From 571d0f08c22cdceea132970ef7f92b19b4dd322c Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Fri, 22 Dec 2023 11:18:09 -0500
Subject: [PATCH] Update links to device configuration policy
---
...blishing.redirection.windows-security.json | 140 ++++++++++++++++++
.../hello-for-business/deploy/cloud.md | 2 +-
.../deploy/hybrid-cert-trust-enroll.md | 4 +-
.../hybrid-cloud-kerberos-trust-enroll.md | 4 +-
.../hello-for-business/how-it-works.md | 2 +-
5 files changed, 146 insertions(+), 6 deletions(-)
diff --git a/.openpublishing.redirection.windows-security.json b/.openpublishing.redirection.windows-security.json
index 4d5a16a8af..36a0c0e0a6 100644
--- a/.openpublishing.redirection.windows-security.json
+++ b/.openpublishing.redirection.windows-security.json
@@ -8184,6 +8184,146 @@
"source_path": "windows/security/identity-protection/hello-for-business/hello-identity-verification.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/requirements",
"redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/cloud",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust-enroll",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-provision.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-enroll",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-validate-pki.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-pki",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/hello-deployment-guide.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-adfs",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-enroll",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-mfa",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-pki",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/hello-identity-verification.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-mfa.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-adfs",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-mfa.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-adfs",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/deploy/requirements.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/multifactor-unlock",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/hello-and-password-changes.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works-authentication",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works-provisioning",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/glossary",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/policy-settings",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/hello-planning-guide.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md",
+ "redirect_url": "/windows/security/identity-protection/hello-for-business/",
+ "redirect_document_id": false
}
]
}
\ No newline at end of file
diff --git a/windows/security/identity-protection/hello-for-business/deploy/cloud.md b/windows/security/identity-protection/hello-for-business/deploy/cloud.md
index 90bacb03c1..c5948dede4 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/cloud.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/cloud.md
@@ -54,6 +54,6 @@ The following method explains how to disable Windows Hello for Business enrollme
When disabled, users can't provision Windows Hello for Business. When set to Disabled, you can still configure the subsequent settings for Windows Hello for Business even though this policy won't enable Windows Hello for Business.
> [!NOTE]
-> This policy is only applied during new device enrollments. For currently enrolled devices, you can [set the same settings in a device configuration policy](../hello-manage-in-organization.md).
+> This policy is only applied during new device enrollments. For currently enrolled devices, you can [set the same settings in a device configuration policy](../configure.md).
diff --git a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-enroll.md b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-enroll.md
index 51c513dfb1..42e4e6c488 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-enroll.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-enroll.md
@@ -65,7 +65,7 @@ Sign-in a domain controller or management workstations with *Domain Admin* equiv
> [!NOTE]
> Windows Hello for Business can be configured using different policies. These policies are optional to configure, but it's recommended to enable *Use a hardware security device*.
>
-> For more information about these policies, see [Group Policy settings for Windows Hello for Business](../hello-manage-in-organization.md#group-policy-settings-for-windows-hello-for-business).
+> For more information about these policies, see [Group Policy settings for Windows Hello for Business](../configure.md#group-policy-settings-for-windows-hello-for-business).
### Configure security for GPO
@@ -139,7 +139,7 @@ To configure Windows Hello for Business using an *account protection* policy:
1. Specify a **Name** and, optionally, a **Description** > **Next**
1. Under *Block Windows Hello for Business*, select **Disabled** and multiple policies become available
- These policies are optional to configure, but it's recommended to configure *Enable to use a Trusted Platform Module (TPM)* to **Yes**
- - For more information about these policies, see [MDM policy settings for Windows Hello for Business](../hello-manage-in-organization.md#mdm-policy-settings-for-windows-hello-for-business)
+ - For more information about these policies, see [MDM policy settings for Windows Hello for Business](../configure.md#mdm-policy-settings-for-windows-hello-for-business)
1. Under *Enable to certificate for on-premises resources*, select **YES**
1. Select **Next**
1. Optionally, add *scope tags* > **Next**
diff --git a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust-enroll.md b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust-enroll.md
index 97ac12626e..d562cb38cc 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust-enroll.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust-enroll.md
@@ -64,7 +64,7 @@ To configure Windows Hello for Business using an account protection policy:
1. Specify a **Name** and, optionally, a **Description** > **Next**.
1. Under **Block Windows Hello for Business**, select **Disabled** and multiple policies become available.
- These policies are optional to configure, but it's recommended to configure **Enable to use a Trusted Platform Module (TPM)** to **Yes**.
- - For more information about these policies, see [MDM policy settings for Windows Hello for Business](../hello-manage-in-organization.md#mdm-policy-settings-for-windows-hello-for-business).
+ - For more information about these policies, see [MDM policy settings for Windows Hello for Business](../configure.md#mdm-policy-settings-for-windows-hello-for-business).
1. Under **Enable to certificate for on-premises resources**, select **Not configured**
1. Select **Next**.
1. Optionally, add **scope tags** and select **Next**.
@@ -114,7 +114,7 @@ You can configure the Enable Windows Hello for Business Group Policy setting for
Cloud Kerberos trust requires setting a dedicated policy for it to be enabled. This policy is only available as a computer configuration.
> [!NOTE]
-> If you deployed Windows Hello for Business configuration using both Group Policy and Microsoft Intune, Group Policy settings will take precedence and Intune settings will be ignored. For more information about deploying Windows Hello for Business configuration using Microsoft Intune, see [Windows device settings to enable Windows Hello for Business in Intune][MEM-1] and [PassportForWork CSP](/windows/client-management/mdm/passportforwork-csp). For more information about policy conflicts, see [Policy conflicts from multiple policy sources](../hello-manage-in-organization.md#policy-conflicts-from-multiple-policy-sources).
+> If you deployed Windows Hello for Business configuration using both Group Policy and Microsoft Intune, Group Policy settings will take precedence and Intune settings will be ignored. For more information about deploying Windows Hello for Business configuration using Microsoft Intune, see [Windows device settings to enable Windows Hello for Business in Intune][MEM-1] and [PassportForWork CSP](/windows/client-management/mdm/passportforwork-csp). For more information about policy conflicts, see [Policy conflicts from multiple policy sources](../configure.md#policy-conflicts-from-multiple-policy-sources).
#### Update administrative templates
diff --git a/windows/security/identity-protection/hello-for-business/how-it-works.md b/windows/security/identity-protection/hello-for-business/how-it-works.md
index b05fb8f4be..daf872a56b 100644
--- a/windows/security/identity-protection/hello-for-business/how-it-works.md
+++ b/windows/security/identity-protection/hello-for-business/how-it-works.md
@@ -49,7 +49,7 @@ Windows Hello provides many benefits, including:
- It helps to strengthen your protections against credential theft. Because an attacker must have both the device and the biometric info or PIN, it's much more difficult to gain access without the employee's knowledge.
- Employees get a simple authentication method (backed up with a PIN) that's always with them, so there's nothing to lose. No more forgetting passwords!
-- Support for Windows Hello is built into the operating system so you can add additional biometric devices and policies as part of a coordinated rollout or to individual employees or groups using Group Policy or Mobile Device Management (MDM) configurations service provider (CSP) policies.
For more info about the available Group Policies and MDM CSPs, see the [Implement Windows Hello for Business in your organization](hello-manage-in-organization.md) topic.
+- Support for Windows Hello is built into the operating system so you can add additional biometric devices and policies as part of a coordinated rollout or to individual employees or groups using Group Policy or Mobile Device Management (MDM) configurations service provider (CSP) policies.
For more info about the available Group Policies and MDM CSPs, see the [Implement Windows Hello for Business in your organization](configure.md) topic.
## Where is Windows Hello data stored?