From e49dd9860883154ce2aeb4fba9a0b78e745aef60 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sat, 29 Aug 2020 18:18:20 +0500 Subject: [PATCH 01/16] Update hello-hybrid-aadj-sso-base.md --- .../hello-hybrid-aadj-sso-base.md | 24 +++++++++---------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 8df0ef33bb..e9c5fe59e6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -301,23 +301,21 @@ A **Trusted Certificate** device configuration profile is how you deploy trusted Sign-in a workstation with access equivalent to a _domain user_. -1. Sign-in to the [Azure Portal](https://portal.azure.com/). -2. Select **All Services**. Type **Intune** to filter the list of services. Click **Microsoft Intune**. -3. Click **device enrollment**. +1. Sign-in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/). +2. Select **Devices**. +3. Click **Enroll devices**. 4. Click **Windows enrollment** 5. Under **Windows enrollment**, click **Windows Hello for Business**. ![Create Intune Windows Hello for Business Policy](images/aadj/IntuneWHFBPolicy-00.png) -6. Under **Priority**, click **Default**. -7. Under **All users and all devices**, click **Settings**. -8. Select **Enabled** from the **Configure Windows Hello for Business** list. -9. Select **Required** next to **Use a Trusted Platform Module (TPM)**. By default, Windows Hello for Business prefers TPM 2.0 or falls backs to software. Choosing **Required** forces Windows Hello for Business to only use TPM 2.0 or TPM 1.2 and does not allow fall back to software based keys. -10. Type the desired **Minimum PIN length** and **Maximum PIN length**. +6. Select **Enabled** from the **Configure Windows Hello for Business** list. +7. Select **Required** next to **Use a Trusted Platform Module (TPM)**. By default, Windows Hello for Business prefers TPM 2.0 or falls backs to software. Choosing **Required** forces Windows Hello for Business to only use TPM 2.0 or TPM 1.2 and does not allow fall back to software based keys. +8. Type the desired **Minimum PIN length** and **Maximum PIN length**. > [!IMPORTANT] > The default minimum PIN length for Windows Hello for Business on Windows 10 is 6. Microsoft Intune defaults the minimum PIN length to 4, which reduces the security of the user's PIN. If you do not have a desired PIN length, set the minimum PIN length to 6. ![Intune Windows Hello for Business policy settings](images/aadj/IntuneWHFBPolicy-01.png) -11. Select the appropriate configuration for the following settings. +9. Select the appropriate configuration for the following settings. * **Lowercase letters in PIN** * **Uppercase letters in PIN** * **Special characters in PIN** @@ -326,10 +324,10 @@ Sign-in a workstation with access equivalent to a _domain user_. > [!NOTE] > The Windows Hello for Business PIN is not a symmetric key (a password). A copy of the current PIN is not stored locally or on a server like in the case of passwords. Making the PIN as complex and changed frequently as a password increases the likelihood of forgotten PINs. Additionally, enabling PIN history is the only scenario that requires Windows 10 to store older PIN combinations (protected to the current PIN). Windows Hello for Business combined with a TPM provides anti-hammering functionality that prevents brute force attacks of the user's PIN. If you are concerned with user-to-user shoulder surfacing, rather that forcing complex PIN that change frequently, consider using the [Multifactor Unlock](feature-multifactor-unlock.md) feature. -12. Select **Yes** next to **Allow biometric authentication** if you want to allow users to use biometrics (fingerprint and/or facial recognition) to unlock the device. To further secure the use of biometrics, select **Yes** to **Use enhanced anti-spoofing, when available**. -13. Select **No** to **Allow phone sign-in**. This feature has been deprecated. -14. Click **Save** -15. Sign-out of the Azure portal. +10. Select **Yes** next to **Allow biometric authentication** if you want to allow users to use biometrics (fingerprint and/or facial recognition) to unlock the device. To further secure the use of biometrics, select **Yes** to **Use enhanced anti-spoofing, when available**. +11. Select **No** to **Allow phone sign-in**. This feature has been deprecated. +12. Click **Save** +13. Sign-out of the Microsoft Endpoint Manager admin center. > [!IMPORTANT] > For more details about the actual experience after everything has been configured, please see [Windows Hello for Business and Authentication](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication). From f7d344e677b5cc08595db7e28807cf422baa8e86 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sat, 29 Aug 2020 18:23:37 +0500 Subject: [PATCH 02/16] Add files via upload added for the article https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base#configure-windows-hello-for-business-device-enrollment --- .../hello-for-business/images/aadj/MEM.png | Bin 0 -> 53116 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 windows/security/identity-protection/hello-for-business/images/aadj/MEM.png diff --git a/windows/security/identity-protection/hello-for-business/images/aadj/MEM.png b/windows/security/identity-protection/hello-for-business/images/aadj/MEM.png new file mode 100644 index 0000000000000000000000000000000000000000..d98d871f21c168d773975cd48eb74fed63566890 GIT binary patch literal 53116 zcmd431yt1U^FK=W!isddfV6Ze-O>^g(v9RQ(p?J@f;7^hh;&Hz(p^f&0us{Q@PG69 z`1!{FoEztN&%NiKBS%=?`|LdP%)DmiHS_TPg{nLVhXMx)2??a|Tt)*433UVs2_+f} z1$YI={5uQqAF{KCycAN&5Y;B|1Dds@iX;+Jc{J{|DLU{oHuSlkGZGR${Qe8M+v%$X z64LMk1sO>#ccbka?6jA^zVAk@EmZE+tv7gOdhLp?&+V-?toKiw?j27Hzu(gq`j(QJz|LJR3(^O4X4we}v*4T6N(7-WfhfyLQHT8EmScjr7hx>b$ z(w$3Q+5JfCH0V6K6Ky%6bRIbPaF*`eRCF?7rrx-&zj*$MK_T|9f9MJ@{lCA9#fitO z`SUU{Gr8lR2UuV5%>8*lE6bwx@!u~ONc2LL{(e~_AQqAM_xtit9>bsfv#{d->B4zg zntpFJoSlzu!v``%*(iR1j{A+%xNRq%8_c}v_I?;z+Q{QFH&t$(d17a*8N=1@{E*Rp zt`=Dedh6kn6G(Twvd~21;l6+Eaa3JhErkUWd$zjz(2pwN*W*8;=Vc+HL0*Upma=&+ zznhYJLdiU@-R43Y`26}@B|`W$8k5?mF!2CS3iG`vf$Z$x}zq3Ga>7De)C#f6kUxi zkSWuhN|1_jX|ct}o-gm{AI0EM2)b@Bh0@5BInLKF-tBt(g$I(dPe2zvx_6*yWsTzE zH`e=sI@iC3%Wj{`Szi3UKDvyg;3t$Uedt?e)*1ezQ0J)9h-}>M@~pCA4&4qnn$qXP z?Ur#mw%~Qso^LnP5#ih^pouKnvt8o!z?ih7wbXNN`mYa19Tl z4Oe|)SdVt0ddeC7yLOh>dSI&Fg-yUBKI#6@Z4UF^b2XIBa2bVmK+m3@*|Q^Q&oY&h zF=&#Gd)#XlI=eqTI5;@Uf`yM`UH)y>sp;{vgosNc@6qGU@f?QZLnY2-rYPo=h<$oA zj&FgPF#7JJtK)Gs*$Y)xS~&F++|U6pIH+{Ru3nihtF~@fCD~tk>P7M^cROS0QRqqz zSFqxf!mMZPCJaTO@K^;?2d)q5vCAhY1{K3AdM3AAf^$>hfM_~X?tr;!D4@j&t`7<# zPEC67-y>i;n{Gc6)CudaE0l~qEN$br8+|V#c(sdk?+vkbM=L0TK{bk8)U$WFQ`Wl@ zT@+E5%Ydfuedlu~*E@tOUcWunEP7Juz?mp3e)>-1DVd{COAkGVVSO;|m-g$6Ylyl< z|Assp+3rwL-4U!o@nv!tX&4iF^sN)kzBQTAL)3uBl&^>#rLbR`uH3uLFZEDkmH^Cj zk=JJN14{b(`d;b#LCn~Y_nPVzM}a?@f32l%@7J0)W2fTc;se&tb$7xLQV83rhUf76 zTvkociacX6i1(3;WXYjT^TzO6>Sdy-(M;FDho!2vi}9~A6_mM&geY5BTu>AEuA?>Y ze`6~(X&WHtor?K_=27qJFM|JcZv8>tX_b>^S!5RW6=e~(CAs5=_Qvx%6y(VP&D$&1 zYTpbgf9ay&1=8}UKrY-P-O9|531VGCW%zs}VIVevY|2CLW4|MRMqO5pHrPJzxvs=y(!D(QSlRS2?e!1mi`-$udB@3pRP3{iM9P|%B^;hRXfZqw#CjN zk)t9PRdR=deI?K8Ef_03d7R!&1&{_ND*%cr=#S@{W6C@?zl&y6k-e6~^@@J}t-YY0 zA2?dm+`(nIL(BD8g!t|}F8N$&b~L`}E#{&)jgxYxPYLZN;9J14QOC($4B;k0M`?YB zYwPMffD?9Q?Mpiy*VJe+*Q|NVHTQ1HO2&kGiP(fOCT}Y|lD!FQ0GuHb*{(-|#4A_E zVk1T04)f2*@Hox~Nn!lNK|b7o;crJ*3WW@b$oOY~RmeQ);C0Fdu;THK{*F8w)qES( zu>6sS<0Wm;XceVw)$mv9&#<$K9Tia zrFws7RrRO_)JCawaYo2B=XJIl6`QUu21}*EQ&Pg>@#6@-T9so_x)&9r_wXU9sRrZ``Zx8s6!y{NYgPFgFMP zc0`S+w|+Fcy=-}?m4`06vKbo(N)ig3zsbU+OsGx7Bf4L+1;Km@3Vu80F?XI`Xz@w&O^SI){O_Jl7Zi(d#t|?raXb zo4gPXLwC=910lz2tGMRyM&3m$q{g3af!fH!@;C0V8aKgZ4?M`U=tAK%-EGd1)^ZvD z5v>n0z1z)IO?0QvnkeUU_qWAxS0XkD+K)L0?U|#E^+RdzG!Z^X$~6Ox!W?Ev__CWh>%B7mHUS;htx1&A zr)S&q4Q@wUEiKobuJ1+C`JYu`jx5?tb?AG@81T7?{gT;Weh|6~@ zY-p|UYOi7PHpNQv*+mDflY_(O;VxN3!8YJOO{(X}!EC=cB|2D$;twWKc)qBiywh1Y zJ}2u!7eft&s`ea>lD^o6DeB5$A>-k6j{S-g)(=s5G{eZ)kbB^FwNyC-ZZ!xudQs1$h`?M zdcGWQD3)Yl`LkmemGywESj5FBb;6P7NJu8KUtZ0CMgJh&UFkxEu1jy>)aIj+yVNwu zLA}edsK~ptz$TUl-H6U*B-%UvZI{R$~ z^0S{}D^(8p0c(Qw${`)-yjVH8n8>WUdB`Yo3Gu*A7iORs^AP2-S>nIBO7}C$oG|VS zs9_Qsjkw*vqVrWSX1Gp+)4JdgXBc1aw-W4ewrr10S6a8}OFuuPcw^fYIeAdxApKU| z5k?tUDg`SS6#a-Cn47bLw$CjTiNnnBx(w;JY1`AEu~-}G$!DSnljP7G+4gi^)CMbs z@c#Y%w*aPq3zs3HpT#>7wak}N_Ig+GL;>WQc*mqe>b*kGIvUBs@JeQInBPe+?BcC; z$_RXS3glk`TWjhJP0`L2!zZra_w;S^l+(<4qn#e%;qS0Wi;|K&;UWA9cht=;-QIWP zT|2UI`{A~K?`+5I-}fEOUp5y%e)D50;JNlj%AEU;cYooIZvM@2yvuuIr9eDY2=fHg zt5~-jg@g9to8LJhb?1m(f@Z(#*v<&<1|PgRbnOPVlf6YT5>l*8YM;ztDMCleq|8gu z-q2S~nEtm%*8#yE;jy7XHqZ-H;2dHZTqqIqJ3!=r7lmlvAZQ8wfsu4u?)2^();ti# z%ChfMZy=Q?S_U$FU!dwp_8dxeBDvv@E+HM@<8THN{UBOTu(&Y-4CFoxZ&=-GK)q1X z&+u;O;^=KBnf(i2{^hb81?l@UUudVK+C+iRpIqMT4P^qU+<1G)bv=5~DFB)ZH-3}2 z8k63iJC2XW{Z3aOMgxejx6tGTd;vb?AIGvRI1ChAve zH@DH<=ZLWk{|_rK28I7|N%vcHw#FeLZ_Ks@EQJM;38IHTNqA+Ni314+OYyPu%xM%5 zpBDV}D>&W%>%Y?3x?qW$EHVnoa#89}=FYt-$ZHoP2ILC1(Y2`k%t1VN3RG}({9rK69$uo>Hnq^Jvd)+Tl66f z1Z_>G``um`n%72?m7P~13gME%LL#n970{8#+p{%$w^w^kwzfFk#C2Y;`n@>PRzj48 zbZ~2-%v7s=C58=-jR#$q9P3Rw99T@xBp2Uo?Tn3-!LKw`RM1?Xb12;l9fnsk;qndc z9P0Cm(~@g0%X3&Ilmh>BFSGF-CVqo&TSCEtvwTt8?%Nx6ObQ}H<)4gYBjk{&An0~> z3boJ3_!$m1`Ws!OX&Lp#AwS%AwL-(+Z?l4-8i}JHX8U%y>XnUfEwuSv4hAHA?MZ+K zCi*1_>BwroFkDVJR@?qxM?+uOr=Q8a;fg_FsWsGu8xN!$s~+($^7lX21$Yo7RM@q-??;XlDU~aq zawmp+-?9m8pEZ z;toovs%HN3xe_UBp^;Qv+{#`6|B(}Z5f2;&^4j@6*)B=Z`x057*Qz`OS=%gZ@PmJ0 z1!O^(q9Ecdv7BNb4mWh0f7$&@MnSo69ZTt?hPz(30qiI1+Juowe_JL~#Aw^Yf4)AE z;g*VmdJ~KF+d-qj%Qy4h`X2o4IIo*pQAY>J*JR?1`qDDVIhUg11+B5@xQzqw=LK57 z#TMI(>Xv0b$f=Z}LA@cKwtThp{*%OjIbFx7gTiNu8juDjQ~i-HjgE~#(tb{R0Oha# z9Ezn(dNY13_j1Ms(FG&%kuPD1GTxZs9tI)eM8J{Y0TwcWb5&)ul(>-%;?3eR{V14o zaEScXr1tgXw>)6Y*uukPxMN)WWt zW*^m41?KHVcR~x2Crfd*4$OC0y~!^bMEQm)AQC2mTwA-y6DINB4>gzK=TmHVjebAI zg#-%?0N$cl47dt)@zF=*xGKNB}z|C;kYD!L7{Asf4w8Mo&P~Q zmTGyAcrRlwt)2lm)llC5kMZ#T7WT#lA#PX7>R!ah=NS>>}qzh1+DPrY&|*@?A>&Ss~*7MqVX@-KcRG-vP<5MHaKs8e^w)r zdA`CXB(fa6BIw{4#rn9wF~o-zKqIWtvI+BA(}KH;$}H zQwqpSGZcvZ`%(Maq*8}~&$lh<*Go*C>9=q%0olue1gGVRJCEJx@v^8*o~PSStp;o| zH%D_r#p4-R|0S;g97GA?1u5M)=`?#>&r@oKX!<$#nZyqoG;&Zl0+if000!^F1Q?_Q zf_Zf(cP|R;oD*ncA$eT(!hf&KC4y6B_RD@PmgJ}Wh0g|XG z9aFbArPWgyJg7Nq8Y{pDk3Pk~tG(!<7eiM`;YlG!8(1RZuZe&JOWe?k?(+Pc%Of{VGsz$=BN&c;u+dzLQzTRe^De6b|sZg6(e z z@-b5>uaJg2EDCU2)HZ~+i#agwFW{X#L!dRH%k_;a{XnCJ1oLwR`KMeeJ1~U`k~Dg` zZpDtggmZ+Nht7L!hsL~ZHCiEpg|0Lr#uc{`#CX9f2fz_&oVDzB&IzN&xSCXM>|hqxGvc_va9`NauXL(8*xD z8gLF4u#zT;{q4G4qPnP)k?Y-2Ax2XfA&@Kzhg8^P>7c`@eL_ZRcz$VmRoyxL#d zI$}%h|A^Sd`$6V-_X~`QPpPmS3@8M%jdwT_hiOKVJ2vDN{z6RU^Gx_Jrq`u$DH?6R zUM^%xg-NRp!o0?=2WcBUS$^1!RPf_d&9K~WfR)U#$5#ovFS(!#%F8J5!uDN=&&-RZ z!BXiY_}TO32zcnh!xvaX?3eKqI_(#a@6Z>@vZaeLq^PFFMik&t#4|*?toUqr-P^8D z@9hI;JI?S@mH9$}tHr={vCo8@@mF?$2jYbu9+0oFJ)?&=pndkO;rHl{<)>L_>f^u7 z6sJ%&6AH2^P$13NHX(oawM-$b^gvB>;vpYDziiFHZ{M41%>C_$gYAW_+lX4~iF1Ze zSqUz3nX8VB(<3cF(vAc5Agx(;fR<%FY$1Lrme2Mku>(^;wOh$>)N%nB~dfUg8Pd3lQuwJ)%|HfvlWycVu{+1{-STGTXE-1ZSAJY1+4;gLGE ziu6xe74|`!BVcP{-wd@b?j}JkZN)1Ik;YO<9X{f!4|OH}*uIJSfs18TI)wMeD8UJ3 zy?EOk8emWSVHRQ7{-bS)&c75m%xvmowTJk*N>&&(=$*QCbrw`P*37n{&X8eGu?Na> zqB|Vf80a>3q7Ewu<7XSyWt2o8W=$VAG2YEH;g6ErwKf_MuvM0woF~YWhG{;3dw0&m zD6KBczVz+u20_F;-Dxn?kV+|;;2uqcWC&5;Z0*|=b8&KZ57Bi+-s)jA#`RpS6ZPZf z&zcVRCD{w6z#m8#+!|rM=_#0oMrSr0v=~>%JX_m++-6r3^taJ6{Kzg-qr_=uVGKEI ze}S;)TVOY}Tf%Ot?Bl@|V zpg^D-!43QkMx!^cG}4h&WF29HL=h)Uwx z>)Gh|BAs%$;_40EQyn22rj#}a#wF#DI7_2=?U6Fdhm!~epNiVX)mB@MlmzNsHAqMH zXDhg<>rhwA&5HMLHa89&qXz1~o$he~K9JUuK4es`&ExRByIRbQ>+1PPFTEAMG|2hV z-58G;bAcY>qF z%0h0Mw_c~`TnVE`VsxVM>+0aamo%t`aSER+hEvu&xfsjG?A3~<$?l2M4q57N0b2?S zvo@}-9~?;~2yrlXxK=oU5*>U>jH7-1Wys5RI&4zs6VxVut)%E!Uy-3e@m@16*S|RZ zjD+(ueJ^!dE`M--Irv`c^Q5W-Yw^Ls!uuKt&b!lrv**m7i{HJ4TvImY(~VeDFi%IV zEcPC;2LaKPVQ~~x6veNgmPzHf_1@l?kH46}0`=(dA{}rOV+RG++gantO>FZB|iQ! z-e2m8#hA6oTD{iU;DU#jrjDnAsXh*QRdzDp_e0d zOP=BhW!+MasdJ;)U8Oi?_f01!>?bjTGQX+wOFN(fD%wXWrOjhYsn0C%gJ7r?Zoe#4 zVsZF;HLEk&rzfuW$CN3f43AT2L$jC&;2a@~ z#yYW7Jm^mq!4WtwW>R|$rxAh@9uWYq`F|H+^>?O9==dF1>e ztSg@JMe5a%tQgT$_%g-S&b*a+%BWWf)3| z2~o0d3T=8*iwRH>LDQej#zm{RM|*9_+;R6NP)0u+)-(a-;;HgKiY?N09`%;p+>RM zMR2mIC;D7&mN5m=BOQ66^~F~yVC#VTx)n>`NJwlyZF%7ke?R5dFrknoas)l}=j|?C z-k1cksE_4&{v#@(+b88;;M>szI;vZ}#3!Br##_0eDgBnu4lgY$cG( z2QyRtsWA=F8VtW9ZpRXay=n~K!X0S%HmlApF~Vpes1*1B3SD#&Sk{51I8pT2%nBuA&nQ@79fHkM`8*J5J#I_++X|%wy4!w-2xlDn57vE7ydB9O9BHBho(BP`drhY)}{A7vU}8>*XGUH|DSK-G|7Vq1bHWx{{$PqM7xQHZDl zugK|vNbEBRC(Q)XQ?$Mb&iU&ElWTg-JgIo>5p$M=7fasGh*)ZsAKln=pyEhWi`(-r zl)$*ycsm986tNovggdedOh^7BU%5Fozp&)Vt+)qdfha{Hmu&dT>u%@(dyq3c#m#K!^NR@qhf@990ZWFU zcUzz1=xRVNUC{i#1)_@*>;nM6Dp`>i@(^0?0)z`eK-y3h8PlXTjwz9_n6H`dFVF3^ z6`Ja!!1@W@!RNCZO|XZ7myjbZO0=1Dqg2S%DuP3VL+e7CBDj@yr zyEi=&3&uRpt*}yqQP22*h9phk`1gF4-~JK5pm^nGG>n;8X_n=8A{n$lq(}KHl0_k6 zoe6?uWnN~ebu{8&1&jM5zndsi6M`~0J?NGitsM6LI~K+mGZ!qAu79YAfY5 z$W(GQ5xU{?bQh2DP$#OAPZ0d`edVZip@REak%Hwwq#Q2&T9ifugx2sakMtA+RaKC1 zq#fe3teR#8>Y?@kiikX7u5F}ZMF3cDpXGzxg*E1&W{nvub7cT{d1Lp$UI@yy=foHq z8Wi;Yw#-8G3IN!Y3BA||WIZ)xftSbK0u;$<@p(gmj@|-q)Twu^AsrCO|1fy2xzUyc zz8}`LvVysce{p>b{}3F2IzHf?k(MMAUf9Rs)gS?79Tw!-`#(e%X`7=C-(0uR-54eZ z8Rh@+6L*LC??3jQ#v({0VEO>j%k&@1+rw{8Za43=#~9#G08S6!B31uzy+38kW~X6S z=A<8@sazSz9g!{WsmgbR|2EGdt~t@W*bAq}Du2lpydm;$Sn_FwdV$Dl&SSgR+Ld+a z$sK_LUFsdizu$a&F|2k2ck$W%wB$0zPv7jbY5wvzFH;)jcJ;j&SPgiJw4jnp;*M(&~K^#3Ln|0};DG z2Zum@OjIWk?+lS!mU&N)0MAKV)pkdcJB04f@lWfK@51Fx#qU{4fLRB)0pk`Sj6>Kg zt=yyG%dgnP&1-@| zL%NV8Y2mv0{&n|*Blh(A3;T{V6l({ep-)ZK49}oMG!8_;iX7Nd3%@^?5DBKsOJE@yp`uq?cWBSnGxaSSY#rbWR=3A0wO7F6 zKW%#&!t?31_{Txj>^i(N$bo+!zLj6#EWEsjR#|1%Y0sh}lak=0QB^1_ARB03q865@g)f(3I z8L*d1Y&EGPeSETA{(d$pIuoCX;BY)a6#*0ma;^`JJnWo?PW&*+1Y$A7DXmrN@F|S4 zl4+-b`hF3ne=XuOwvj#3IJounZQr*woKP%XTK?=t#FyDG0jG?V7=k==r`*no2szqn zOEsXS2>uW_VC{t(rAH=TGNau&l^I*FJf{k%Ef^dH5K;}3<3ZUEBGw1zYwP+Fu~AO`G$})fe(&ICm!Qxko(^vrSw2^rN7#^E!@UW zSpKWGQP2kU^Xd_GVYa1H;Ai<4Plf>(eS=8LUvO_?jLN)|n~;gM)%Xu$Oh2~X=wBS) z{~xK$KdAFRYd-z#ocV5tA%5P)}C3n8F+qyeyL_5R4Vwy((W zgPD^*D+$X@QbO{uAXK}oxcZ24%JHo%&3bjkfxJ+94Uvl|g*M3#7JlP!2_q!{6u=Jo@ zJRxbM+HKEBU4yk4KqK5b+R;v%egFxc-`nfhb-o|>My4b6U25WBYDOlH<#NaRvx#L{ z74?Ul?u!|sUUDfppqdHY|Lx;vn&C|amWJ`0k)FpJqkltIRU}>w5eu->jgcGnnX0RE z%p||dpO5d}t>lQ&Pda*dISD~z411se{5}6H0B@?}7leZ{K}u2bcj(c5Ft35+(fthu zHaLtdVqh~rbI6g1=W7j%?wnW^$O;-BTK#R6NJEDeSpVy`@0U{Vt*^pK%_EI*p=v|( z80$?HE(8Q2Us3-8`hp3Q+WaTfZ*F_k=CAsmK1mgfq7**eWK9-#GMebH$aH}B41IbU z)Y}J})sYH&66E>H!qdhTrc+&7^vEherA;xzQk15crjtE_F`-`9H1nsdCWt;$2xVFezm>nBcK~N z`yvQIBX%=mEOMMJE^_<%C7aHi&)K}2R@^Jr0+j_TTd zK&1qNR;vEbsMM!62j8aEoAEuwLBe(*CrU0)>ZrC%6- zMs)Q#9AH%_*Y)IR!+kbCC#ino!){A_qW?ks)}8VGB*lS~R2ypC6^!=D+xwcUQ=;n& z2MGq>&3>U9{y_eaKfuKHHB{yF;te`{kira(z?S+ZPwo^pl+R)~}R=(vf{Cr(cliIVm(P zJ{D5C3vZ1M-{w?t6?%SUGff}~o_<5mGxw8$;zM1dx8NeO2j$~$dD`%sA>q9=m!En^ z>%;Qb?YNxBJF`h1K)jld1W>I?*4+1GiD@_UEg~^-u(aiN#%?^{Scl&IBeA)!6Lp>@1c>Bms|K+iqsC98G^jobqpsWFs(=(@Q>OWxJFO zVL`(bI}$){gpns~Xa)V?gpUXkAfSZ*le5qF-n4>9FFl+sHgYqOWfK0zV_-hvua0Vj z)+gUn?}3Dz5PL#;Raj=@16TBCmW(5tAZ{8+46ZXFM>1|y#e z2t18TXzPm>K23%~ks?(X`~Ou~ycN%hc%Ahmw1(NUp@fN)Hj>dwLDc>1yWpMy<8Q^X znGJ>ajStK$+9iFLRL3sk(dL4C9xRWPjx@eHA+oK#;PaU5!AtP&D{~j7B;KDX2qYQ! z9ug!SD*8U1Z;o1H{Iu()R7BRt?$JNN7teP;0Eo)Ls1O{C)SWi7<|9osp1H?pg;5zq zcc;c_YOJXU3|~LG){v`w%Fu;8ZPZUhRpcWig;56d+C3*LU5qy=iz#6{uVpdsh*sj~ zgQ-3uN{}4gf3W~2;aCU&x7n}01TKk51D^y2mw>YAM1H~0K^@QijE~-&@`QUGF-_u# zrf_nv=r(=&Sog|RF9Dj-Q2qiKj3&?wV^ICI$DL7sb+eG?-AaXz+MTv-VaN*-l~pz$ zz30@e9GGS>j1Z{-=?s*OVch7xn1V7SRD}%L#~mk+Bo{<{HKt8SN`i4!o1(%zh+{ItpwDds z_|-n3_;PggWMLO%w9SZls6ctxYfEQK(hR)7%4o1 zw3W>)vUQg*&K1j4!x&FD+CK>4 zzs?&?sliiMbga{$DP}e#q5f(i%bS2FlqyA2K>BO!n%G`Gt9sksgIzSEmZo2NkomK_5e%lR-1(Cx+Kgk z`N)i#il=Rg!9UMn?=*qR3c2^SHMzsir1`1>E_WJgux zb-&Vk%%rm5k@j6%Y`9>$!!csMegb`o{fhTBI!2$aKf)%%KBO`Y>s*AitHJuwYjmt@ z;&SZYK9~{6W(|B>_N0ND_qP3`IwAz@VZI0IXo*0&Baz)U1R*a-C8OO^J;~|*6oanzwt{2tt@gY3viYUv-v6I3PV(+IGG5vWm-!m?ME2^BY>9g!uWFwsC z*2hDMl=YWx@Q(bhznT=~UzwF!oc-k_D|Xxi+Q$KkSe=NR9lj&pin9-kY)R3Zk|2ol z@0UOXM92F!C5k~e4A&g^H+?qt^mRkm7db~{ECbGab< z7GPb!Lo=`AdUs@39pH=XivunOowHT+BMU?r2XSI(J0)S*za-wD*}wS z^;iReC~2KMwE|tPKLzExE+35>5iSmdSzr=0NMb>I__GEa!wm6N^#~uy!A>A9CPFA) zePL0*WHyG`ei{4>I2#`(3@E={yJ8s$uIX&eHmp54rmm3i38UIDnRlmrg4A0r^y_Mh zdf(?!gKHq;Eqkz-K;k30E=>QkIBp4Av20g;`;cCA6P!iyXAD0_PEip!50;AN{qU?~ z8Js?}(4keoP31D;9=skq=-hOQ}wblEL(k>}% zPl!LZQ1-?qY4|a>T!7ytR{e!tsjuiL58k^$(gUD}1&)d>TScRK~tBHJsa zM3&8U#US)vl|Y!->(0@`TC1+F-FjHu>lIfDP@B#N8?QSBNF`@Ce&?VN8p^WvY8TXu zE~>R~1!^*5VLEcVS7|G}Slgp~|1&a~njMKOq&yOt1b$-jY|SC00C!(0>I*$te~7Hx z563`b2|n2>fu;O?9n;FJeByI5-6lhdvX`c{_tEoBKMv%uvn2^^k#k1l6^$&^KgA^Z ztH#x<5*dq({=Iry`rgfHvrYPFH^!@S+6`f^>%$z1)SgdT7)gVoHAruHl%Pv~N{aKVi~w&0|OB(*X~3{Wiib-BJCaDIt(pYlZL zYh!)nbmwfF4SL^;L*6+3w;QQWdzJZ_^V-v;eHWxb10S6xVz9s7^YGuZ06#mgkzm}3 zirU`+OQkgZc)(DnRTyv$T+pbnlVnqp1Kn)*RurMTL)EF;ui%B!twTap#BUuU135St1M1RdyPJ}DN z7!tb%9ko+XUXg#5@2<@7Qck?_OGQhVzfAF@It3QZLKjG zpp^vf!5frJs{;qEu%mo>n{g7lmOqM|uwh(?ICc08)BGcld(+a(roGw|Zx8vUl^5lH zcMniWc(J*8JvQ-w>i#N6O)5u1wgdPZ289d7-U=7}56yNDjHL^P=c{di2K86=msO3y ziJ#=i7m^kkOj9oGYfbB+d#MmMIT~a{0X|6Zpb~X@7vtr>KP`mXm!fTc{1tedgV#}f zaV>99I#a;=#H-Z6-yb%+K8=>un(6{nK^ez;&`dFQZyU*%cMXbkf_NU?cJ}P!H7;iC- z9~e_pyXgJ;QSC|@JA`;S2dtcV+V@f3yDu{qzqnlq&_f9IZk<%5KRJqclnAJXn75bA zQJ?lLE<}c86PCKjdeISu3qia4HRkd1mO$v^uc&6(sN^r?fl6JFB?xB4STv8g!)_x! zaJf?2_R+mSH&kgSvtn*4&wm%qcKfVXAQqdCxi^#+uZKum&O2@F8IsNS@*a%CG}aXD zV(|onZ)*wEHNMFq9yb~_I;nPn#m5Ao?q^jbtLk8lolc{Ba{r@jIKub!C}ZQh+qHvV zl=`o-oihyr;G<63C*n&oiAjril4G>(w{%|uhu-J(u$Q*Q24%u}f4lU?s}vt})_S#j(hTOFV-jH| zK(zSXH5~2OC&VIP7PVX2?%1WIjo);*=J1jsw-0w?o}E9uZ!8c$=bjT(F}mp}IuS#y z@##EI5TjQx%#WMavQ+~HBl9&FXxkq#UrP|^4c--kcDG*8VXetVufqvTt4;efe<__&Ct|}Glk*5ktZuC=g zt+6G#{ajuDWbGe}ia5EtsM(Qrs)htK4j?fC(`N#0(^_x`>zkRPR^yK<0sh6_gwgho ze|-B}21k>Y&mGN1K-Xr;FRm9be<^J&NJraW)g*8n8s8AN1D0_E4wDwOrgE?84zNh= zFo??aT8Hq7DOO0yVrIy;b`Ny2_zzzERY2VDJP&cZ_MP(veqp}FJI57Km9b`n zAVQFCw&(?E9*-1YB%LVFWPj(^dpM&VUyczSsRyf!88kCn(3*xGu?Lf<@R_o&NoDj) zM@EV#5Lb>V!5XkalA!lw`(G33_vZf?bjHMyvNZ3i0^FiG;j6)Es^s zq5I(R&lwToopBD|?pU5hhj29QP4iw7+-$y-j=k)wd3Gy0M>Gd9$Q7&=I?niBfq=b; zgiwX#eU}<&bjv)h)ef5StROqAOf90+G8O%ZfN=@Smm{_B1Kf#4G5hAQnUV8qkut@* zf{H%@0_YFkhdlMT-R7$j;PTAJ`Y(QW{TxkvN`eM{hJ4zwiY5PjpwDAv{#*V35##=1 zWBxNtKDtl(|1;1b-xDnV6)^wo`QIVyk3|0wg#SK;|A<9@Z0rA0lz&$XTA#3qkRV(@w0I=vc0;qP_VBQeLd&^3wDyVqUVI$O-Vjn^A+% zmPT8(#3AbDUtVrb%B;3hk3oXUygU4jJcfrwDZES32Vv4z*Oc7DuQ1biG6(T{bVZ+K zMHVN2q)-Bg{eBpTQtWthICErgLCfdd*sDaZk}>|TCJ>Rd1MDg!Vb5Yy5U$_sJPFGK z#<#x#BOx%}(@Y6^Y=WH~o}uL!WZ{wcBlcfS{GeyTGL{(3ckHBtFYNi#2lI z*R}|gqssoUL3PP5nxD)T3x}=%3Mttg`Qz7 z@}6tjUG;*Y-C<=UW12AV`!oqLkYGau;Xa2;3A9^_Xp>1Wij~g~)hMb0< zFffY(?fddP%7Go>a-rx?MviuDs~j$eoQf=rLun4&W`g{{$G_oV1xCUE0T=)Qe$%sg z8GJ{(?4$0#Js+UxqHS<}{f{sQu&XIZrI?pa>W`9PXsR{(f*ajt6JwFY7!^Hm_28(1 zEHE-jaBhP(UFEdO;|2wM-Z}N`=_GH1pB@-aBSN?OFqr>oQC0#o4F|*1 z*zP=|048i3;W4<#YutpWE~hcZ2Ga*2-Q1{ve_>uB&$3+F3*(CPm#xj6HmM2)s6CU! zxI&v9!vQy*&e$Q|2@6GRo~saVrvMj|In!+Jkcky0c*_ifDXw05{EkFO0HqY#9}3@S z2Jh@m6DP$YQJuqAMmROOiU~<#SBS!t9-DM5I?}DbYWp<@I~LA>D3c^DQD_kAImBit zg9JR0EL_f5J@XqRxL+J5jtj1A{a>`bbySq!8$C*Q3eqVEDBUQffFJ@Qq5{(0B`sY; zDgr7E3J5A7CBx7$beD7uARyf!1H(O|e(L*McinZ@UH3m1Grn{Bea?RN-p^@_GUid` zy{Tx~(2O86oN4(0b2bROa%BPXQ1Mb+&kkQuN}Ha;W$#t%O!{#D5UeRccG9y;zjNtL zGFgrgQ&~ow_Tw+$*4P#Lmt1XUSOs-bsMaR9A#S0}$q9zqJM=h@CfPi1?v8r+@Fuiz z&q}#>8%v5LGyEZGSVlPCFc5+?^K^5}GdN%-%YL&!j#ruuW#LA~-!^$8L;W3J^X;63 zp2K(vrj_LBGGV4y`H0^vBG-ptwaSs(q~ZN+;Omz~kyutPG{VrUnv}^77xXt$bK2x+ zRnkva?trF&MDlNO-_9^A^7QyV%nR$FKqb#W+UjOl5PkaRAr~FCy&61+;1qNAF1#b_ zug?qC6jnhfNpBc`h7yNwip9w-F^a{ib0er2J#)w=2Jw%dfZi zk!{_4(WyWF$(l~Xb3JJSg*E?e{cM-@ zhLiA|=BB2BtHTt-E*$rxTUC)U+IOGB{ek_<1W)3{Jyj&EL7{yPoH7GA3p)2UH0jMi z9!Lq!{+IUkS@_&#VcPXz#WvTUmM~P%j|i#@PzTq z1l;E*auIp0Dzevq+T)aR&QSo-5JfiPZ{WUF$YJ$?=)?n{UkYM>S+5wvu%w5s+rIC{Y^7plnV&&431TJdl7*m+%zWU@ej-Qw!R|J^r`+>)tISzmvKhwJ;{ zMch4A7n6CICFc($Y4lgGcK+Q%z?qOWTeceBCx-Gpomm6Ij3Mi6MEpMljM%*di+@K( ztp42$!#CoJeC^t-{xttMqIa;NLT+9C{K}%-J*X#9&&qEDO?@yC- zuHS@C^{q!rZ`Zo5Ke^!xVh;uCJ0KXN8WWJrINe!$KP-7lLKc6JVgn;2o2nH_|9WvS z8EBJndJQJIezq6o;3bL9RJsDPLv8WRKAHU=;Nq<3;2xHj(O zUzuBjrlT}Mf1Yro0>)w5*NMeHl9=Dbx-a&PRELYUc$$<%@>DZLC8*u@-Py;_4?YXTQ_;wpom#7kmAI-?1Mv zI3;UU8_~7Dx;d{AA50sOnwpv%QEsseGmjH4?lH4C5xx!we(EK0lB zk=z!(o+38qpej*`)iKFMDoG13SWMlu5iY%>(Bneg!l@yFe=33wCxzZiz|V~Z9YvUZ zo%b6*t^Zm2wZMi;MU~*oWc|Y{%ump?qlcuD{zn@9fr!0b<0|)Q9Y}-go&I7SdsuH= zvq)-bUQup-Znx4cRtGY=QhGi4Q9P^@t!-CI3-MiD{Pb)>tEQNoyh-)bADQBv3y&Z0N8LxEClJR=^=WXIKn4=OGcw>zfukLL9 z-AX^R7=rwEB>9q7XqOOIXh$p7{%dcsc3Vq=c@cy-|I1iD;W09ySK^~L3ZiZcc4J|` z3HY>J&X2LtHZJ)I4sZ%cu|;58XBK_SdtC67M;nCbpKOf5HoDRryejtRy>6&$}t~)ae{Y09&bb_%Wjt1yF7-Ih%NRGU_4q;b?p)K6y-_m4s1Uq6$L8n zpeGUodsdN-8G~jI&F7+314kL13YOkWE!FP#Njo>3d!l)J_(n_zk|sC)qAG`@?7i5p zms|H|GD~{`7D1Q`@Eo9$PmI7GwEgP^ri6*sw<3==(Sae;iLC)dTIHY58eN>Hp#11_ zLJ=Zu{LkOf^o+7sh&~XI{C=Nnp-I@0d={|%zi|X=G;#V0G5r?W#sMu%52wHdSVvfg z!v9~78nH$j0eVb1R%T2PK0n@?;SKE;Z15Y*zGKP-#BJy@82cZ7<9^&eVV!k;f+G9S>TD`*7c6xk)ihcWT_+6xAoLJlG8&OO)w>T zCkH=I%sLAjtx^<#&4-v&vIf=$UZB(i_S5D_`fjF?GD?JXg56F4#tU#+FA$&jv#Kn= zwSO@_@=EH9_?8!ffUt}|Tbq|SKON*ByrueC|F7q2%=s}w$|_;Hx49g%NL3x@ zh}wOV#M3}d8w%3+16JH5o?!mS~sQvY0;c}TxShATJ=2%tO@md)Q6 zRYG{KrJw^e>RYsoTjngQ^NWrjo#1sg!%nqV{Skd1T!z@+kUCt6CKj14d2ho)_Bj+q zCojYnbn_xgig6DM{5f3#Qp3mr&k)QIpPsAsH_SB(mAHeQ7}8z1$YBk5><@nTjF;4_ zSjC#jqkp8si2HFRVoTZy;P(cNny-6HhIB34>5`> zR7z>x~Rq-ncqfoBU)< zDK$9rWsVZFr4*c=9p0<4lqR!BiLy3jgV7O<$H7vs2B^42Uy0+~oxD<%DU8(@j#XgG zI85e508sqT+tvwN`M);uz#CwgK&}y2>+yL_VtVJDSRpVD95xe?(3S?ND&!vF+0_jW zby4N_^QqSuO~q_A_4;L)`OS}%f*91p*jF1Nt9b8Yag!r83X=tBB0f6n4`b@K9Wtgz zviiDViVcg^pQYaW-ntlnsD28e3pe{(vCMD(c zjN$Eob(a|Pl^v?UbVYUl1*{AK)$=1g9e2@Biz9bKM}7I3&#z|$y8^o6!TMOS*Y>QR zHh07MrZXIaolLZP$R%)hR_BUy#&y)ELV!-urb>rVhDlpweu)>B<s7Gur``Cbv)WBbc!`80+WDG*4e>%IgaATTJ@T1l4 zlkFJoG|?a7Bt(1|qc3v!1glwpA7q)6Bd0(0b^Om#Esf4Ze+D+}^covT9!%-HsGVJl`7TNqnFfPeYMUZke@s<@|bb&pHnca)APtYI$+U+V4I*@`^4I-Sb21OFV4g(&WT zpWVjGE7Lp#+MX?Q=e8^|l6-8q_#~{cGR&Ov!-shBJ{A-@`|PE0m}c(t?Q0}{m}fj@ zPo8GB+VuJ1bi*VURYkG9}T^H&!Y}-N{MnF zn0w9<(@(l43U;SX3gGO`GGK12e?MgU6Zsxj;%Th=oPQKF*cCc#t@i?==O5ikg5>69 z!Bt_dxu3;SFY`>gK2LR~*Q#k7+d|isumq-crS>Whb%Rb24k0pW0EVr!U3( zWa*?f7USeIozlXt@m@-~e@l{ZE{YQ?;2B9;WHR1h&y}95UGrn-WAAK7^+MZu@R+(e zvDHm+)0vABKn97|FJej#VI_+^!CLO!3$dedKCCyjbMsUbHtVRz2rd6;ycO?0;P(aw0hIZL5^MGELrFQoY99#|j_C;4cn^Qm!A|ev#D?Rx95A*=5ukcr}aw z03!TBGI9P!!UqtaU$KR0(uw4(%xL?bFBE2_|4fS!XjsU+O>XFMt}%CFR9wvJWk#l%C z@pDjwcz_g0oqynG^N(S;8iiUK-OYP$)-t;nLIw_?debLv?u(KZ<1cWfmJYGxYi9IW zqMab<FZ(1q#<4rAxWW-*GnBy!z?{!f$h+}@}XgDeCwn1xN&}yczW|BoZFpxk1 z?o{>;6&r23A%ONw>X)K0FFzGjaii4fv)AWk7%<{1&vOza&` zqU?zz88a_0Pf){!K2293H7B4#@L|=6MXJv8a;qnslp01>1*TD&K?=&$%HMDbK3Ted z8-g7D)IF;UT|OK$4lMN^GsFGl;P%l70iY%!JK{s*L@Td+U^rX!%WkSH{k^x5NV(UjShTCi~th@STG zN;qD)guVwSBjgsNRh(t_()w#J;QjR%q29HJi7Lk4b8ceO)-MgG>EVuel%+ovIBms( z`-k5QJ%1|sC>sy6r$9c24%3{*MJkaeZ{j=8FN}U4h9{kzb9m^0HDO1XdP35*G1TKy z&Y!Q?gOLKw_S`7UqJ&SR!2Nk~J{~hG-ClBnX)?F9KGFEh;u=BdWG|Rcc)lp;ue6gE=Nww*KK8n-0!fjji52eV15s z2&pe)q(z>nDau-@%#WEUQB7o+LR{hlCNP9WI;MEEn0_*BX%UYK=#{Ra#&qh-%m6t5 zLUI-sIMFc=&5{ndXe8g5sK*pfOmdDYlsKy$N`Dl9%YT*xTy%w#FoE2PKsO`&rc0qms5D1^#Z;9@42S)dJ~eM6O0q2z=t zTzQ*31;FTqSLk5(ka6o#k$%n5(Uh|>%;fg#q})^VvP=gcRtav>kpt2@ZL-2Nv~?`Q zYm?rb=CUJlR>?a2WsmxZp_sI8>tYeA??+ey`a6 zNm0;L+l2HM%)G0sC>|kqK5+-k&1-ycZ|a86G5 zV!xeSEk~!C2XM!}%ih~I=myrmL4XDlB^2P+W0=@6G6o-(UkX01K@ADflymHih2PgmY#v9(2kYYPq9U(!w7M9JTkcL@?Y8c*e~xISHO+Ib`cCuJ@_S9O z;p8&3ow+=4d{Al{NP)qT7MHq`>Fab9a%VrOh)K*EoAkK2jrG7EaAerYZh+nW2UYNV zc|-H1|5BoHNIwfQjnMYWrQE zB&TJ6dL?Nx3YGK=229j=IoBrnDr8VZP-Or*6l!aa)p&&bX_?v8LQ&ZR{>te~(T&TJ z@MG1?pIxYH`CF{6XDHdJ`1;*8M!i_AZpn&f$1G{rA5r)lT4`KY5Ta{m9e zk(4$Hl^TraV7o_9&3}{M%$nwI*?c!%zcW+mJSRC;q1+HK<$f0=4L2JqBN}eB2VC^C zFU1aPme1jiuz%bLG5!%My%&h>x$|qTvIh12>^*UD0Ku&iT+vA=N zT{=H?)MkcE1-!BFS8ln;>&|Xc3J^e<^}0MLPEvqhV%TD8`sOh~^*WaX!sx})T>`83 zHO5=}wT50?YAotS&belJZqLQZ5Wg)pl(#@BuV$|#sQ^$j z5wR@jl+TK_bHzh9o#};E#E#;D%Ya;kvHTg60rMh&Km@2kN>243U~I`A#;uvDE>Fth zx6=f@7(2&UA1zue7G?+SUuj5IM}ZD#K&E;gTuQ#w#mBeFCquC>rrDu;mCPR)Qr(-( z=n&8sE~2}BgEoPQpn{eKCt=xOunAC4b}{e2$1s!BPt#~3kzih7F6!LM_ zd`5_fYNAZ|t&b=48`k7)nbX|E(wYcJ&-n9=Xf~_JhAR>+=C7mX8F;?XTk6JDlxfB8 zb`bBnP0U1QT5?78m&lvX@)|IRbd&-@4<_nZtJVZJE-&0WOTgHJLc0Dt zZ+@hb7qp$-0yP_x_QfAcmHoQ;E9c`QbPQZ^&8hipCsIz=D>c3`I(d`nM!UEOxyZ~C z4!&kHH^M2E3|v<0F=V%Wg2${It1UsKEBt~i@j%gC!Y0k&y+->XvH;MgUCuu$4VgVT zy(TnGbaqELF7;!>Wwy2)jn^$+iy~4v4Wf6m<*z#uwaBasHl6CWt+__4u4lD8$1q*FX-&5-va=mWR zLT+>Uq^xEj@UdwXnO`LP?=Azu0s!Y^z&0-`D)LU;8Y^bifCl&EswSq=@GEQVuT|(Y zRIl}X1)J*gtV`NVRM5Ab+2)>mOE-Fs-x1c4-MYFNlYu*mncs7a!K+ff(<$B#(TLj&1lT2#}xVcwWPvH^5zXT=5<(1?b(*2Dhgo*3AlvOl;ak-r6@E_S*RxCN{6mBQN|!9wqm&N8b5}f z7x~Ynat9acXf1e!aND(Y44^@{Jw&6-o>C!$9pPzC=|+wCoP4m?PmETl#u3N9OPc9P~??=zgI5xE=b-5f?JG>!1`%5onf7Oag7Uhs%%0dXaCR~k#!6-38tkgJYm;<+${kER?fY8Choi}$67D9M;_3`w>AKiBQX=yk zpL|b*$O?A)KE(V3ANRJp$@{M-2+qwIe0Xr?6_`pZ9-o_v=D1~JM2k*;LPz4`n~C>t z9*vua=Jzd2&;7hlH$k~0Fq_e6G|=0akt`X4FcIk<^)?R+UjEXP!zNJ^s>OFpGUkWv zWPfE5`?phXA!dfBfs@zdyBM;El1d@kF1xXMu`2rc#(38UDHho63VRy)JPE^MzJeMf ztTl!#)brH#K@B)*so26vhL0|(+i4J->PDv@8%{23a?IUO^gb|k{(?BeV<3u4x8V7ZhG}Git}4; zNn#iU?m#P~rlR5yr zszz;i%L^s)E=RUE|k;+w~!Z+X9jhJr-)+m#i z#?~I1wuN%`oAF&QdjBGXFDkR1&`kgG{nBwFP^QDTLoLT4gC)~UQRb=Z=ePs?5K*&8 zW5zuLC@$yW7Q#$B%M!cw?eQ_aj-&9+d1~{9069v%?){yY?=z3DTaX()UfXY8dFcw2 zuq$dA5MM!5&-QqYJ+hjL9;Mqk<_YKNy zW}x;exb~TrFp&6~Si}GljOf1Q55nfkv||Qq46Yo6?9sO%HHs&aC$FcWHcBTNnIpwb zkI-iiuoUI++>p1NLCJ1rSu~Vy&ji*xZaH&(Q9MJgBx&lEprR)11NMeewYU6ShiWSv zXUa(>r-jVD7XX|#{)y=-e1>!c+8;*I`gdvxJTh_44jJaFJw>a0m7DIERRY||IxG#aLY57^c7w5+j!wO7C ze`WrXo|AY1D>y;bAitK|Q@?$;fQDqQhOdqpCBE{U~YEi7!0k z5v}}xfXrSebA$U^EHpg*sP2C;f@g8wH&!2Y@g#@q#Cdbm3qTl2>F}sFyjQ*|D?3MSB$^ zJNMC3G=6Ud3k0FQrn2~VGnnbNI=crCNX;tNI6R0zKsxUqZms4RM^CF(zd*FLeJLqE zVSP7pDm_Sab)9=CBr@Qk_}a-#&s7{vf68J9!!xEg6o1ZE8<&0BEnVs#9qU&93u|NV zGz~>LZsKMf+;tlX1MWrjVj=1lIqU%uX{`st-bx$(<^G1?mOn8;Olk>ZL}$*!>9<5P z4M9yIRe0~QgKv8?<2but&S&JzhseqgsU4u;7b-_zio)Z)CQOY06+~TKdY;vEoz&}K zO-JnHb~QZf!+y0I%+Db8T6-4a+~4T|8kfL>XMBz`+*$Iy{~Y7gctwUL<1-r={c+1w zlSz9s`tS|DS%8zF#GEm6hWMufcAiShmiACm`YN;3GSai%VwPu1V_Cy z?!?j>a3W|aIYPN9;h9mcCg zalPGl6grO`jBw5C^%Ym6a_b276bqI#prG2-E6ZBHB}cw6PJHO`UA@bFW)Cf-D9Q9p zcyBm>Fq(b*?Gbl2!NBwdy*dh^5h8L{S|)!I-YnmT(saM>GjsLg9xlb=8+Imlvafar zI&@$veiR~5&emk_5vZwQJeB-sl%!s-Uz4$-=Ur%eMZ-bvdkR!A5m+NEevn`9g;>25 zwmX@85qs?RHOT$TT{D9HyOU`|34SZ^oc^gaOdu`P58=m9^veXYVJ3JH+YKV?%_3Ui z{sro!7qN$kYZh!)53Go}jwF<0dbrYK;OET_!UQn7tR+UFM8E>b!{C|6dZ-g#K8k6* zDRRf_^d8|cU8CCz#g0sO2kf?K`RRyPj+e>pv$32cP`9lhocj`QeaUqd3o#F;1DHCn z^o1m3_F{b^%e|N08V&9SIx zhnqn`NkLdllepQ~#8)2N(vu8PWVF#>6N?xpjesg}ZbEcRWv?l(DfNtBJ6gdSpA%pe zcQl`Da)0|3D^gKv+8V=bHl0{NiZxC>Wa%>*8p0d81`LxtMQ0=qTX;3JZm(R0`zQah z2|}P+%VXkvZH^)W<+nca<~I=1U$ ze#JtJcp^*vswgyR*#yC_rgO`pbX?~& z2^YH+gfvgD-{PviGM}$#;y4(siE~S2g7h5*u%-+$W~7Z%NfYo0kJL*!&7}*Nz_Hx0 z$`@k7p1@(VReZHF1Lu_;oxCy9nymqx5y+&eOD64j_y- zPooE=E?@Ri7MYHyLVJ0zW*o&NDhq@Gdbs1T2_LwM{`8b4aDn+FJ!@Y(%v5{K)%$}K zjIZ7S+qQAxrpA@eDh|c9L4tYSgiuzD=dD+2W6xhKG!{Po3B{Sgim(AS`cG)SbamOGa6L|V~LF^%>e z;d2o#Da&DYD_;3@;z+AqVzz*ZmelcU2gkHdNq7&ifBKNdRva!C8aMF6=a|y^GFKH} zqTjC0FqH-<=i{FYPCtZn09?HLVmsghzcTKu?J&m#W*m5a*v=YwR^>@CzccH*ZCLI8 z!(+^FY-k9W!sB)7_yvvKyRdT-e0_v>i(-mb(1h3GjJU3%EXi=*c-3Fiw>6IDRZGJF z$9!XDpUDtPQKAIhtg4paaA&{ePxiSw@ygL&L$#&?QO8x9QRGj1v8h?V=*a; zu}H1j%dxIq#!_}0pZ$4jbT!@E9|V=Txa?$^1>Omu#wxfiOQvCv)?SPs^R<=@3<>#}09l39p@Ds!l89-~LA)f2S|OLP;S_QpLBeCe&VY=6b*%I4$Cf;sA^U^R`;3Oz8%9~dw?FCr(} zsF*swJ&!+m&o7bF#xjQ@C)st4r+#?+VX#J6DfGG#$94K#Go9ef(J*1bVM#HeilVNY zCWZV{?I`65uu*?P@wyV;L@=I)O`&!!F`YU_1)nW0q6egCoQhPb$1uskMt`gr^Y&K- z6ODv<5v_i9*h8Gc1KKU$(qoYAoPvnpkgRRZp>lvHTV@E!sSIp|O6*neIX5*r7!>@Fw-xaky-co> zRXK3^2eT#{ypgw0ywch8Yi|+koK51j9nF(9mG|dQZL1no z*THEnAUHumpSf4e5}C+&8Cx#}2b+DC=(TBKRy8OXgOG#PER~YAoU+-*aCV$r<5O-t z#OS&FV()~Q8!CfCk=Uc;)oCWsV@yCZFUXEHQz+V~Yj2sK9nQYYAd^gK8SB{l1k!l( zUC-MUXR^j?v1RuH)yUB&{a@+MjdN2K$K#ng=4jx>6+6znQs;&74ir7;>J#BXD`fy8~;Kqfsd~_}eWe zOOr1=i_G~mJhPG}8f?B_Fi%gAiQw=ZtT@4)r(TIZ#Xcxy_w;ycN)?#px++*(R}1{W z*v##Bk^=97B-$En3FKqNquHHi#BwmqSqy|YwL`pPg6KqVcF+l9_ zhmj`T)Ya=ebFz_5cKLG*2dRfH>DFA>NcLZ1e`gPSm- zimpe(^Y;%tY(Qj|nCkaeNxw`lA3i8{^OCFZ^aVnhjNkmYznkm9u=Q9U8sIhy<(M50 zXxVVg)9jsmKEkMRIIv40oWP*SbYUwnE(ZS&oDxhO9BPuZ1! zwLKpZ@YQFrJyRdg-(6u}rCm`?{wCSez4+3YZ6lb#_4}Vy;#h!7KnWaNO^-JwhX2U^ zvN8S|ad6YFu{H1JZWHrANeO3Vsd%Tsu@dOraz_3l`FN0Wf6k!t+V%UuN8$6Y(lGx_ z!iX*G{nV_%&!+adlldJv)g6rv1yVhv?EKz^A|(6U*xKxFIzK zT~{P@9+0c~Lse+rCEz}+{GTBP*|#5QP{XsfRF16V8S@>nRjRn&GkEN`80e$J0+{Jb zZBj{xuT^$L^!p1^choc@dO1a`dOx5kTI*(eOPym@1H~C=xZ@!^ncCl7l!f^2j~0#b z&7pqWkgk{VTG_}z<~dA=+rg(qJvYuL&oZ*I%FV}9U&?x+D|%Go%raQhbG&1gTp?vQ zdARoWS1J>IJsmnh9XDLGVuQni{SmS2NvU-|OKrZ>G|UyaN~wiYnEe=9US0-eot-DY z+OG6vh)myjSdIXhpTjVpqO4SUF`Jn$KGMeuaZcloo%L!9TJiIr%j+LvVUtQbMG&~y zBqJc=)|f5M?>jubev$CGvs{-a;?!dg(jvHzs@+D&omdI|4}24mcC-AbHez_sQ1B}M;5T( ze0wC?Uhkdbuj#E$|Jb%j%pk3K z#$Q8mayF=~Q#>=oKq}d!Ib}UgvCwgAs#4`)gD_w~$HybK0?>1m06}gLs@-R(+TkYG zK=mpvzT3`1t*4Sy9_Q`62D(g6CNTz)>5y9FR?W_|xBg6pJ?*SfUPk!|CsCN^~sEk#!Hc2bx zyJLTI_>~~Y+Nj=qxncK-ciaKTHFFumeHCLyHGq%(V1`oFnMmK39(k6Q<%cxG5ql>` zSl)MvRy}}P2)O~9IF3Fv8p*fmQ*~KAAup7B%)Yb`v86hgl=2gnPf^n~%f(Kqd<~{g zIk0czsqwUMcqhp5QK@Y-l!T0*>uqW2$M)K{m1=jNVA=QC6HXkhe|Wf^U|fDEU)boo zCI@)X9d;}Cfpp^_DQzm?`%%;BP*|(6kCW@`u)g$azTaAz;p!dGfztg8F~4VX@2R$` zw(FCOo=4$=6vv&z3!9-SODtdf8VE*aoIuJbX`DM8@ciW7SQla6PtmZzw`4 zbF^zO2$dj=byLk5cCNR?Z-oibANrDn=K422^?_m37_B?#v>->H zOxBk?AApsB`=+Z{s+Xmp5<5c5>Nv&ySnz&Cj}A&z(#x@%rlCGtWmxUxIyK*j!im zmZn=`m@NI2`$yq!n_=OSWeM?M))zD;YR%Wuu82c{*9ck4*LyhXSb;Ynf*sMMv-+$U zJ>B-ly1|CT2nL5wIKm>GH5NK(i3;^?;0@cm%zv@7bCCMg`+WH~7^}Iyz};~2IEzyB zqjfPeg`T6$$Xww3*6|^%&Jb{S;dTXq2m#1g^8fTg3e*SLUxZD*`Kl zXiZG4x0IO*u2R5akp0;Qs3xpGRp|KqxZ%+Yl=7FB`u_x+fOda?`uvZaIOr4OE0M6)A^vINHKwVR2P!(Z5LiHtBWB z@q`CfNv{~t5(Om_+|jv3;)mwteHhGiNY1xiY8{`yW=3wxu|+z#yC;#5#9arLK9PWk z_KUGE-TS$nrP4Ve7P-o;?0@v}_QjD;KuYdu@$1G9DGEmzpYl!S=g)wA@GbK%4Rqj8 zQM2}>-l>|*q^{d5RbJI~)$rG%Eg(}guP^+gAC$BZIZ?-WUSJpyY9^KqvhcdG=CHdkuQVbqe+TjrM{;6OSAw! z|5X(8w>SaqG4$8B(f{@T^GB^aTQ%E|yFga)+_mFhX?t%);HK`3)@!tbvwo?{?N2!l zKu^b*eE{MTDxf=W4yMJgRSE-2jWx+>MyQjo&my!cZLyZ~`^R4d>>c1%S_=~OzhoQU zt^;#H-|uEXkeQFCmGQ`9;{&k7U%+uAfIKze=mC&@LqNz(S5^`_;&O4dFDjlb2(0xOP zyWlB-{yx3!#=7UbD>@anU0rdSpay~}@0QI|^2+l};*|#~a}_)cZytem`!c=L%#s__ zQw798Fiii1mF+GUHfvpRFAdQ_p8Vd%0`NvTh#%A#2>Z@>q0{gaP!?@okAcFere(V} z=!i>?Pc`qqQj|5}X+ZQk8PIl! zf}mKC5Dp;%jO0@X8qpH6ha6}rrxNDhSbQq!aRFnczgN>sj@fBp=wZenqi6k4^~%uW z8aYvGmAMK2i_QN1fYb5M@%xpA2OHHF&wkYU8W~Z&_%I*W`*2v6O1g!kzgd0wmNxLA zyG&A9Vaa0N>!U{cOE&qBY6tDM;b3#VWY0fxwO4v&YZ|%yvQDL+tn=dH)#VH1Wnv@4 z()}!FJET+RoPo^o;j)GnJ^_~$fCOaRE%HEe$aa}ABx?)EK|p7$6MbZ|XUXFk03;6X zOMl;I0Lxvn0?H!kKOAVv1*){iU!ZP z@pf)GiKP4osG_dj^VN@B-&|CTsZ?In>kmbuHKYG1lK@06>)m-8ci-lyI`HRcRw>Pnx;^z2onU<8|LVs9?J6Yt$gd-t~pC#C?^*p)yHzztZHqb1g@oMEh*HT)7HOA>Y>gVYt4i%k^9`Wa zVJ0KHri(`dhvhv+B*?os4zpLidb$neVgJt!n2i=*XEh~o;*e}bMV90+OMl;b*tyG0 zo~Rnt`T=3U&m?TJ3mEZ6Qc@~f&(MG}NB`EWEt$atSsH})dIxUgEJKFr zd-NLk85ABbj&RIxnh^C;?upKr;|naZ&)6})q{?BKanW(orx&$t1(dXvG)@ z?~iM{Hl9qX7A69~xH_(}kRMA-2`^5n71R^wGYd$KAuGuz8Nl~pc`oHFWz$YW_$8%m zaCt$Ka zgmy5N1B7-^K?&~y5%09J7LXtQ8<>y+#Z7{Tn}3k7WY*neP>_|Cmw5RNBM=WBf#Gx+ zMG{wH68)NwZ!kZG zE@_d>7U3z7y$Xb?&hpG&;S|P6iXyA^Bx#SW{nAybMg0Q6zyF{lfXaB`s-SI=`d&Vk zlvT)DI1qkhL*PCltF7bYFa2l)ie zofpB`v1S7$IH6WGM9Yp+qs}a;t+gw6Ck@^>=kPH6?{Y9|F!wrOKi1g_^yq~eBHSg$ z8ek)FA$awf3um7(pOE*F$Xyzx5Fn-ZzO5@Mb%Vjxgoc9c-6r<(J^xGNrmriXpBUmK zGsGpoW?h(ccPXWdR4lK;TXQ99<%+e`%-n097WR#-oAtD6T5E0dmR=W#Vl8D{)+W`*UMnTxdNJ~5<%FSOU6^4}$uJ#IxvlO_J^)Iq*{-bNXdc4w8btyv{1lfgJJ#Sy}`)=>e}FX`R4xa_~{6^Quh8!+n-G|{B_9Foc! zaDGRcvn54fp>#tybvo{OLdC6t3k7%gXdKq`O;6>7e)I2BJkkFpZMk!!MYXj5S&n~` zA^u?|{uM0zD-Z>|M?f^Yp)(!z#H#WHW!N*OiFG_sMb4J|1b$EZwd9KLoIXfAe zhLZpcyvke_!7F)D7}N!^{vGiFX&_2Is`khC@&4|46%`yD@`VEQ~?*Z4B z1ho3ooJ+scjBxe$qOr;i8%KGW!$GL=PLxWfVTCI(w(45!Z{emt#CN;itHFJn7sPb! z%S$_RPR>5a3|7*N6kmOICI4Sc2#D`6)G?_jaOFfC`DuS_v(BM;4Q(e%=Olv)7>RbC zYglp?$dm>)qG$!}A2sThCagjFM0`6ouG)GnrW=0Y@Q_t#w}Jjf`*B#C;QgQd24NJ2 zq3CRsIc$5pWPMI&6M6i`_tSQv_sWzxJaBjI+W@2ngoglHj7<2nHk_{sV&?2zLJeSo zA#ByN$}^{WxE(0|gzjn$@bgEjP-h@W#6$sy+u0kWaYhBSuQ+sjwq|=_mpBJ97r1m- zd9*&aRo+Sa*>P!TA{ z3-R>}m|1{W7mhCx`C71ltli$F=^gA)JmpS1pwIuJziOOl+h%xuOZm-{-<&tm3mXyJ zcyzZL$8@%4j-5V!e0ep^3!DO;Wshf$3<=_i!QB1R z@`{iP1@<~$zm{P@k;DUXUg%jG&Y=JSyXB-m{Vb*w7n`4=khp|t0!#dWLe(Ft4$=e&%mJ1i=+UXary`EhXP--R9Vxx zE}t_vfGSQ18PiIUey1^Nyy#q=QRXWY z!~6#A)Z`w9AX77SWU2RZio@@~FQ|{ssl;mPi#ba&jgRFT(6ITLZB-WG4rXq_$vPzFoB z`x?h5Q5+TI8h(#SQi3^{H9VFdPj$IUL7=CYrf57kM~d0ZI0{2x;#6DeyXYvB z0@e1|4a(=wuC&$SFnDq4^#t2kVsA1qYW-ddi4ew~xsvlRcF`;C8;3JZ#Z7+3G69Io zi8SY?8zEV;yUK6-AuqvFftTw66UWhTLMV+)R^Cme4+IHWUmUi003;3`UrH5a& zb2onG!0A$URM@r{c^4;hZYNRM^>UKR&U9V~@?PN!W{QDktJYbU^2=eRwK&AJqIoV| zbC~HB%SICM4R-)fGWf}&Ab0hR7eICg%mxO0;H0yY<;SVCZulCM5DysE;^dJ(_ z-KkPi(jXF&(hiNJw8VfQDGft6(j_5+Gzde3bcY~aLw8Eo-JJ6~M>yZ_z3X>#t$Ww~ zZ`RE0z2A8D`@TWv+IpTWr?NJw#_RFj;VV< zirc95w8PrO^mV=M&av9I+vS!c(T=<0RiWdDBJ*<{TE~LP)8S1F5AwQw4{dfTFj=_P zYtDv73<(FkHk_~_AEQP5$gBt1&a})OUqdc(9!O&%zc184_kZPJ=FZF1X5*sG`5n70 zqYR5WY1n+gm)*Bk502Hp^^-SDGJ%D$YZ4;G`=#X1)zg-J%1Gv58I?*$eFStYS7-1e zLtfz6SGRlt1L|n|a)N#qu;pzMq2om_C->M42`J5Y8wQyL#EcIk36i)-BJ!}cpcnTg zV}?J^k}Z>I`(-sFUP@ewUW8*&?9$-GWC(8r4L(T<90T8bvKIjBI3Wv$X(!QU`rSux zCbZZ+_L_c*6P-K}M1xuM6he?maOP_%(6Ni}dlkcm@pvUP0M*rF#=P;fQiXoUh#z&= z;~f!_n`AeDRKt>20ljpOa+ofC<2Y34h6UX$>4|h?f$>V`2-vjEU}zhhXnlSSF!d z^5Yox5$JsSIcLip-Z-0l10e+5MnKq<4~uof0idl6dgv-^ew$!|)>FJ5M(YV0$JcmB z%6LXOL9Icuh%-O~D=zpp{r26b&?ZLAbX9XE^Brq34L@`QJ(Gd%(lWNENdcbhlm(n~ ziOnwrG>FeXp?|TABscDc%P~?k%8znRx_9V6Mf|vAS)2dELlZ&DaS~Yx-uoe-&UM#mg<2ksC@0o zA)K69N!cBDqhA2zhyL;5v+{(buvDC1&Ahy9Q>T3i2U;w4zk)ZeH_}$7&o0)3Q#JR5 zixP#w+kQDd>PEaU#z%&z5(<&A!}K^$6$-@l!DHQ1Pk?gql0Qa##-7E`_6Av@&Jr3r z^ApBLz{Cd`lWmN2p~7@mR#FkW;>&av3`O4weFY@fz{DW`0|v zO@oT(y&9XIRsVBheZpV;iT9+F4RBxVXI$ufb$y$AU~7eMuvlV={wCB*d8Ai3-M0W6 zI3h{&qj4_XtT8|+rz6|MzyX9n_n5^xlq0U8`Wa~q?Li9NiRg)hC~tysCi_6w6Eg4_ zNZ=RZeF{DzUrf2CJ_FRG;G6ey*Bl+%@XVr#gdf$5j_W{MOt~y&8xU%@jO`}Kq0tp!Co&@-(YS4E==k$r22>?%%zF+ME`+@IcwXfuT#SIZKxve?hq%r!Cy5v>}ES(+#B_dhC8a|%)G zz|3V5UcA{KG5pTS`g=}W7RmsW)gZ&)M?xsqlu3Fm6^9L>G~rO;;DZFIZ|F=UnKb?P zCKxTEP@j{a5>L8d#~+Bz=}^BU<=*fFGc3Q)*$dudHy``1c>k4Q3Xar4hSf*-%|;MI zBSXH|mxz^++7EJP#6Wu&$Gg~~l%FCo6t5K{#Tv_dH5T|WBo{y$>0X3Vfu-BD z>7f{?)c5&X;l?%_O@0*s_(I^As9(90H0?USIv&Gqc2sKi@oxr<7AaVt4t*PS+rJdO zPgKr@OdJ83)9BDC%kG|>D05~}MwHqE!vZY)(ya|6B*b_e60HYG`hw4W`Ece`pPG0T zplS%RVegWXAT+25EXA$V;9!;{HG73@NdnmqJ>4#JUPUyu2`VosH29yegWh9}la#tb z7&RWyM7y%WSqoT!A+iXa&e6M_#+HXKC$O&{@6YUmwctk)-tcjD3cN!4GmMl)TBqpG z{nH8v@om&e=w`&+=@gHHpPWEc+=kus@V8zb0b>P-HDXQgw!1kq4uHwJ9ka0Q9Rb_s z*tOi>Ac@#^2ClmGt7r27z!3U+*F^I_s-yfHb%%V}PhfVI*4FQw4a)+to3GIIdMA*t z=dK>?pAPe*uejDMKJX)>o4o38di{O)jN2ij=T1|B*a#r};vcx9X@FZ(HF523KyvOa zrL2s1a3w7LBFb+vs-u{aa-u8#4R3&S;wC^eY>P_|*L1#rg%iwtkjXGJGr;72^tOQEaar}7 z!YrWLr#t@EcTEcbW`FM2xMEx>L3EQf{5z7R8VIz8|Ez8z#~DQZ^WmeneFP<%x|~xp z$Ydt2FSyfeJ`AA`jMGVI1J^IX=anqO{q^*?XBfvz-4&PSgGbUEPzmQD3by_Rvz`zJ z#y>fR0JDe;NPWkLH;jL6UFv4ZGum!ac`4G2&K`gcJ=G81>rnH&>@_OmH=G?Z5Eh`H z_g`{eK?IRm`!Q84B)N6(xv#Y4Y=TiolYPP4dCJAn2ikOD3!cF zl^5u#%mZ?kTE_d6=9KvC(ND9TjH1E_y(1;yG1w25qhMy52!qHU>^3o=st=D+<2gk) z-x}wzAM^@gW4d_=3ov0p@Z0pQJNZst$ zVJMkA{~3O#BLV)UElKWI%gRhyF`$MP_Z$xUZVYzY8JZEUOr5zyGd8Y54M^h8&G4_a z=!V`fTy1YLlsy83V(FQ8p>#3@Fg1eshiCV~#mo?9H|zvv-RjzfM!jYe#zM5tleEvDbfAR@Ss zbrBk5R2F~Xy~RvvwRe>#|I<#?e>^C>H#zp z`iu2_>|*}t5o{9trw`t#@*o0F2B zkJALe*na-BWhLPkJVc1g8*o13IBB3O29D7|Vz}bo2EX{>C@D7?CTy zSn}j?opUJWqf>!s{KU*J7^WU=6+pwTVxb=--ZA%0sESm$lS$C5wG#q3#M_WLz;v>~ zTkdM#=zD!p)1H%*mUevjAXtdcKcDTL{$C2y)JTk zAG3^?HWAXiKx^8xG~3y*+f=gev>jHK%c-X^oW2s~ zTI{Ti+SYf$fS#5jD)J@3rBbXd=i5Eufn;c?462*P&U6-wALZ}`lfmnr{H0Sm!pz1X z8Vj=xQ#s|NCmVV%;)93YumVPH!{-yVwe~2~?<>mRz-x<*s4g(qfQaMm)$LU7P8$$> z;IzS}$9v=oki%k=cqtKsZ zS4%MU>#KUATz2`q3(Z__eWSX#ULCF}5H66~1PzP&{HGH5ckCb#D$|-b;_)lv%hmF) z?;gk9Gz+E_ixs)K-6QTN+tNEVm;9?;M9UJUpH=oa*F-~$Zdipk_<=uwg}J8!Q@c}C z^>dy6**)R=*`4xC!XI{8GPl!yo$YfEGIj>fwo^;g=-xzS-tZCrOie0-#by=$V~Brm zg@480-98}wPX=}VzLh6X8evY*exWUtNxe|}i7&Qn91kyVk#3y}kjx51@qUE$0i{O& zLNz+^x}9%9fyKGn`C!>z6a}C$oE>gxy?$L`JzEbT0|76k9}(JZM&y4kV(oWlXWWi; zoWQjO+Y{wzJ4K=>@Vnlgafr2ibF>d@H3AeK{l$((McBzbzX=G)O9299ZvsAYfv^aG zF8z0$D-f{3#r*%oPZ`9(s7zx6Ojj{B%v)zPxc?fW6j)&!$!@@jO zxKwcg2+jO^#D9C@Zy)pjPXsCdmgm32k^h^m0$80u5e~<$1GeV^4wm%X>j{I+R37(S zE&}P35(y#Oq5-zlcaEa~h67;A5c98-tPX+&qGM2ys3dUr9~Uc!8JtVY~B7>ay@hE)3`Q4Cu#mUnC*hhxhW% zAOdksF`^#FU!0$&yxia2e#?>%FTH~56Wjwh;{6sb&q4iOqjKZKN?XNIePiYfbQt;f zEl`lRJ_&cxu}$NIVYLCJv7bKG97%_@g+#PcRaOL+VB6nS4S=~AA}a8$^FsMH|B~@>GwZLYwHu2!ll>*X;nuHbRi2*rn(|pc>$FI(3NNh1?{J57Z zDWNUXZ44bbT*j^~{{?TVytnkA7klETc&chc>SSI_enb!4;tF?X4J?xu8ihBPJ(&dV z=yNuURVI{5tJc$Sa>8F^XYS`CO9!Cg0hRP_hbI8dS+RECm?w%I&Ejllx!TKt5d4bE z{f;&QFFX?_WJuT1?6QAgLMZM>X7Vwc#OoB4_}0C~C+#DGlb*?{F^~)Ubcn$u#ET&t zDj9M}Z4!0a`*3pqMESlNB(Tzb`CS0%82CQJoawGMdNBJyH7qJ}rF}O!3~iaYXQnUpBj&Ec=Gpy{*qI;1#f)~DvG?6hn;wwt*e4xkhtpkbz2kyI*K zbc6&-jx2bfHx6G-GWua~1zUCpy9aslo6Hzy!u7qjbk3h;Mb*dXOlm~?{s;^5^zOrm zh_}m9H^!{Q0HV(o!X`>ty3Nnx)TfCv7W*GabuUJMgUT~o@}?b8K8P5P5r*(%ztxFH z`XlU!NyVIvG?M8LqOeU~{9rC+=`X??qmdIfz+bS9fHBM&ZkWJJTlM|BM-KX(1C+K$ zhHmpYkT1eDt1AnHQtQX-UkBjL42&9m$Latr2%7-8aiWUAUIQ&idrEUVaknh^0yZj zr~`d2r;Yl7f@J%Eo~6ooKE%JRPJCMU>=Zsc+-KXxr74)L{+rp}{0$mgP8scegiXS3 z?rzxA#0&5@XgUBe`<2*f?OxUigx=I8WbZ8z$-)`%7=^kuVU#rbEa#*bVC5cRKCRC= z*83`{Si#NIllE{fydcW?>~8^|FPbK9$3MLsFENx?3@669bZ`9J+xsSw)Qi(k5aQ^Iy~{)%&>MBHQX^i) zMZQwEY|!_LIQApuM>S&ofYy-+Ze8YpMtr^{E5VUKKkNe6SQt`%3(du|K8|p;&CbVC zrv~^Z&$kga_RQ2_rT{DcCYk;B7U1cPe!N5XrP2z;@BI5aHdUUfGSdc}Y#dQ?rMtp| z<9F`O*!y%O@@KXJdHL=>qkMRX8*HtlU&8OhoR5#c@KsAoU^EcpPw;Op-u64k>SsIe zTzwCfPvNLu1Mp`T?p>uFHnRe*M*q4IQ0p~gKrw_V_%~Hj4yKfVqo2%;PXBwO1iTP> zzb;DC1Zx;LMl=Bu)J^${+r7F#cf(T__x+gQVx?Tu47L4aOddUw49yg?1b z>PeGAYY7l_g=DGb%i*E#HdwAUyIR(D1av@L>#f8lKnr@61_PU)=D~!@B%v6WE=^HV zZS^9}mnV3NKWxN+Qy~@}3XP2CoyOnnr{l-lo+K8m9?q?;{cOT3RiC-nrdDESp3=J3 zVqj1l#glCNBMED_8vu}vyGcvHdY-cQIZh8a!FNQ^+@K=$Tp95J_B8k1t#kw97&vV9 zT8UvjKZ)R-0;;)NX)zG|%dC!)fv@+DI5XRwpz>>C+kG}bN(U;){qHIXm{_RQM!&>Y zY+exo6_lKUf}LWO?^@FUCdTRB(bzk~HhEWEQht*TvG5slmpNFCe&xnV#5q8%%0y#V zwYGRQE{&z~#Ab`;+50(nNyV0rjM34Gs8jTthJ0fU9suAqXOASYyFN}EHw>#03?%fg zlp3Y$x2=jk!P7CJ|E|^^ii+HNcdn|(Y#L7HgP%@C>(yDkKIl(pl%I8W=!?uAa142TA2!9qIh1spVh`ah4%ertr1`yC{T+d}pP-{$Q=Lqr zByEW>g=hPs{NMa0S!*qR=eym+`{}%`R4;tpY8_SkeCHwQcHlw7JOC`-T~Hsgv!1Et zN6$;l0y1gR4G*$0xO>pap5g2EqDBcJwS|4@`7y4M6rhHS8RDG(-Q|bLAoqk!Er~G_ z2ZFzvS|_7ZM;Y}`y@?QQ$&TtP9!A!L>{w@`O;Sy`&3v6q`7W44NoV+LO>9i^TG>HO zqn^P1s)afOq+M*~$xC=M2p#r4^6VLGA5)N}Rh4Z(GrXx+G2E~n>nx!&q5kDd4!;2} z^_ItHa|3p+*moL!WEwbHof^4={Fib8$AX_uqSZNC@ZmD@SSj;JwfmX`3<~e_lq=W zd$RTxdw`NXT&jgxvgaPF4|_2kL+0`RMi$f}&mw%htA>jTF9}6owG#%1SW9SR31K$j zZDH2$X^ah$5}q0fXPj6kC&pz7r|vY^cn|?oMM%1bSYcVi>HhHJJ97mi1m*9VHIkkn z%dkJP(Z4M0=d(~Iu-llC%wTI37u-jz#BRIduo}<#)mkgU>WQ#5F)4c$WDi$i>-k(A zB9*oSfF^J02A{gop>DN;&S&!PCyQ7GS!^dG-14%*u&Q7RX4)vp$Sf#cXx}q=pFMu^ z=$pVz1$TaZ_~g(f<%JG@8f-n2kMj8opc63fd%_!Alc6J%QARqPkr9~8QHFN4EF z=YE+uiT9xmJfB6TYl#jd%^N6g_ac?#sKg~7gPYFiIiJOJ#s_cWgw>!|SnPAO3z1%L zxZ#?sQc-GjJ*k}&29-1sTxSX=3@L27*m?>vEe_O&0T|k?8UP}3Bw+X2=_9wOQzD?K z$G4OA$jR(YE!uMT4vYo^R^-O8c&yBLe~K5DCavf6&6~lIJ)a(!h|kc;hdv@&vZ%yG zbvCjIf^Ym<`Ld>P`19Gar+*|_8Ml*%Ce3mbHBU**35Vys_n63ACx;&{RJHJo_@>ej zM@C|;5CQg;r@WDcY-`%#s6;vf>R7~BI#s~Wj4{m1h*dwE?;mv{b?6M`g2V)5nZvzk zen!HMy5U}ye$jJY`Nuk9Sh=-eW!7}ylN)Kc0>fo?iX>C{oTAF{DEh<06mOGO#}(!H;&1MK!X8 zY_kk#%9e2Il;M8V?k&Rp2jzs>ns-BnKglExQ9x z)@-Q{Sdq+~f)u(7}@C4AGnpE(vJC|2QyV(j)xpQ%6S zk^%GEjr@=T-LU!8mZ*=yan*-CgN-gV_W>8*klI@3WjVdovl`H*;rx3^z?~LRdZ-^@ z{0fWaEyC98{Fy|3_(6;kgOGBU!U%t-Z!5fcoQ9s>tG1pyb8PnFo?|i% zGR5(5_}mRx|AXX25+;#G^pVD~S@`=7G$^h;_w?0`JUBgxr{h~RjV!4bukXDe7rHBR z-~$Sbl*D;;`P4!`KP(D1vLZb4hkCc{AKZ0C4 z9bb}pmDI<1qjN*J`K?^MK&TOyp+^BMNxZyS>CL%aV##~e(=qaql_t3ed z&?30#yU<_!qqy*#OX(KfUEtNRl{L(wh|E*2+)z@)9#_Ure<5poUoWCqR_(u|o4 zhW2@t51o47HF(%BTtfbB6=A`8B|ohjXv%NpV;}{c*Ye>Meagd6B!@x->|54fzf0&V zd}I$E90_4dOoCq$;mkGz8zTY5f_JC?xGjbytG+xRn>UcxYHfTX!*x8``j~LpI-8ID zA2QZy(@fFC?cx(Gwxh{J2KF>ShcP@ZATU_2TgYlJCv6#tZjDHrE(X7X90Dq~zC)M+ ze4`C(VDKB<7e9=oO3F*Kgn^Qbk!8648u1OT@A&Roma3zHH2%flJM;UuG5Rm_P!@Y^Z~=SQ}aOU4V<25Q?X(fDdqf2*o;K3xBq#A7v4W%mXB?|M%+ z#?+d%N$Z9>AmzF@iMI$(G{Amiq)2b}#}Dr~hz^hhK3&6m*EkKglU?JuA(jES6o3oB|Zx3 zV}yf)Yn<@5!PAlA{{no5vp{Q-e^0TLd=L1X&w|1`X#dd;75Mz$d4ZMF@w8(%3LIRb z*MHo50B-y!l#I6v5l&=2#c>8kv>)_W6SzdKA=PDN%B*m3xM%)8S2!S6ePe8J#sgY z0Tf4_zXz^3*+%$e&c|cM6MzcrD7phBXd4>--M@%l=!Q~l+n(&c2~|veemZ5>Pa)`{ z66Ll!kPeU#fU-MXeLAtOv!~_#Lf5%cY-Tp?2-lx&aOc!fZx11#2+SeRus!T8^TEgo zz_*WhBYd`+N!oC>o_CH5K7AJ!r326XmSu|SbU!%AHu9wFSnqP~a?(8l%N0hiV9v>& zy4XonWS%y2VCy8|&vVrD8QO($qKXJB{7WQ75T2d-p6|6&%}z|bUcv+OXFOK@y3R08 z@Tz&FseraEWvTZ_N4TT?8kT?XRb^&DT7~?BE~fmkK<$bak;moCwdJqjVoB;L`xljg zg_+69aAuA0sE*43s;XQ!oKbcrtfcm}i16iDH`Pg#BG*ZZ;Yx~n!Z(hKLx`-kwE0rp zNU!xp&IPAb90H7zS7q;0RSjUAp!^_l`HQ~2@Lf(B6GXj}1XhK)C8Nap==d}EEm9OjfH{QXo6+q3TXwReCu$@2Cj(4|&E)-?7$X*NqG<=Le8Bp1~;=W;L^X1MWTT zN1xR`tG}~jS@#MmC+YoReecNt(#K)^&^iy8)QE_qY7scGMhd2;we|RH!*uGWhDBA? zXrimDh935I_1|x?K0oYgOUnIIrPF7aqpOF*X)hMlSy+blEasYy_>tk{7c^!_HIuWw z5@l{Jtx|`${ad2`!>aThll1p^1Rta#9>L{B8kD4X*k0|@QU zdtcK)`kFlt`EqbTJca$OK7p(b9RBp?b7~KZC=sJ`l2Tu~GhhDv{6uv}OG%4cMba@d zP(2)i6zoz+=fWHl-izEN<-1{F|F+tcaf%bEEza(rkNSqU?Vskn<`^z)cXhb2scmHoNat`h9TFjw2OWUHTSE;E8$G)o}Yf^Tt`r5m0V0E>0VWL?KCo0vqH>mx^OC| zuV_=f3%koA%8$Ebo?OVkBg*k!1=!hPgedHCbuPACTDKjb#&;S}$T^KlOoG*P>{;sD4Sief(<%)H^{@!r$GUH-&_B3|~iEtHhZvd+= z=Eo%(FFC%F)tddqHhj|k+k&Nnv+Z%cBYSnPvy4se>c?7H>7ua9rgH*x2Py4&MLA#n zRdZU5l5dT*P~G`80Yhi3m50so2figFOTyc$@~aJjDO=;tJ!_#~I+qtMj}-N)E0n>^ zXid|c`#?ohJ&JLs+b`9p`3A1j@P3^Ls#*J!Uk5~Nal@$8Q*g+bcbbL|-upacdcD?u zt<0*107K%lxpR*~8`GJwsuH)ir`DwZaxoyq{mIYmMqxw!^|gzmve;lx1mxR`E+A>m z{k4zPuj;IypSSgeMorM8@HTq+*o-2==&HkP72rR?tNNaAT3B}!3lh$HtXmc?20fzaCfNi zz_LfcvloRqombbi*2&R@`YDmqY!Kcf-tPYJ874IO9C!^<2~NYW58D@nIji*kr5jJK zWTX4*T{ZhII}Nppbc%Lo2lCL4kB*K~99?s?EwNn+XU|UByCi70Pp4LX6#}Ivthp-B zkA**nwAa@V%Rhg2;Z&95MY>MHJ)m$j#$SN}Y$Lb&6x760!CLFS9OLGgWYo}PRp&5< zkFzakyFMJf;P-)O`!b^pNzhu+o}Z2h7~X{9!q^*{&0ii}u4Wn~xLX=U*| z0cRqda}P;QrOhwXb|2@p=WVG-qL~s!HQ+^M=2dX9yo^eQ$jD@EvXU}z6~|UJdOMY| z;@H`DD_a_lmuxDHWF~#C;YNG?wh+obQ>L{fxUoG3CETP5x-_G#X=4*FGq8S5OWDP= ztm#blLYL_Y_mRo)xQ__M!%WrZyhXSehTBG(+nFWMf}S~NqD_`p#yzMRx-H5U*b58; zxK(@=1*z+sS)c^YlK!#N$6xoZAQO_GOlB7mHkwXm3Vx;Ij%$YU1vObo=GJe)eYd-dzB|i~AVD9~Bob28-#){-h z%oq^qjL##bKO9nwGnHqh_%Kwk+Z|un2PQ_Zz!6U)Zdov$2LsJjAN;sk3F54Ria>`e zv}@b>9u2e1sN$Om11(O`s~_Mi%BxAt>CxvT88!QqMk?@@4ysP^&x6AC)|Qt>f2;NL zU(;S9J4`}$`*NDL{V(7q%w2#IuFw`%8ejIMrZuTh1*!c%>gFN5GUG`3Ha61v_# zoe?7%_hh$GZrj=B?NKSRefN1F<7-i9a!BAib?81_yDZb%N|(jbB|{M@l%UH(A{?^w zY>FPq{bKrSVCfWnMFGbwH@`5@fr6=8?FL86kma+&hc{hl)lPhmU4!Yc<+22;*&7PJjnA7>Cgoo39pWYF^9QJCVpt) z0JE^DXL(U`p{h+No@7!ld4U;7&rL6qo!?QK7=!aY{f8fnLYJK2QDy!)-{K}nk zBy-ao^eIbySOd=xL?C`po6|XI=l?>fC6zm1jTCE2mU+yFRj|*QZP7)z@&IrXQKzan zws#w6DC#n0BUgtU@6d|Rh=mwphYM@Qp11JrIBW}s924f)$@K@foexsCfvCBv2i5N|>4peK(q| zxhTz|_rxV$h9k1_M9|7XlhI|n&0=?4KJ|DD)+nXR%~WU>`#U{MuNtJ^muWj1Zc$tD zQ)p9WaOKU+itDy${WYehJucndIlV+v}U^m0Aal!)dhs7;v|{h`qfeQpt&OobCOOC9AkL;9&nUk-tq#!jj-Sfpncyh4Z~n~ zo@a#jdJyqzPg4qXQPx_-N$0Ysa}}@QY0HmjJpqzmRHg>iqT$)yIm5>8ve8(Wf_L`q zB$laCLFv@!wuvuZsGHt|Q@fzhW@F@+v|`fb;%d_L63kXi_8g;T*x7j{ypO~%kjoof z$XmdW(D9@mEn8kyNv2RYUWd85q#+M3}L`^b(8dcDD~z`i57ZJ2&k#9YVKd_CJ!NeU7T=3_%15cOSCa zb@5fbpAj4Bo#L6|qPKhZ34BWAnM0+Hs_JrxJv$a6KP}DKCznxh_EWwv9wHFFz=A<( zzMmrIe_Nay+fbk_eF}`7(UXu(Qnb8s>$y0)eO?|=45Y}yG6p|dHjnx!!k*Kb+E>d5 z*wsPgIn1#`e2HdiV^)%g)dXm*CMx7;tv~i&p$)u`lP}DX;{q95s2daewXZ`}aW$fFFWX Date: Sat, 29 Aug 2020 18:25:44 +0500 Subject: [PATCH 03/16] Update hello-hybrid-aadj-sso-base.md --- .../hello-for-business/hello-hybrid-aadj-sso-base.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index e9c5fe59e6..4fa728cea5 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -306,15 +306,13 @@ Sign-in a workstation with access equivalent to a _domain user_. 3. Click **Enroll devices**. 4. Click **Windows enrollment** 5. Under **Windows enrollment**, click **Windows Hello for Business**. - ![Create Intune Windows Hello for Business Policy](images/aadj/IntuneWHFBPolicy-00.png) + ![Create Windows Hello for Business Policy](images/aadj/MEM.png) 6. Select **Enabled** from the **Configure Windows Hello for Business** list. 7. Select **Required** next to **Use a Trusted Platform Module (TPM)**. By default, Windows Hello for Business prefers TPM 2.0 or falls backs to software. Choosing **Required** forces Windows Hello for Business to only use TPM 2.0 or TPM 1.2 and does not allow fall back to software based keys. 8. Type the desired **Minimum PIN length** and **Maximum PIN length**. > [!IMPORTANT] > The default minimum PIN length for Windows Hello for Business on Windows 10 is 6. Microsoft Intune defaults the minimum PIN length to 4, which reduces the security of the user's PIN. If you do not have a desired PIN length, set the minimum PIN length to 6. -![Intune Windows Hello for Business policy settings](images/aadj/IntuneWHFBPolicy-01.png) - 9. Select the appropriate configuration for the following settings. * **Lowercase letters in PIN** * **Uppercase letters in PIN** From c5ac249e84634a21a2b8ca5b52d161ac7a9012f4 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 30 Aug 2020 16:38:57 +0500 Subject: [PATCH 04/16] Update windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-aadj-sso-base.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 4fa728cea5..41ea919388 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -304,7 +304,7 @@ Sign-in a workstation with access equivalent to a _domain user_. 1. Sign-in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/). 2. Select **Devices**. 3. Click **Enroll devices**. -4. Click **Windows enrollment** +4. Select **Windows enrollment**. 5. Under **Windows enrollment**, click **Windows Hello for Business**. ![Create Windows Hello for Business Policy](images/aadj/MEM.png) 6. Select **Enabled** from the **Configure Windows Hello for Business** list. From 37040d327f2fe45e2f78b0677836f47e5ab66803 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 30 Aug 2020 16:39:12 +0500 Subject: [PATCH 05/16] Update windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-aadj-sso-base.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 41ea919388..3e9d7ffd7c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -308,7 +308,7 @@ Sign-in a workstation with access equivalent to a _domain user_. 5. Under **Windows enrollment**, click **Windows Hello for Business**. ![Create Windows Hello for Business Policy](images/aadj/MEM.png) 6. Select **Enabled** from the **Configure Windows Hello for Business** list. -7. Select **Required** next to **Use a Trusted Platform Module (TPM)**. By default, Windows Hello for Business prefers TPM 2.0 or falls backs to software. Choosing **Required** forces Windows Hello for Business to only use TPM 2.0 or TPM 1.2 and does not allow fall back to software based keys. +7. Select **Required** next to **Use a Trusted Platform Module (TPM)**. By default, Windows Hello for Business prefers TPM 2.0 or falls backs to software. Choosing **Required** forces Windows Hello for Business to only use TPM 2.0 or TPM 1.2 and does not allow fall back to software-based keys. 8. Type the desired **Minimum PIN length** and **Maximum PIN length**. > [!IMPORTANT] > The default minimum PIN length for Windows Hello for Business on Windows 10 is 6. Microsoft Intune defaults the minimum PIN length to 4, which reduces the security of the user's PIN. If you do not have a desired PIN length, set the minimum PIN length to 6. From 53e85fe9885103e67539fcebafb87839fe9726ab Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 30 Aug 2020 16:39:20 +0500 Subject: [PATCH 06/16] Update windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-aadj-sso-base.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 3e9d7ffd7c..1691111db2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -309,7 +309,7 @@ Sign-in a workstation with access equivalent to a _domain user_. ![Create Windows Hello for Business Policy](images/aadj/MEM.png) 6. Select **Enabled** from the **Configure Windows Hello for Business** list. 7. Select **Required** next to **Use a Trusted Platform Module (TPM)**. By default, Windows Hello for Business prefers TPM 2.0 or falls backs to software. Choosing **Required** forces Windows Hello for Business to only use TPM 2.0 or TPM 1.2 and does not allow fall back to software-based keys. -8. Type the desired **Minimum PIN length** and **Maximum PIN length**. +8. Enter the desired **Minimum PIN length** and **Maximum PIN length**. > [!IMPORTANT] > The default minimum PIN length for Windows Hello for Business on Windows 10 is 6. Microsoft Intune defaults the minimum PIN length to 4, which reduces the security of the user's PIN. If you do not have a desired PIN length, set the minimum PIN length to 6. From 2b94e6fc22a0d0a323605a50bfb4bf8b4ca99139 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 30 Aug 2020 16:39:28 +0500 Subject: [PATCH 07/16] Update windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-aadj-sso-base.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 1691111db2..7713dff6d3 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -313,7 +313,7 @@ Sign-in a workstation with access equivalent to a _domain user_. > [!IMPORTANT] > The default minimum PIN length for Windows Hello for Business on Windows 10 is 6. Microsoft Intune defaults the minimum PIN length to 4, which reduces the security of the user's PIN. If you do not have a desired PIN length, set the minimum PIN length to 6. -9. Select the appropriate configuration for the following settings. +9. Select the appropriate configuration for the following settings: * **Lowercase letters in PIN** * **Uppercase letters in PIN** * **Special characters in PIN** From be5b9a2a0bef98d61b7abc8da8d274943bc4eed9 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 30 Aug 2020 16:39:37 +0500 Subject: [PATCH 08/16] Update windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-aadj-sso-base.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 7713dff6d3..3f505dd143 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -323,7 +323,7 @@ Sign-in a workstation with access equivalent to a _domain user_. > The Windows Hello for Business PIN is not a symmetric key (a password). A copy of the current PIN is not stored locally or on a server like in the case of passwords. Making the PIN as complex and changed frequently as a password increases the likelihood of forgotten PINs. Additionally, enabling PIN history is the only scenario that requires Windows 10 to store older PIN combinations (protected to the current PIN). Windows Hello for Business combined with a TPM provides anti-hammering functionality that prevents brute force attacks of the user's PIN. If you are concerned with user-to-user shoulder surfacing, rather that forcing complex PIN that change frequently, consider using the [Multifactor Unlock](feature-multifactor-unlock.md) feature. 10. Select **Yes** next to **Allow biometric authentication** if you want to allow users to use biometrics (fingerprint and/or facial recognition) to unlock the device. To further secure the use of biometrics, select **Yes** to **Use enhanced anti-spoofing, when available**. -11. Select **No** to **Allow phone sign-in**. This feature has been deprecated. +11. Select **No** to **Allow phone sign-in**. This feature has been deprecated. 12. Click **Save** 13. Sign-out of the Microsoft Endpoint Manager admin center. From 63084c6f3f25497963a17efc6dc4e762d6e0f39c Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 30 Aug 2020 16:39:47 +0500 Subject: [PATCH 09/16] Update windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-aadj-sso-base.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 3f505dd143..b91cf9dba8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -324,7 +324,7 @@ Sign-in a workstation with access equivalent to a _domain user_. 10. Select **Yes** next to **Allow biometric authentication** if you want to allow users to use biometrics (fingerprint and/or facial recognition) to unlock the device. To further secure the use of biometrics, select **Yes** to **Use enhanced anti-spoofing, when available**. 11. Select **No** to **Allow phone sign-in**. This feature has been deprecated. -12. Click **Save** +12. Choose **Save**. 13. Sign-out of the Microsoft Endpoint Manager admin center. > [!IMPORTANT] From 34dc21c2ebd8861c804f908d9f7d811824c0f8ec Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 30 Aug 2020 16:41:28 +0500 Subject: [PATCH 10/16] Update windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-aadj-sso-base.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index b91cf9dba8..f933e513ee 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -325,7 +325,7 @@ Sign-in a workstation with access equivalent to a _domain user_. 10. Select **Yes** next to **Allow biometric authentication** if you want to allow users to use biometrics (fingerprint and/or facial recognition) to unlock the device. To further secure the use of biometrics, select **Yes** to **Use enhanced anti-spoofing, when available**. 11. Select **No** to **Allow phone sign-in**. This feature has been deprecated. 12. Choose **Save**. -13. Sign-out of the Microsoft Endpoint Manager admin center. +13. Sign out of the Microsoft Endpoint Manager admin center. > [!IMPORTANT] > For more details about the actual experience after everything has been configured, please see [Windows Hello for Business and Authentication](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication). From fa6a13733977975fe585cad1868df1bde8750e53 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 30 Aug 2020 16:41:36 +0500 Subject: [PATCH 11/16] Update windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-aadj-sso-base.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index f933e513ee..8e614d8c3a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -301,7 +301,7 @@ A **Trusted Certificate** device configuration profile is how you deploy trusted Sign-in a workstation with access equivalent to a _domain user_. -1. Sign-in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/). +1. Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/). 2. Select **Devices**. 3. Click **Enroll devices**. 4. Select **Windows enrollment**. From 25a16d7b5be9be62ef41ef08c35fc74a72a39ca0 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 30 Aug 2020 16:41:44 +0500 Subject: [PATCH 12/16] Update windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-aadj-sso-base.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 8e614d8c3a..5fb3572002 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -303,7 +303,7 @@ Sign-in a workstation with access equivalent to a _domain user_. 1. Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/). 2. Select **Devices**. -3. Click **Enroll devices**. +3. Choose **Enroll devices**. 4. Select **Windows enrollment**. 5. Under **Windows enrollment**, click **Windows Hello for Business**. ![Create Windows Hello for Business Policy](images/aadj/MEM.png) From f2b37bb9293663329836bcefff6140946c74224c Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 30 Aug 2020 16:41:51 +0500 Subject: [PATCH 13/16] Update windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-aadj-sso-base.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 5fb3572002..062527d00d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -305,7 +305,7 @@ Sign-in a workstation with access equivalent to a _domain user_. 2. Select **Devices**. 3. Choose **Enroll devices**. 4. Select **Windows enrollment**. -5. Under **Windows enrollment**, click **Windows Hello for Business**. +5. Under **Windows enrollment**, select **Windows Hello for Business**. ![Create Windows Hello for Business Policy](images/aadj/MEM.png) 6. Select **Enabled** from the **Configure Windows Hello for Business** list. 7. Select **Required** next to **Use a Trusted Platform Module (TPM)**. By default, Windows Hello for Business prefers TPM 2.0 or falls backs to software. Choosing **Required** forces Windows Hello for Business to only use TPM 2.0 or TPM 1.2 and does not allow fall back to software-based keys. From cb07d7456c71403de562ce66db7340e4ee25af0e Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 30 Aug 2020 16:41:59 +0500 Subject: [PATCH 14/16] Update windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-aadj-sso-base.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 062527d00d..1702d87fb2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -311,7 +311,7 @@ Sign-in a workstation with access equivalent to a _domain user_. 7. Select **Required** next to **Use a Trusted Platform Module (TPM)**. By default, Windows Hello for Business prefers TPM 2.0 or falls backs to software. Choosing **Required** forces Windows Hello for Business to only use TPM 2.0 or TPM 1.2 and does not allow fall back to software-based keys. 8. Enter the desired **Minimum PIN length** and **Maximum PIN length**. > [!IMPORTANT] - > The default minimum PIN length for Windows Hello for Business on Windows 10 is 6. Microsoft Intune defaults the minimum PIN length to 4, which reduces the security of the user's PIN. If you do not have a desired PIN length, set the minimum PIN length to 6. + > The default minimum PIN length for Windows Hello for Business on Windows 10 is six. Microsoft Intune defaults the minimum PIN length to four, which reduces the security of the user's PIN. If you do not have a desired PIN length, set the minimum PIN length to six. 9. Select the appropriate configuration for the following settings: * **Lowercase letters in PIN** From 065409eaa060c680ba5fd0bf633ad806ac82731f Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 30 Aug 2020 16:42:10 +0500 Subject: [PATCH 15/16] Update windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-aadj-sso-base.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 1702d87fb2..ea9a52eb2d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -322,7 +322,7 @@ Sign-in a workstation with access equivalent to a _domain user_. > [!NOTE] > The Windows Hello for Business PIN is not a symmetric key (a password). A copy of the current PIN is not stored locally or on a server like in the case of passwords. Making the PIN as complex and changed frequently as a password increases the likelihood of forgotten PINs. Additionally, enabling PIN history is the only scenario that requires Windows 10 to store older PIN combinations (protected to the current PIN). Windows Hello for Business combined with a TPM provides anti-hammering functionality that prevents brute force attacks of the user's PIN. If you are concerned with user-to-user shoulder surfacing, rather that forcing complex PIN that change frequently, consider using the [Multifactor Unlock](feature-multifactor-unlock.md) feature. -10. Select **Yes** next to **Allow biometric authentication** if you want to allow users to use biometrics (fingerprint and/or facial recognition) to unlock the device. To further secure the use of biometrics, select **Yes** to **Use enhanced anti-spoofing, when available**. +10. Select **Yes** next to **Allow biometric authentication** if you want to allow users to use biometrics (fingerprint and/or facial recognition) to unlock the device. To further secure the use of biometrics, select **Yes** to **Use enhanced anti-spoofing, when available**. 11. Select **No** to **Allow phone sign-in**. This feature has been deprecated. 12. Choose **Save**. 13. Sign out of the Microsoft Endpoint Manager admin center. From a4a57bab3cf2bdda2740a0e7d8d511e1f1f97968 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sun, 30 Aug 2020 16:42:18 +0500 Subject: [PATCH 16/16] Update windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-aadj-sso-base.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index ea9a52eb2d..d95d915f91 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -319,6 +319,7 @@ Sign-in a workstation with access equivalent to a _domain user_. * **Special characters in PIN** * **PIN expiration (days)** * **Remember PIN history** + > [!NOTE] > The Windows Hello for Business PIN is not a symmetric key (a password). A copy of the current PIN is not stored locally or on a server like in the case of passwords. Making the PIN as complex and changed frequently as a password increases the likelihood of forgotten PINs. Additionally, enabling PIN history is the only scenario that requires Windows 10 to store older PIN combinations (protected to the current PIN). Windows Hello for Business combined with a TPM provides anti-hammering functionality that prevents brute force attacks of the user's PIN. If you are concerned with user-to-user shoulder surfacing, rather that forcing complex PIN that change frequently, consider using the [Multifactor Unlock](feature-multifactor-unlock.md) feature.