deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 12:53:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update authentication requirements for Microsoft Entra ID

Browse Source
This commit is contained in:
Paolo Matarazzo
2024-01-05 18:15:57 -05:00
parent d03e2934df
commit 556332c43d
2 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
windows/security/identity-protection/hello-for-business/deploy/index.md
View File

@ -107,21 +107,21 @@ Cloud Kerberos trust is the only hybrid deployment option that doesn't require t
## Authentication to Microsoft Entra ID
Users can authenticate to Microsoft Entra ID using federated authentication or cloud (nonfederated) authentication. Requirements vary based on trust type and authentication type:
Users can authenticate to Microsoft Entra ID using federated authentication or cloud (nonfederated) authentication. Requirements vary based on trust type:
| | Deployment model | Trust type | Authentication to Microsoft Entra ID | Requirements |
|--|--|--|--|--|
| **🔲** | **Cloud-only** | n/a | Cloud authentication | n/a |
| **🔲** | **Cloud-only** | n/a | Federated authentication | third-party federation service |
| **🔲** | **Hybrid** | Cloud Kerberos trust | Cloud authentication | Microsoft Entra Kerberos |
| **🔲** | **Cloud-only** | n/a | Federated authentication | Third-party federation service |
| **🔲** | **Hybrid** | Cloud Kerberos trust | Cloud authentication | Password hash sync (PHS) or Pass-through authentication (PTA) |
| **🔲** | **Hybrid** | Cloud Kerberos trust | Federated authentication | AD FS or third-party federation service |
| **🔲** | **Hybrid** | Key trust | Cloud authentication | Password hash sync (PHS) or Pass-through authentication (PTA) |
| **🔲** | **Hybrid** | Key trust | Federated authentication | AD FS or third-party federation service. Key trust with federated authentication doesn't support PTA or PHS |
| **🔲** | **Hybrid** | Certificate trust | non-federated | AD FS |
| **🔲** | **Hybrid** | Certificate trust | federated | AD FS |
| **🔲** | **Hybrid** | Key trust | Federated authentication | AD FS or third-party federation service |
| **🔲** | **Hybrid** | Certificate trust | Federated authentication | This deployment model doesn't support PTA or PHS. Active Directory must be federated with Microsoft Entra ID using AD FS. The AD FS farm must support device registration.|
To learn more:
- [Federation with Microsoft Entra ID](/entra/identity/hybrid/connect/whatis-fed)
- [Federation with Microsoft Entra ID][ENTRA-10]
- [Password hash synchronization (PHS)][ENTRA-6]
- [Pass-through authentication (PTA)][ENTRA-7]
@ -321,6 +321,7 @@ Now that you've read about the different deployment options and requirements, yo
[ENTRA-7]: /entra/identity/hybrid/connect/how-to-connect-pta
[ENTRA-8]: /entra/identity/conditional-access/overview
[ENTRA-9]: /entra/identity/authentication/concept-mfa-licensing
[ENTRA-10]: /entra/identity/hybrid/connect/whatis-fed
[SER-1]: /windows-server/identity/ad-fs/operations/configure-ad-fs-2016-and-azure-mfa
[SER-2]: /windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs#microsoft-and-third-party-additional-authentication-methods

1
windows/security/identity-protection/hello-for-business/how-it-works.md
View File

@ -79,7 +79,6 @@ Windows Hello for Business is a distributed system that requires multiple techno
:::column-end:::
:::row-end:::
:::row:::
The following sections provide deeper insight into each of these components.