deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 05:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update links to device configuration policy

Browse Source
This commit is contained in:
Paolo Matarazzo 2023-12-22 11:18:09 -05:00
parent 08d7fe62bb
commit 571d0f08c2
5 changed files with 146 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
.openpublishing.redirection.windows-security.json
View File

@ -8184,6 +8184,146 @@
"source_path": "windows/security/identity-protection/hello-for-business/hello-identity-verification.md", "source_path": "windows/security/identity-protection/hello-for-business/hello-identity-verification.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/requirements", "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/requirements",
"redirect_document_id": false "redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/cloud",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust-enroll",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-provision.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-enroll",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-validate-pki.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-pki",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/hello-deployment-guide.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-adfs",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-enroll",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-mfa",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-pki",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/hello-identity-verification.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-mfa.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-adfs",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-mfa.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-adfs",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/deploy/requirements.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/multifactor-unlock",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/hello-and-password-changes.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works-authentication",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/how-it-works-provisioning",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/glossary",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/policy-settings",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/hello-planning-guide.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/",
"redirect_document_id": false
},
{
"source_path": "windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md",
"redirect_url": "/windows/security/identity-protection/hello-for-business/",
"redirect_document_id": false
} }
] ]
} }

2
windows/security/identity-protection/hello-for-business/deploy/cloud.md
View File

@ -54,6 +54,6 @@ The following method explains how to disable Windows Hello for Business enrollme
When disabled, users can't provision Windows Hello for Business. When set to Disabled, you can still configure the subsequent settings for Windows Hello for Business even though this policy won't enable Windows Hello for Business. When disabled, users can't provision Windows Hello for Business. When set to Disabled, you can still configure the subsequent settings for Windows Hello for Business even though this policy won't enable Windows Hello for Business.
> [!NOTE] > [!NOTE]
> This policy is only applied during new device enrollments. For currently enrolled devices, you can [set the same settings in a device configuration policy](../hello-manage-in-organization.md). > This policy is only applied during new device enrollments. For currently enrolled devices, you can [set the same settings in a device configuration policy](../configure.md).

4
windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-enroll.md
View File

@ -65,7 +65,7 @@ Sign-in a domain controller or management workstations with *Domain Admin* equiv
> [!NOTE] > [!NOTE]
> Windows Hello for Business can be configured using different policies. These policies are optional to configure, but it's recommended to enable *Use a hardware security device*. > Windows Hello for Business can be configured using different policies. These policies are optional to configure, but it's recommended to enable *Use a hardware security device*.
> >
> For more information about these policies, see [Group Policy settings for Windows Hello for Business](../hello-manage-in-organization.md#group-policy-settings-for-windows-hello-for-business). > For more information about these policies, see [Group Policy settings for Windows Hello for Business](../configure.md#group-policy-settings-for-windows-hello-for-business).
### Configure security for GPO ### Configure security for GPO
@ -139,7 +139,7 @@ To configure Windows Hello for Business using an *account protection* policy:
1. Specify a **Name** and, optionally, a **Description** > **Next** 1. Specify a **Name** and, optionally, a **Description** > **Next**
1. Under *Block Windows Hello for Business*, select **Disabled** and multiple policies become available 1. Under *Block Windows Hello for Business*, select **Disabled** and multiple policies become available
- These policies are optional to configure, but it's recommended to configure *Enable to use a Trusted Platform Module (TPM)* to **Yes** - These policies are optional to configure, but it's recommended to configure *Enable to use a Trusted Platform Module (TPM)* to **Yes**
- For more information about these policies, see [MDM policy settings for Windows Hello for Business](../hello-manage-in-organization.md#mdm-policy-settings-for-windows-hello-for-business) - For more information about these policies, see [MDM policy settings for Windows Hello for Business](../configure.md#mdm-policy-settings-for-windows-hello-for-business)
1. Under *Enable to certificate for on-premises resources*, select **YES** 1. Under *Enable to certificate for on-premises resources*, select **YES**
1. Select **Next** 1. Select **Next**
1. Optionally, add *scope tags* > **Next** 1. Optionally, add *scope tags* > **Next**

4
windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust-enroll.md
View File

@ -64,7 +64,7 @@ To configure Windows Hello for Business using an account protection policy:
1. Specify a **Name** and, optionally, a **Description** > **Next**. 1. Specify a **Name** and, optionally, a **Description** > **Next**.
1. Under **Block Windows Hello for Business**, select **Disabled** and multiple policies become available. 1. Under **Block Windows Hello for Business**, select **Disabled** and multiple policies become available.
- These policies are optional to configure, but it's recommended to configure **Enable to use a Trusted Platform Module (TPM)** to **Yes**. - These policies are optional to configure, but it's recommended to configure **Enable to use a Trusted Platform Module (TPM)** to **Yes**.
- For more information about these policies, see [MDM policy settings for Windows Hello for Business](../hello-manage-in-organization.md#mdm-policy-settings-for-windows-hello-for-business). - For more information about these policies, see [MDM policy settings for Windows Hello for Business](../configure.md#mdm-policy-settings-for-windows-hello-for-business).
1. Under **Enable to certificate for on-premises resources**, select **Not configured** 1. Under **Enable to certificate for on-premises resources**, select **Not configured**
1. Select **Next**. 1. Select **Next**.
1. Optionally, add **scope tags** and select **Next**. 1. Optionally, add **scope tags** and select **Next**.
@ -114,7 +114,7 @@ You can configure the Enable Windows Hello for Business Group Policy setting for
Cloud Kerberos trust requires setting a dedicated policy for it to be enabled. This policy is only available as a computer configuration. Cloud Kerberos trust requires setting a dedicated policy for it to be enabled. This policy is only available as a computer configuration.
> [!NOTE] > [!NOTE]
> If you deployed Windows Hello for Business configuration using both Group Policy and Microsoft Intune, Group Policy settings will take precedence and Intune settings will be ignored. For more information about deploying Windows Hello for Business configuration using Microsoft Intune, see [Windows device settings to enable Windows Hello for Business in Intune][MEM-1] and [PassportForWork CSP](/windows/client-management/mdm/passportforwork-csp). For more information about policy conflicts, see [Policy conflicts from multiple policy sources](../hello-manage-in-organization.md#policy-conflicts-from-multiple-policy-sources). > If you deployed Windows Hello for Business configuration using both Group Policy and Microsoft Intune, Group Policy settings will take precedence and Intune settings will be ignored. For more information about deploying Windows Hello for Business configuration using Microsoft Intune, see [Windows device settings to enable Windows Hello for Business in Intune][MEM-1] and [PassportForWork CSP](/windows/client-management/mdm/passportforwork-csp). For more information about policy conflicts, see [Policy conflicts from multiple policy sources](../configure.md#policy-conflicts-from-multiple-policy-sources).
#### Update administrative templates #### Update administrative templates

2
windows/security/identity-protection/hello-for-business/how-it-works.md
View File

@ -49,7 +49,7 @@ Windows Hello provides many benefits, including:
- It helps to strengthen your protections against credential theft. Because an attacker must have both the device and the biometric info or PIN, it's much more difficult to gain access without the employee's knowledge. - It helps to strengthen your protections against credential theft. Because an attacker must have both the device and the biometric info or PIN, it's much more difficult to gain access without the employee's knowledge.
- Employees get a simple authentication method (backed up with a PIN) that's always with them, so there's nothing to lose. No more forgetting passwords! - Employees get a simple authentication method (backed up with a PIN) that's always with them, so there's nothing to lose. No more forgetting passwords!
- Support for Windows Hello is built into the operating system so you can add additional biometric devices and policies as part of a coordinated rollout or to individual employees or groups using Group Policy or Mobile Device Management (MDM) configurations service provider (CSP) policies.<br>For more info about the available Group Policies and MDM CSPs, see the [Implement Windows Hello for Business in your organization](hello-manage-in-organization.md) topic. - Support for Windows Hello is built into the operating system so you can add additional biometric devices and policies as part of a coordinated rollout or to individual employees or groups using Group Policy or Mobile Device Management (MDM) configurations service provider (CSP) policies.<br>For more info about the available Group Policies and MDM CSPs, see the [Implement Windows Hello for Business in your organization](configure.md) topic.
## Where is Windows Hello data stored? ## Where is Windows Hello data stored?