deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update Windows Hello for Business policy hierarchy

Browse Source
This commit is contained in:
Paolo Matarazzo 2024-02-12 18:42:01 +01:00
parent cb2bba9943
commit 4dbe49cedd
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
windows/security/identity-protection/hello-for-business/configure.md
View File

@ -22,14 +22,14 @@ Some of the Windows Hello for Business policies are available for both computer
- *User policies* take precedence over *computer policies*. If a user policy is set, the corresponded computer policy is ignored. If a user policy isn't set, the computer policy is used - *User policies* take precedence over *computer policies*. If a user policy is set, the corresponded computer policy is ignored. If a user policy isn't set, the computer policy is used
- Windows Hello for Business policy settings are enforced using the following hierarchy: - Windows Hello for Business policy settings are enforced using the following hierarchy:
- User GPO - User - GPO
- Computer GPO - Computer - GPO
- User MDM (PassportForWork CSP) - User - PassportForWork CSP
- Device MDM (PassportForWork CSP) - Device - PassportForWork CSP
- Exchange Active Sync (DeviceLock CSP) - Exchange Active Sync - [DeviceLock CSP](/windows/client-management/mdm/policy-csp-devicelock)
>[!IMPORTANT] >[!IMPORTANT]
>If you configure password length and complexity settings defined by the [DeviceLock CSP](/windows/client-management/mdm/policy-csp-devicelock), and PIN length and complexity settings defined by the PassportForWork CSP, Windows enforces the strictest policy out of the set of governing policies. >If you configure password length and complexity settings defined by the DeviceLock CSP, and PIN length and complexity settings defined by the PassportForWork CSP, Windows enforces the strictest policy out of the set of governing policies.
> >
>The DeviceLock CSP utilizes the Exchange ActiveSync Policy (EAS) engine. For more information, see [Exchange ActiveSync Policy Engine Overview](/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn282287(v=ws.11)). >The DeviceLock CSP utilizes the Exchange ActiveSync Policy (EAS) engine. For more information, see [Exchange ActiveSync Policy Engine Overview](/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn282287(v=ws.11)).