From d5bd8dc72fcf2a4253296819f06c04ddc019b865 Mon Sep 17 00:00:00 2001
From: illfated <illfated@users.noreply.github.com>
Date: Sun, 27 Oct 2019 22:21:13 +0100
Subject: [PATCH 1/4] WHfB/Key Trust models: PIN reset availability

Description:
Based on user feedback and author verification, the PIN reset feature in
Windows Hello for Business is available in Windows 10 Professional using
different key trust models in different deployments depending on
the version of Windows 10 (1511, 1703, 1709 and 1903).

Thanks to @greytone for noting this issue in ticket #4662 .

Changes proposed:

- add important Note outlining which Windows 10 version makes the PIN
  reset feature available and the key trust model to use in each case.
  The information summary is provided by @jvsam and @mapalko, based on
  the discussion in the issue ticket page and original user feedback.

- add spacing for another important note with MD quote indentation
- add spacing for a table quote indentation
- remove HTML tag incorrectly showing up in the MarkDown preview

Additional notes:
PR content and placement of the important note is subject to change,
based on feedback from the author and MS Docs team members.

issue ticket closure or reference:

Closes #4662
---
 .../hello-identity-verification.md            | 21 ++++++++++++++-----
 .../hello-planning-guide.md                   | 12 +++++++++++
 2 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
index f00875d1a2..e29dfc077d 100644
--- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
+++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
@@ -28,13 +28,24 @@ Windows Hello addresses the following problems with passwords:
 -   Passwords are subject to [replay attacks](https://go.microsoft.com/fwlink/p/?LinkId=615673).
 -   Users can inadvertently expose their passwords due to [phishing attacks](https://docs.microsoft.com/windows/security/threat-protection/intelligence/phishing).
 
->[!div class="mx-tdBreakAll"]
->| | | |
->| :---: | :---: | :---: |
->| [![Overview Icon](images/hello_filter.png)](hello-overview.md)</br>[Overview](hello-overview.md) | [![Why a PIN is better than a password Icon](images/hello_lock.png)](hello-why-pin-is-better-than-password.md)</br>[Why PIN is better than a password](hello-why-pin-is-better-than-password.md) | [![Manage Hello Icon](images/hello_gear.png)](hello-manage-in-organization.md)</br>[Manage Windows Hello in your Organization](hello-manage-in-organization.md) |
+> | | | |
+> | :---: | :---: | :---: |
+> | [![Overview Icon](images/hello_filter.png)](hello-overview.md)</br>[Overview](hello-overview.md) | [![Why a PIN is better than a password Icon](images/hello_lock.png)](hello-why-pin-is-better-than-password.md)</br>[Why PIN is better than a password](hello-why-pin-is-better-than-password.md) | [![Manage Hello Icon](images/hello_gear.png)](hello-manage-in-organization.md)</br>[Manage Windows Hello in your Organization](hello-manage-in-organization.md) |
 
 ## Prerequisites 
 
+> [!Important]
+> 1. Hybrid deployments support non-destructive PIN reset that only works with the certificate trust model.</br>. 
+> **Requirements:**</br>
+> Microsoft PIN Reset Service - Windows 10, version 1709 or later, Enterprise Edition</br>
+> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
+>
+> 2. On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models.</br>
+> **Requirements:**</br>
+> Reset from settings - Windows 10, version 1703, Professional</br>
+> Reset above lock screen - Windows 10, version 1709, Professional</br>
+> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
+
 ### Cloud Only Deployment
 * Windows 10, version 1511 or later
 * Microsoft Azure Account
@@ -74,5 +85,5 @@ The table shows the minimum requirements for each deployment.
 | AD FS with Azure MFA Server, or</br>AD FS with 3rd Party MFA Adapter | AD FS with Azure MFA Server, or</br>AD FS with 3rd Party MFA Adapter |
 | Azure Account, optional for Azure MFA billing | Azure Account, optional for Azure MFA billing |
 
->[!IMPORTANT]
+> [!IMPORTANT]
 > For Windows Hello for Business deployment, if you have several domains, at least one Windows Server Domain Controller 2016 is required for each domain. For more information, see the [planning guide](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers).
diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index 73d306bba1..0eeba360cd 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -64,9 +64,21 @@ The hybrid deployment model is for organizations that:
 * Have identities synchronized to Azure Active Directory using Azure Active Directory Connect
 * Use applications hosted in Azure Active Directory, and want a single sign-in user experience for both on-premises and Azure Active Directory resources
 
+> [!Important]
+> Hybrid deployments support non-destructive PIN reset that only works with the certificate trust model.</br>
+> **Requirements:**</br>
+> Microsoft PIN Reset Service - Windows 10, version 1709 or later, Enterprise Edition</br>
+> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
+
 ##### On-premises
 The on-premises deployment model is for organizations that do not have cloud identities or use applications hosted in Azure Active Directory.
 
+> [!Important]
+> On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models.</br>
+> **Requirements:**</br>
+> Reset from settings - Windows 10, version 1703, Professional</br>
+> Reset above lock screen - Windows 10, version 1709, Professional</br>
+> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
 
 It’s fundamentally important to understand which deployment model to use for a successful deployment.  Some of aspects of the deployment may already be decided for you based on your current infrastructure.
 

From abdd2e956910cd140ab757c8d71cdfe29a30964c Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Wed, 6 Nov 2019 14:49:10 +0100
Subject: [PATCH 2/4] Update
 windows/security/identity-protection/hello-for-business/hello-identity-verification.md

- add licensing info for version 1903

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>
---
 .../hello-for-business/hello-identity-verification.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
index e29dfc077d..4b3c9b8488 100644
--- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
+++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
@@ -37,7 +37,7 @@ Windows Hello addresses the following problems with passwords:
 > [!Important]
 > 1. Hybrid deployments support non-destructive PIN reset that only works with the certificate trust model.</br>. 
 > **Requirements:**</br>
-> Microsoft PIN Reset Service - Windows 10, version 1709 or later, Enterprise Edition</br>
+> Microsoft PIN Reset Service - Windows 10, versions 1709 to 1809, Enterprise Edition. There is no licensing requirement for this service since version 1903</br>
 > Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
 >
 > 2. On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models.</br>

From 8a308093fc33b6f4db85886f9b9a4aebdf63c334 Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Wed, 6 Nov 2019 14:49:40 +0100
Subject: [PATCH 3/4] Update
 windows/security/identity-protection/hello-for-business/hello-planning-guide.md

- add licensing info for version 1903

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>
---
 .../hello-for-business/hello-planning-guide.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index 0eeba360cd..ab00bd48b3 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -67,7 +67,7 @@ The hybrid deployment model is for organizations that:
 > [!Important]
 > Hybrid deployments support non-destructive PIN reset that only works with the certificate trust model.</br>
 > **Requirements:**</br>
-> Microsoft PIN Reset Service - Windows 10, version 1709 or later, Enterprise Edition</br>
+> Microsoft PIN Reset Service - Windows 10, versions 1709 to 1809, Enterprise Edition. There is no licensing requirement for this service since version 1903</br>
 > Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
 
 ##### On-premises

From 01daf1aa4fa6b270395b2fbd72ca30f929c02287 Mon Sep 17 00:00:00 2001
From: "Trond B. Krokli" <38162891+illfated@users.noreply.github.com>
Date: Wed, 6 Nov 2019 19:50:27 +0100
Subject: [PATCH 4/4] Update
 windows/security/identity-protection/hello-for-business/hello-planning-guide.md

- grammar improvements

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../hello-for-business/hello-planning-guide.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index ab00bd48b3..7dffe7b0a9 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -80,7 +80,7 @@ The on-premises deployment model is for organizations that do not have cloud ide
 > Reset above lock screen - Windows 10, version 1709, Professional</br>
 > Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
 
-It’s fundamentally important to understand which deployment model to use for a successful deployment.  Some of aspects of the deployment may already be decided for you based on your current infrastructure.
+It’s fundamentally important to understand which deployment model to use for a successful deployment.  Some aspects of the deployment may have already been decided for you based on your current infrastructure.
 
 #### Trust types