deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-19 20:33:42 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'main' of github.com:MicrosoftDocs/windows-docs-pr into 20230420-licensing-includes

Browse Source
This commit is contained in:
Paolo Matarazzo
2023-05-10 07:13:03 -04:00
parent 7490ae825b 33f135c2c9
commit 49a02f9836
68 changed files with 1976 additions and 1496 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
View File

@ -29,6 +29,9 @@ The policy setting has three components:
## Configure unlock factors
> [!CAUTION]
> On Windows 11, when the [DontDisplayLastUserName](/windows/security/threat-protection/security-policy-settings/interactive-logon-do-not-display-last-user-name) security policy is enabled, it is known to interfere with the ability to use multi factor unlock.
The **First unlock factor credential providers** and **Second unlock factor credential providers** portion of the policy setting each contain a comma separated list of credential providers.
Supported credential providers include:
@ -40,8 +43,8 @@ Supported credential providers include:
|Facial Recognition| `{8AF662BF-65A0-4D0A-A540-A338A999D36F}`|
|Trusted Signal<br>(Phone proximity, Network location) | `{27FBDB57-B613-4AF2-9D7E-4FA7A66C21AD}`|
>[!NOTE]
>Multifactor unlock does not support third-party credential providers or credential providers not listed in the above table.
> [!NOTE]
> Multifactor unlock does not support third-party credential providers or credential providers not listed in the above table.
The default credential providers for the **First unlock factor credential provider** include:

4
windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md
View File

@ -67,7 +67,7 @@ To configure Windows Hello for Business using an account protection policy:
1. Under **Block Windows Hello for Business**, select **Disabled** and multiple policies become available.
- These policies are optional to configure, but it's recommended to configure **Enable to use a Trusted Platform Module (TPM)** to **Yes**.
- For more information about these policies, see [MDM policy settings for Windows Hello for Business](hello-manage-in-organization.md#mdm-policy-settings-for-windows-hello-for-business).
1. Under **Enable to certificate for on-premises resources**, select **Disabled** and multiple policies become available.
1. Under **Enable to certificate for on-premises resources**, select **Not configured**
1. Select **Next**.
1. Optionally, add **scope tags** and select **Next**.
1. Assign the policy to a security group that contains as members the devices or users that you want to configure > **Next**.
@ -138,7 +138,7 @@ You can configure Windows Hello for Business cloud Kerberos trust using a Group
---
> [!IMPORTANT]
> If the **Use certificate for on-premises authentication** policy is enabled, certificate trust will take precedence over cloud Kerberos trust. Ensure that the machines that you want to enable cloud Kerberos trust have this policy **not configured** or **disabled**.
> If the **Use certificate for on-premises authentication** policy is enabled, certificate trust will take precedence over cloud Kerberos trust. Ensure that the machines that you want to enable cloud Kerberos trust have this policy **not configured**.
## Provision Windows Hello for Business