hello securely o ## The difference between Windows Hello and Windows Hello for Business -- Individuals can create a PIN or biometric gesture on their personal devices for convenient sign-in. This use of Windows Hello is unique to the device on which it is set up, using a simple password hash. However, it is not backed by asymmetric (public/private key) or certificate-based authentication. +- Individuals can create a PIN or biometric gesture on their personal devices for convenient sign-in. This use of Windows Hello is unique to the device on which it is set up, but can use a simple password hash depending on an individual's account type. This configuration is referred to as Windows Hello convenience PIN and it is not backed by asymmetric (public/private key) or certificate-based authentication. -- **Windows Hello for Business**, which is configured by Group Policy or mobile device management (MDM) policy, uses key-based or certificate-based authentication. This makes it much more secure than **Windows Hello**. +- **Windows Hello for Business**, which is configured by Group Policy or mobile device management (MDM) policy, always uses key-based or certificate-based authentication. This makes it much more secure than **Windows Hello convenience PIN**. ## Benefits of Windows Hello