deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 22:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #5286 from illfated/whfb_reset_PIN_note

Browse Source 
WHfB/Key Trust models: PIN reset availability
This commit is contained in:
Daniel Simpson 2019-11-26 10:28:03 -08:00 committed by GitHub
commit 4530936aa1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 29 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
windows/security/identity-protection/hello-for-business/hello-identity-verification.md
View File

@ -29,13 +29,24 @@ Windows Hello addresses the following problems with passwords:
- Passwords are subject to [replay attacks](https://go.microsoft.com/fwlink/p/?LinkId=615673). - Passwords are subject to [replay attacks](https://go.microsoft.com/fwlink/p/?LinkId=615673).
- Users can inadvertently expose their passwords due to [phishing attacks](https://docs.microsoft.com/windows/security/threat-protection/intelligence/phishing). - Users can inadvertently expose their passwords due to [phishing attacks](https://docs.microsoft.com/windows/security/threat-protection/intelligence/phishing).
>[!div class="mx-tdBreakAll"] > | | | |
>| | | | > | :---: | :---: | :---: |
>| :---: | :---: | :---: | > | [![Overview Icon](images/hello_filter.png)](hello-overview.md)</br>[Overview](hello-overview.md) | [![Why a PIN is better than a password Icon](images/hello_lock.png)](hello-why-pin-is-better-than-password.md)</br>[Why PIN is better than a password](hello-why-pin-is-better-than-password.md) | [![Manage Hello Icon](images/hello_gear.png)](hello-manage-in-organization.md)</br>[Manage Windows Hello in your Organization](hello-manage-in-organization.md) |
>| [![Overview Icon](images/hello_filter.png)](hello-overview.md)</br>[Overview](hello-overview.md) | [![Why a PIN is better than a password Icon](images/hello_lock.png)](hello-why-pin-is-better-than-password.md)</br>[Why PIN is better than a password](hello-why-pin-is-better-than-password.md) | [![Manage Hello Icon](images/hello_gear.png)](hello-manage-in-organization.md)</br>[Manage Windows Hello in your Organization](hello-manage-in-organization.md) |
## Prerequisites ## Prerequisites
> [!Important]
> 1. Hybrid deployments support non-destructive PIN reset that only works with the certificate trust model.</br>.
> **Requirements:**</br>
> Microsoft PIN Reset Service - Windows 10, versions 1709 to 1809, Enterprise Edition. There is no licensing requirement for this service since version 1903</br>
> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
>
> 2. On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models.</br>
> **Requirements:**</br>
> Reset from settings - Windows 10, version 1703, Professional</br>
> Reset above lock screen - Windows 10, version 1709, Professional</br>
> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
### Cloud Only Deployment ### Cloud Only Deployment
* Windows 10, version 1511 or later * Windows 10, version 1511 or later
@ -78,5 +89,5 @@ The table shows the minimum requirements for each deployment.
| AD FS with 3rd Party MFA Adapter | AD FS with 3rd Party MFA Adapter | | AD FS with 3rd Party MFA Adapter | AD FS with 3rd Party MFA Adapter |
| Azure Account, optional for Azure MFA billing | Azure Account, optional for Azure MFA billing | | Azure Account, optional for Azure MFA billing | Azure Account, optional for Azure MFA billing |
>[!IMPORTANT] > [!IMPORTANT]
> For Windows Hello for Business key trust deployments, if you have several domains, at least one Windows Server Domain Controller 2016 or newer is required for each domain. For more information, see the [planning guide](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers). > For Windows Hello for Business key trust deployments, if you have several domains, at least one Windows Server Domain Controller 2016 or newer is required for each domain. For more information, see the [planning guide](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers).

14
windows/security/identity-protection/hello-for-business/hello-planning-guide.md
View File

@ -64,11 +64,23 @@ The hybrid deployment model is for organizations that:
* Have identities synchronized to Azure Active Directory using Azure Active Directory Connect * Have identities synchronized to Azure Active Directory using Azure Active Directory Connect
* Use applications hosted in Azure Active Directory, and want a single sign-in user experience for both on-premises and Azure Active Directory resources * Use applications hosted in Azure Active Directory, and want a single sign-in user experience for both on-premises and Azure Active Directory resources
> [!Important]
> Hybrid deployments support non-destructive PIN reset that only works with the certificate trust model.</br>
> **Requirements:**</br>
> Microsoft PIN Reset Service - Windows 10, versions 1709 to 1809, Enterprise Edition. There is no licensing requirement for this service since version 1903</br>
> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
##### On-premises ##### On-premises
The on-premises deployment model is for organizations that do not have cloud identities or use applications hosted in Azure Active Directory. The on-premises deployment model is for organizations that do not have cloud identities or use applications hosted in Azure Active Directory.
> [!Important]
> On-premises deployments support destructive PIN reset that works with both the certificate trust and the key trust models.</br>
> **Requirements:**</br>
> Reset from settings - Windows 10, version 1703, Professional</br>
> Reset above lock screen - Windows 10, version 1709, Professional</br>
> Reset above lock screen (_I forgot my PIN_ link) - Windows 10, version 1903
Its fundamentally important to understand which deployment model to use for a successful deployment. Some of aspects of the deployment may already be decided for you based on your current infrastructure. Its fundamentally important to understand which deployment model to use for a successful deployment. Some aspects of the deployment may have already been decided for you based on your current infrastructure.
#### Trust types #### Trust types