mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 21:37:22 +00:00
updated metadata for WHFB
This commit is contained in:
Paolo Matarazzo
parent
7384d73079
commit
5d16eefbc1
@ -2,14 +2,14 @@
|
||||
title: WebAuthn APIs
|
||||
description: Learn how to use WebAuthn APIs to enable password-less authentication for your sites and apps.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 02/15/2019
|
||||
ms.reviewer:
|
||||
---
|
||||
# WebAuthn APIs for password-less authentication on Windows
|
||||
|
||||
|
||||
@ -2,22 +2,20 @@
|
||||
title: Multi-factor Unlock
|
||||
description: Learn how Windows 10 and Windows 11 offer multi-factor device unlock by extending Windows Hello with trusted signals.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 03/20/2018
|
||||
ms.reviewer:
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.reviewer: prsriva
|
||||
manager: aaroncz
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
---
|
||||
# Multi-factor Unlock
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
|
||||
**Requirements:**
|
||||
* Windows Hello for Business deployment (Cloud, Hybrid or On-premises)
|
||||
* Azure AD, Hybrid Azure AD, or Domain Joined (Cloud, Hybrid, or On-Premises deployments)
|
||||
|
||||
@ -2,14 +2,14 @@
|
||||
title: Azure Active Directory join cloud only deployment
|
||||
description: Use this deployment guide to successfully use Azure Active Directory to join a Windows 10 or Windows 11 device.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 06/23/2021
|
||||
ms.reviewer:
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.reviewer: prsriva
|
||||
manager: aaroncz
|
||||
---
|
||||
# Azure Active Directory join cloud only deployment
|
||||
|
||||
|
||||
@ -2,24 +2,23 @@
|
||||
title: Having enough Domain Controllers for Windows Hello for Business deployments
|
||||
description: Guide for planning to have an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/20/2018
|
||||
ms.reviewer:
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.reviewer: prsriva
|
||||
manager: aaroncz
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>Windows Server 2016 or later</b>
|
||||
- ✅ <b>Hybrid or On-Premises deployment</b>
|
||||
- ✅ <b>Key trust</b>
|
||||
---
|
||||
# Planning an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later, or Windows 11
|
||||
- Windows Server, versions 2016 or later
|
||||
- Hybrid or On-Premises deployment
|
||||
- Key trust
|
||||
|
||||
> [!NOTE]
|
||||
>There was an issue with key trust authentication on Windows Server 2019. To fix it, refer to [KB4487044](https://support.microsoft.com/en-us/help/4487044/windows-10-update-kb4487044).
|
||||
|
||||
@ -90,7 +89,7 @@ Using the same methods described above, monitor the Kerberos authentication afte
|
||||
|
||||
```"Every n Windows Hello for Business clients results in x percentage of key-trust authentication."```
|
||||
|
||||
Where _n_ equals the number of clients you switched to Windows Hello for Business and _x_ equals the increased percentage of authentication from the upgraded domain controller. Armed with this information, you can apply the observations of upgrading domain controllers and increasing Windows Hello for Business client count to appropriately phase your deployment.
|
||||
Where *n* equals the number of clients you switched to Windows Hello for Business and _x_ equals the increased percentage of authentication from the upgraded domain controller. Armed with this information, you can apply the observations of upgrading domain controllers and increasing Windows Hello for Business client count to appropriately phase your deployment.
|
||||
|
||||
Remember, increasing the number of clients changes the volume of authentication distributed across the Windows Server 2016 or newer domain controllers. If there is only one Windows Server 2016 or newer domain controller, there's no distribution and you are simply increasing the volume of authentication for which THAT domain controller is responsible.
|
||||
|
||||
|
||||
@ -1,23 +1,21 @@
|
||||
---
|
||||
title: Windows Hello and password changes (Windows)
|
||||
description: When you change your password on a device, you may need to sign in with a password on other devices to reset Hello.
|
||||
ms.reviewer:
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 07/27/2017
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.reviewer: prsriva
|
||||
manager: aaroncz
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
---
|
||||
# Windows Hello and password changes
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
|
||||
When you set up Windows Hello, the PIN or biometric gesture that you use is specific to that device. You can set up Hello for the same account on multiple devices. If the PIN or biometric is configured as part of Windows Hello for Business, changing the account password will not impact sign-in or unlock with these gestures since it uses a key or certificate. However, if Windows Hello for Business is not deployed and the password for that account changes, you must provide the new password on each device to continue to use Hello.
|
||||
|
||||
## Example
|
||||
|
||||
@ -2,24 +2,23 @@
|
||||
title: Windows Hello biometrics in the enterprise (Windows)
|
||||
description: Windows Hello uses biometrics to authenticate users and guard against potential spoofing, through fingerprint matching and facial recognition.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
ms.collection:
|
||||
- M365-identity-device-management
|
||||
- highpri
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 01/12/2021
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.reviewer: prsriva
|
||||
manager: aaroncz
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
---
|
||||
|
||||
# Windows Hello biometrics in the enterprise
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
|
||||
Windows Hello is the biometric authentication feature that helps strengthen authentication and helps to guard against potential spoofing through fingerprint matching and facial recognition.
|
||||
|
||||
>[!NOTE]
|
||||
|
||||
@ -2,24 +2,22 @@
|
||||
title: Prepare and Deploy Windows AD FS certificate trust (Windows Hello for Business)
|
||||
description: Learn how to Prepare and Deploy Windows Server 2016 Active Directory Federation Services (AD FS) for Windows Hello for Business, using certificate trust.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 01/14/2021
|
||||
ms.reviewer:
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.reviewer: prsriva
|
||||
manager: aaroncz
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>On-premises deployments</b>
|
||||
- ✅ <b>Certificate trust/b>
|
||||
---
|
||||
# Prepare and Deploy Windows Server 2016 Active Directory Federation Services - Certificate Trust
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- On-premises deployment
|
||||
- Certificate trust
|
||||
|
||||
Windows Hello for Business works exclusively with the Active Directory Federation Service role included with Windows Server 2016 and requires an additional server update. The on-premises certificate trust deployment uses Active Directory Federation Services roles for key registration, device registration, and as a certificate registration authority.
|
||||
|
||||
The following guidance describes deploying a new instance of Active Directory Federation Services 2016 using the Windows Information Database as the configuration database, which is ideal for environments with no more than 30 federation servers and no more than 100 relying party trusts.
|
||||
|
||||
@ -2,25 +2,24 @@
|
||||
title: Configure Windows Hello for Business Policy settings - certificate trust
|
||||
description: Configure Windows Hello for Business Policy settings for Windows Hello for Business. Certificate-based deployments need three group policy settings.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
ms.collection:
|
||||
- M365-identity-device-management
|
||||
- highpri
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/20/2018
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.reviewer: prsriva
|
||||
manager: aaroncz
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>On-premises deployments</b>
|
||||
- ✅ <b>Certificate trust/b>
|
||||
---
|
||||
# Configure Windows Hello for Business Policy settings - Certificate Trust
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- On-premises deployment
|
||||
- Certificate trust
|
||||
|
||||
You need at least a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520).
|
||||
Install the Remote Server Administration Tools for Windows on a computer running Windows 10, version 1703 or later.
|
||||
|
||||
|
||||
@ -2,24 +2,22 @@
|
||||
title: Update Active Directory schema for cert-trust deployment (Windows Hello for Business)
|
||||
description: How to Validate Active Directory prerequisites for Windows Hello for Business when deploying with the certificate trust model.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/19/2018
|
||||
ms.reviewer:
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.reviewer: prsriva
|
||||
manager: aaroncz
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>On-premises deployments</b>
|
||||
- ✅ <b>Certificate trust/b>
|
||||
---
|
||||
# Validate Active Directory prerequisites for cert-trust deployment
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- On-premises deployment
|
||||
- Certificate trust
|
||||
|
||||
The key registration process for the on-premises deployment of Windows Hello for Business needs the Windows Server 2016 Active Directory or later schema. The key-trust model receives the schema extension when the first Windows Server 2016 or later domain controller is added to the forest. The certificate trust model requires manually updating the current schema to the Windows Server 2016 or later schema.
|
||||
|
||||
> [!NOTE]
|
||||
|
||||
@ -2,24 +2,22 @@
|
||||
title: Validate and Deploy MFA for Windows Hello for Business with certificate trust
|
||||
description: How to Validate and Deploy Multi-factor Authentication (MFA) Services for Windows Hello for Business with certificate trust
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/19/2018
|
||||
ms.reviewer:
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.reviewer: prsriva
|
||||
manager: aaroncz
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>On-premises deployments</b>
|
||||
- ✅ <b>Certificate trust/b>
|
||||
---
|
||||
# Validate and Deploy Multi-Factor Authentication feature
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- On-premises deployment
|
||||
- Certificate trust
|
||||
|
||||
Windows Hello for Business requires all users perform multi-factor authentication prior to creating and registering a Windows Hello for Business credential. On-premises deployments can use certificates, third-party authentication providers for AD FS, or a custom authentication provider for AD FS as an on-premises MFA option.
|
||||
|
||||
For information on available third-party authentication methods, see [Configure Additional Authentication Methods for AD FS](/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs). For creating a custom authentication method, see [Build a Custom Authentication Method for AD FS in Windows Server](/windows-server/identity/ad-fs/development/ad-fs-build-custom-auth-method)
|
||||
|
||||
@ -2,25 +2,22 @@
|
||||
title: Validate Public Key Infrastructure - certificate trust model (Windows Hello for Business)
|
||||
description: How to Validate Public Key Infrastructure for Windows Hello for Business, under a certificate trust model.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/19/2018
|
||||
ms.reviewer:
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.reviewer: prsriva
|
||||
manager: aaroncz
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>On-premises deployments</b>
|
||||
- ✅ <b>Certificate trust/b>
|
||||
---
|
||||
# Validate and Configure Public Key Infrastructure - Certificate Trust Model
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- On-premises deployment
|
||||
- Certificate trust
|
||||
|
||||
|
||||
Windows Hello for Business must have a public key infrastructure regardless of the deployment or trust model. All trust models depend on the domain controllers having a certificate. The certificate serves as a root of trust for clients to ensure they are not communicating with a rogue domain controller. The certificate trust model extends certificate issuance to client computers. During Windows Hello for Business provisioning, the user receives a sign-in certificate.
|
||||
|
||||
## Deploy an enterprise certificate authority
|
||||
|
||||
@ -2,24 +2,22 @@
|
||||
title: Windows Hello for Business Deployment Guide - On Premises Certificate Trust Deployment
|
||||
description: A guide to on premises, certificate trust Windows Hello for Business deployment.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/19/2018
|
||||
ms.reviewer:
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.reviewer: prsriva
|
||||
manager: aaroncz
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>On-premises deployments</b>
|
||||
- ✅ <b>Certificate trust/b>
|
||||
---
|
||||
# On Premises Certificate Trust Deployment
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- On-premises deployment
|
||||
- Certificate trust
|
||||
|
||||
Windows Hello for Business replaces username and password sign-in to Windows with authentication using an asymmetric key pair. This deployment guide provides the information you'll need to successfully deploy Windows Hello for Business in an existing environment.
|
||||
|
||||
Below, you can find all the information needed to deploy Windows Hello for Business in a Certificate Trust Model in your on-premises environment:
|
||||
|
||||
@ -2,9 +2,10 @@
|
||||
title: Windows Hello for Business Deployment Overview
|
||||
description: Use this deployment guide to successfully deploy Windows Hello for Business in an existing environment.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection:
|
||||
- M365-identity-device-management
|
||||
- highpri
|
||||
|
||||
@ -3,14 +3,14 @@ title: Windows Hello for Business Deployment Known Issues
|
||||
description: A Troubleshooting Guide for Known Windows Hello for Business Deployment Issues
|
||||
params: siblings_only
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 05/03/2021
|
||||
ms.reviewer:
|
||||
---
|
||||
# Windows Hello for Business Known Deployment Issues
|
||||
|
||||
|
||||
@ -2,24 +2,22 @@
|
||||
title: Windows Hello for Business Deployment Guide - On Premises Key Deployment
|
||||
description: A guide to on premises, key trust Windows Hello for Business deployment.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/20/2018
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>On-premises deployment</b>
|
||||
- ✅ <b>Key trust</b>
|
||||
---
|
||||
# On Premises Key Trust Deployment
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- On-premises deployment
|
||||
- Key trust
|
||||
|
||||
Windows Hello for Business replaces username and password sign-in to Windows with strong user authentication based on asymmetric key pair. The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in an existing environment.
|
||||
|
||||
Below, you can find all the information you need to deploy Windows Hello for Business in a key trust model in your on-premises environment:
|
||||
|
||||
@ -2,25 +2,23 @@
|
||||
title: Deploying Certificates to Key Trust Users to Enable RDP
|
||||
description: Learn how to deploy certificates to a Key Trust user to enable remote desktop with supplied credentials
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 02/22/2021
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>Hybrid deployment</b>
|
||||
- ✅ <b>Key trust</b>
|
||||
---
|
||||
|
||||
# Deploying Certificates to Key Trust Users to Enable RDP
|
||||
|
||||
**Applies To**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- Hybrid deployment
|
||||
- Key trust
|
||||
|
||||
Windows Hello for Business supports using a certificate as the supplied credential when establishing a remote desktop connection to a server or other device. For certificate trust deployments, creation of this certificate occurs at container creation time.
|
||||
|
||||
This document discusses an approach for key trust deployments where authentication certificates can be deployed to an existing key trust user.
|
||||
|
||||
@ -2,24 +2,23 @@
|
||||
title: Windows Hello errors during PIN creation (Windows)
|
||||
description: When you set up Windows Hello in Windows 10/11, you may get an error during the Create a work PIN step.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection:
|
||||
- M365-identity-device-management
|
||||
- highpri
|
||||
ms.topic: troubleshooting
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 05/05/2018
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
---
|
||||
|
||||
# Windows Hello errors during PIN creation
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
|
||||
When you set up Windows Hello in Windows client, you may get an error during the **Create a PIN** step. This topic lists some of the error codes with recommendations for mitigating the problem. If you get an error code that is not listed here, contact Microsoft Support.
|
||||
|
||||
## Where is the error code?
|
||||
|
||||
@ -1,24 +1,22 @@
|
||||
---
|
||||
title: Event ID 300 - Windows Hello successfully created (Windows)
|
||||
description: This event is created when a Windows Hello for Business is successfully created and registered with Azure Active Directory (Azure AD).
|
||||
ms.reviewer:
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 07/27/2017
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
---
|
||||
|
||||
# Event ID 300 - Windows Hello successfully created
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
|
||||
This event is created when Windows Hello for Business is successfully created and registered with Azure Active Directory (Azure AD). Applications or services can trigger actions on this event. For example, a certificate provisioning service can listen to this event and trigger a certificate request.
|
||||
|
||||
## Event details
|
||||
|
||||
@ -8,9 +8,10 @@ metadata:
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security, mobile
|
||||
audience: ITPro
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection:
|
||||
- M365-identity-device-management
|
||||
- highpri
|
||||
|
||||
@ -2,14 +2,14 @@
|
||||
title: Conditional Access
|
||||
description: Ensure that only approved users can access your devices, applications, and services from anywhere by enabling single sign-on with Azure Active Directory.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 09/09/2019
|
||||
ms.reviewer:
|
||||
---
|
||||
|
||||
# Conditional access
|
||||
|
||||
@ -2,14 +2,14 @@
|
||||
title: Dual Enrollment
|
||||
description: Learn how to configure Windows Hello for Business dual enrollment. Also, learn how to configure Active Directory to support Domain Administrator enrollment.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 09/09/2019
|
||||
ms.reviewer:
|
||||
---
|
||||
|
||||
# Dual Enrollment
|
||||
|
||||
@ -2,22 +2,21 @@
|
||||
title: Dynamic lock
|
||||
description: Learn how to set Dynamic lock on Windows 10 and Windows 11 devices, by configuring group policies. This feature locks a device when a Bluetooth signal falls below a set value.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 07/12/2022
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
---
|
||||
|
||||
# Dynamic lock
|
||||
|
||||
**Requirements:**
|
||||
|
||||
* Windows 10, version 1703 or later
|
||||
|
||||
Dynamic lock enables you to configure Windows devices to automatically lock when Bluetooth paired device signal falls below the maximum Received Signal Strength Indicator (RSSI) value. This makes it more difficult for someone to gain access to your device if you step away from your PC and forget to lock it.
|
||||
|
||||
> [!IMPORTANT]
|
||||
|
||||
@ -2,9 +2,10 @@
|
||||
title: Pin Reset
|
||||
description: Learn how Microsoft PIN reset services enable you to help users recover who have forgotten their PIN.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection:
|
||||
- M365-identity-device-management
|
||||
- highpri
|
||||
|
||||
@ -2,14 +2,14 @@
|
||||
title: Remote Desktop
|
||||
description: Learn how Windows Hello for Business supports using biometrics with remote desktop
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 02/24/2021
|
||||
ms.reviewer:
|
||||
---
|
||||
|
||||
# Remote Desktop
|
||||
|
||||
@ -2,22 +2,20 @@
|
||||
title: How Windows Hello for Business works - Authentication
|
||||
description: Learn about the authentication flow for Windows Hello for Business.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 02/15/2022
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
---
|
||||
# Windows Hello for Business and Authentication
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
|
||||
Windows Hello for Business authentication is passwordless, two-factor authentication. Authenticating with Windows Hello for Business provides a convenient sign-in experience that authenticates the user to both Azure Active Directory and Active Directory resources.
|
||||
|
||||
Azure Active Directory-joined devices authenticate to Azure during sign-in and can optionally authenticate to Active Directory. Hybrid Azure Active Directory-joined devices authenticate to Active Directory during sign-in, and authenticate to Azure Active Directory in the background.
|
||||
|
||||
@ -2,22 +2,20 @@
|
||||
title: How Windows Hello for Business works - Provisioning
|
||||
description: Explore the provisioning flows for Windows Hello for Business, from within a variety of environments.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 2/15/2022
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
---
|
||||
# Windows Hello for Business Provisioning
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
|
||||
Windows Hello for Business provisioning enables a user to enroll a new, strong, two-factor credential that they can use for passwordless authentication. Provisioning experience vary based on:
|
||||
|
||||
- How the device is joined to Azure Active Directory
|
||||
|
||||
@ -2,23 +2,21 @@
|
||||
title: How Windows Hello for Business works - technology and terms
|
||||
description: Explore technology and terms associated with Windows Hello for Business. Learn how Windows Hello for Business works.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 10/08/2018
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
---
|
||||
|
||||
# Technology and terms
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
|
||||
## Attestation identity keys
|
||||
|
||||
Because the endorsement certificate is unique for each device and doesn't change, the usage of it may present privacy concerns because it's theoretically possible to track a specific device. To avoid this privacy problem, Windows issues a derived attestation anchor based on the endorsement certificate. This intermediate key, which can be attested to an endorsement key, is the Attestation Identity Key (AIK) and the corresponding certificate is called the AIK certificate. This AIK certificate is issued by a Microsoft cloud service.
|
||||
|
||||
@ -2,22 +2,20 @@
|
||||
title: How Windows Hello for Business works
|
||||
description: Learn how Windows Hello for Business works, and how it can help your users authenticate to services.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 05/05/2018
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
---
|
||||
# How Windows Hello for Business works in Windows Devices
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
|
||||
Windows Hello for Business is a modern, two-factor credential that is the more secure alternative to passwords. Whether you are cloud or on-premises, Windows Hello for Business has a deployment option for you. For cloud deployments, you can use Windows Hello for Business with Azure Active Directory-joined, Hybrid Azure Active Directory-joined, or Azure AD registered devices. Windows Hello for Business also works for domain joined devices.
|
||||
|
||||
Watch this quick video where Pieter Wigleven gives a simple explanation of how Windows Hello for Business works and some of its supporting features.
|
||||
|
||||
@ -2,26 +2,24 @@
|
||||
title: Configure Azure AD-joined devices for On-premises Single-Sign On using Windows Hello for Business
|
||||
description: Before adding Azure Active Directory (Azure AD) joined devices to your existing hybrid deployment, you need to verify the existing deployment can support them.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection:
|
||||
- M365-identity-device-management
|
||||
- highpri
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 01/14/2021
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>Azure Active Directory-join</b>
|
||||
- ✅ <b>Hybrid Deployment</b>
|
||||
- ✅ <b>Key trust model</b>
|
||||
---
|
||||
# Configure Azure AD-joined devices for On-premises Single-Sign On using Windows Hello for Business
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Azure Active Directory-joined
|
||||
- Hybrid Deployment
|
||||
- Key trust model
|
||||
|
||||
## Prerequisites
|
||||
|
||||
Before adding Azure Active Directory (Azure AD) joined devices to your existing hybrid deployment, you need to verify the existing deployment can support Azure AD-joined devices. Unlike hybrid Azure AD-joined devices, Azure AD-joined devices do not have a relationship with your Active Directory domain. This factor changes the way in which users authenticate to Active Directory. Validate the following configurations to ensure they support Azure AD-joined devices.
|
||||
|
||||
@ -2,26 +2,24 @@
|
||||
title: Using Certificates for AADJ On-premises Single-sign On single sign-on
|
||||
description: If you want to use certificates for on-premises single-sign on for Azure Active Directory-joined devices, then follow these additional steps.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/19/2018
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>Azure AD-join</b>
|
||||
- ✅ <b>Hybrid Deployment</b>
|
||||
- ✅ <b>Certificate trust model</b>
|
||||
---
|
||||
|
||||
# Using Certificates for AADJ On-premises Single-sign On
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Azure Active Directory-joined
|
||||
- Hybrid Deployment
|
||||
- Certificate trust
|
||||
|
||||
If you plan to use certificates for on-premises single-sign on, then follow these **additional** steps to configure the environment to enroll Windows Hello for Business certificates for Azure AD-joined devices.
|
||||
|
||||
> [!IMPORTANT]
|
||||
|
||||
@ -2,24 +2,20 @@
|
||||
title: Azure AD Join Single Sign-on Deployment
|
||||
description: Learn how to provide single sign-on to your on-premises resources for Azure Active Directory-joined devices, using Windows Hello for Business.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/19/2018
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
---
|
||||
# Azure AD Join Single Sign-on Deployment
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Azure Active Directory-joined
|
||||
- Hybrid deployment
|
||||
|
||||
Windows Hello for Business combined with Azure Active Directory-joined devices makes it easy for users to securely access cloud-based resources using a strong, two-factor credential. Some resources may remain on-premises as enterprises transition resources to the cloud and Azure AD-joined devices may need to access these resources. With additional configurations to your current hybrid deployment, you can provide single sign-on to your on-premises resources for Azure Active Directory-joined devices using Windows Hello for Business, using a key or a certificate.
|
||||
|
||||
## Key vs. Certificate
|
||||
|
||||
@ -2,24 +2,22 @@
|
||||
title: Hybrid Azure AD joined Windows Hello for Business Trust New Installation (Windows Hello for Business)
|
||||
description: Learn about new installations for Windows Hello for Business certificate trust and the various technologies hybrid certificate trust deployments rely on.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>Hybrid deployment</b>
|
||||
- ✅ <b>Certificate trust</b>
|
||||
---
|
||||
# Hybrid Azure AD joined Windows Hello for Business Certificate Trust New Installation
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- Hybrid deployment
|
||||
- Certificate trust
|
||||
|
||||
Windows Hello for Business involves configuring distributed technologies that may or may not exist in your current infrastructure. Hybrid certificate trust deployments of Windows Hello for Business rely on these technologies
|
||||
|
||||
- [Active Directory](#active-directory)
|
||||
|
||||
@ -2,24 +2,22 @@
|
||||
title: Configure Device Registration for Hybrid Azure AD joined Windows Hello for Business
|
||||
description: Azure Device Registration for Hybrid Certificate Trust Deployment (Windows Hello for Business)
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>Hybrid deployment</b>
|
||||
- ✅ <b>Certificate trust</b>
|
||||
---
|
||||
# Configure Device Registration for Hybrid Azure AD joined Windows Hello for Business
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- Hybrid deployment
|
||||
- Certificate trust
|
||||
|
||||
Your environment is federated and you're ready to configure device registration for your hybrid environment. Hybrid Windows Hello for Business deployment needs device registration and device write-back to enable proper device authentication.
|
||||
|
||||
> [!IMPORTANT]
|
||||
|
||||
@ -2,24 +2,22 @@
|
||||
title: Hybrid Azure AD joined Windows Hello for Business Prerequisites
|
||||
description: Learn these prerequisites for hybrid Windows Hello for Business deployments using certificate trust.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>Hybrid deployment</b>
|
||||
- ✅ <b>Certificate trust</b>
|
||||
---
|
||||
# Hybrid Azure AD joined Windows Hello for Business Prerequisites
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- Hybrid deployment
|
||||
- Certificate trust
|
||||
|
||||
Hybrid environments are distributed systems that enable organizations to use on-premises and Azure-based identities and resources. Windows Hello for Business uses the existing distributed system as a foundation on which organizations can provide two-factor authentication that provides a single sign-in like experience to modern resources.
|
||||
|
||||
The distributed systems on which these technologies were built involved several pieces of on-premises and cloud infrastructure. High-level pieces of the infrastructure include:
|
||||
|
||||
@ -2,24 +2,22 @@
|
||||
title: Hybrid Certificate Trust Deployment (Windows Hello for Business)
|
||||
description: Learn the information you need to successfully deploy Windows Hello for Business in a hybrid certificate trust scenario.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 09/08/2017
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>Hybrid deployment</b>
|
||||
- ✅ <b>Certificate trust</b>
|
||||
---
|
||||
# Hybrid Azure AD joined Certificate Trust Deployment
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- Hybrid deployment
|
||||
- Certificate trust
|
||||
|
||||
Windows Hello for Business replaces username and password sign-in to Windows with strong user authentication based on asymmetric key pair. The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in a hybrid certificate trust scenario.
|
||||
|
||||
It is recommended that you review the Windows Hello for Business planning guide prior to using the deployment guide. The planning guide helps you make decisions by explaining the available options with each aspect of the deployment and explains the potential outcomes based on each of these decisions. You can review the [planning guide](/windows/access-protection/hello-for-business/hello-planning-guide) and download the [planning worksheet](https://go.microsoft.com/fwlink/?linkid=852514).
|
||||
|
||||
@ -2,24 +2,22 @@
|
||||
title: Hybrid Azure AD joined Windows Hello for Business Certificate Trust Provisioning (Windows Hello for Business)
|
||||
description: In this article, learn about provisioning for hybrid certificate trust deployments of Windows Hello for Business.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>Hybrid deployment</b>
|
||||
- ✅ <b>Certificate trust</b>
|
||||
---
|
||||
# Hybrid Azure AD joined Windows Hello for Business Certificate Trust Provisioning
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- Hybrid deployment
|
||||
- Certificate trust
|
||||
|
||||
## Provisioning
|
||||
|
||||
The Windows Hello for Business provisioning begins immediately after the user has signed in, after the user profile is loaded, but before the user receives their desktop. Windows only launches the provisioning experience if all the prerequisite checks pass. You can determine the status of the prerequisite checks by viewing the **User Device Registration** in the **Event Viewer** under **Applications and Services Logs\Microsoft\Windows**.
|
||||
|
||||
@ -2,24 +2,22 @@
|
||||
title: Configure Hybrid Azure AD joined Windows Hello for Business - Active Directory (AD)
|
||||
description: Discussing the configuration of Active Directory (AD) in a Hybrid deployment of Windows Hello for Business
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>Hybrid deployment</b>
|
||||
- ✅ <b>Certificate trust</b>
|
||||
---
|
||||
# Configure Hybrid Azure AD joined Windows Hello for Business: Active Directory
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- Hybrid deployment
|
||||
- Certificate trust
|
||||
|
||||
The key synchronization process for the hybrid deployment of Windows Hello for Business needs the Windows Server 2016 Active Directory schema.
|
||||
|
||||
### Creating Security Groups
|
||||
|
||||
@ -2,24 +2,22 @@
|
||||
title: Configuring Hybrid Azure AD joined Windows Hello for Business - Active Directory Federation Services (ADFS)
|
||||
description: Discussing the configuration of Active Directory Federation Services (ADFS) in a Hybrid deployment of Windows Hello for Business
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>Hybrid deployment</b>
|
||||
- ✅ <b>Certificate trust</b>
|
||||
---
|
||||
# Configure Hybrid Azure AD joined Windows Hello for Business: Active Directory Federation Services
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- Hybrid deployment
|
||||
- Certificate trust
|
||||
|
||||
## Federation Services
|
||||
|
||||
The Windows Server 2016 Active Directory Federation Server Certificate Registration Authority (AD FS RA) enrolls for an enrollment agent certificate. Once the registration authority verifies the certificate request, it signs the certificate request using its enrollment agent certificate and sends it to the certificate authority.
|
||||
|
||||
@ -2,25 +2,23 @@
|
||||
title: Configure Hybrid Azure AD joined Windows Hello for Business Directory Synch
|
||||
description: Discussing Directory Synchronization in a Hybrid deployment of Windows Hello for Business
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>Hybrid deployment</b>
|
||||
- ✅ <b>Certificate trust</b>
|
||||
---
|
||||
|
||||
# Configure Hybrid Azure AD joined Windows Hello for Business- Directory Synchronization
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- Hybrid deployment
|
||||
- Certificate Trust
|
||||
|
||||
## Directory Synchronization
|
||||
|
||||
In hybrid deployments, users register the public portion of their Windows Hello for Business credential with Azure. Azure AD Connect synchronizes the Windows Hello for Business public key to Active Directory.
|
||||
|
||||
@ -2,25 +2,23 @@
|
||||
title: Configuring Hybrid Azure AD joined Windows Hello for Business - Public Key Infrastructure (PKI)
|
||||
description: Discussing the configuration of the Public Key Infrastructure (PKI) in a Hybrid deployment of Windows Hello for Business
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>Hybrid deployment</b>
|
||||
- ✅ <b>Certificate trust</b>
|
||||
---
|
||||
|
||||
# Configure Hybrid Azure AD joined Windows Hello for Business - Public Key Infrastructure
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- Hybrid Deployment
|
||||
- Certificate Trust
|
||||
|
||||
Windows Hello for Business deployments rely on certificates. Hybrid deployments use publicly-issued server authentication certificates to validate the name of the server to which they are connecting and to encrypt the data that flows between them and the client computer.
|
||||
|
||||
All deployments use enterprise issued certificates for domain controllers as a root of trust. Hybrid certificate trust deployments issue users with a sign-in certificate that enables them to authenticate using Windows Hello for Business credentials to non-Windows Server 2016 domain controllers. Additionally, hybrid certificate trust deployments issue certificates to registration authorities to provide defense-in-depth security when issuing user authentication certificates.
|
||||
|
||||
@ -2,23 +2,22 @@
|
||||
title: Configuring Hybrid Azure AD joined Windows Hello for Business - Group Policy
|
||||
description: Discussing the configuration of Group Policy in a Hybrid deployment of Windows Hello for Business
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>Hybrid deployment</b>
|
||||
- ✅ <b>Certificate trust</b>
|
||||
---
|
||||
# Configure Hybrid Azure AD joined Windows Hello for Business - Group Policy
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- Hybrid deployment
|
||||
- Certificate trust
|
||||
|
||||
## Policy Configuration
|
||||
|
||||
|
||||
@ -2,24 +2,22 @@
|
||||
title: Configure Hybrid Windows Hello for Business Settings (Windows Hello for Business)
|
||||
description: Learn how to configure Windows Hello for Business settings in hybrid certificate trust deployment.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>Hybrid deployment</b>
|
||||
- ✅ <b>Certificate trust</b>
|
||||
---
|
||||
# Configure Hybrid Azure AD joined Windows Hello for Business
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- Hybrid deployment
|
||||
- Certificate trust
|
||||
|
||||
Your environment is federated and you are ready to configure your hybrid environment for Windows Hello for business using the certificate trust model.
|
||||
> [!IMPORTANT]
|
||||
> If your environment is not federated, review the [New Installation baseline](hello-hybrid-cert-new-install.md) section of this deployment document to learn how to federate your environment for your Windows Hello for Business deployment.
|
||||
|
||||
@ -2,22 +2,20 @@
|
||||
title: Hybrid Cloud Trust Deployment (Windows Hello for Business)
|
||||
description: Learn the information you need to successfully deploy Windows Hello for Business in a hybrid cloud trust scenario.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 2/15/2022
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10 21H2 and later</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
---
|
||||
# Hybrid Cloud Trust Deployment (Preview)
|
||||
|
||||
Applies to
|
||||
|
||||
- Windows 10, version 21H2
|
||||
- Windows 11 and later
|
||||
|
||||
Windows Hello for Business replaces username and password Windows sign-in with strong authentication using an asymmetric key pair. The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in a hybrid cloud trust scenario.
|
||||
|
||||
## Introduction to Cloud Trust
|
||||
|
||||
@ -2,25 +2,22 @@
|
||||
title: Windows Hello for Business Hybrid Azure AD joined Key Trust New Installation
|
||||
description: Learn how to configure a hybrid key trust deployment of Windows Hello for Business for systems with no previous installations.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>Hybrid deployment</b>
|
||||
- ✅ <b>Key trust</b>
|
||||
---
|
||||
# Windows Hello for Business Hybrid Azure AD joined Key Trust New Installation
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- Hybrid deployment
|
||||
- Key trust
|
||||
|
||||
|
||||
Windows Hello for Business involves configuring distributed technologies that may or may not exist in your current infrastructure. Hybrid key trust deployments of Windows Hello for Business rely on these technologies
|
||||
|
||||
- [Active Directory](#active-directory)
|
||||
|
||||
@ -2,25 +2,23 @@
|
||||
title: Configure Device Registration for Hybrid Azure AD joined key trust Windows Hello for Business
|
||||
description: Azure Device Registration for Hybrid Certificate Key Deployment (Windows Hello for Business)
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 05/04/2022
|
||||
ms.reviewer: prsriva
|
||||
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>Hybrid deployment</b>
|
||||
- ✅ <b>Key trust</b>
|
||||
---
|
||||
# Configure Device Registration for Hybrid Azure AD joined key trust Windows Hello for Business
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- Hybrid deployment
|
||||
- Key trust
|
||||
|
||||
You're ready to configure device registration for your hybrid environment. Hybrid Windows Hello for Business deployment needs device registration to enable proper device authentication.
|
||||
|
||||
> [!NOTE]
|
||||
|
||||
@ -2,24 +2,22 @@
|
||||
title: Configure Directory Synchronization for Hybrid Azure AD joined key trust Windows Hello for Business
|
||||
description: Azure Directory Synchronization for Hybrid Certificate Key Deployment (Windows Hello for Business)
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>Hybrid deployment</b>
|
||||
- ✅ <b>Key trust</b>
|
||||
---
|
||||
# Configure Directory Synchronization for Hybrid Azure AD joined key trust Windows Hello for Business
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- Hybrid deployment
|
||||
- Key trust
|
||||
|
||||
You are ready to configure directory synchronization for your hybrid environment. Hybrid Windows Hello for Business deployment needs both a cloud and an on-premises identity to authenticate and access resources in the cloud or on-premises.
|
||||
|
||||
## Deploy Azure AD Connect
|
||||
|
||||
@ -9,17 +9,14 @@ ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>Hybrid deployment</b>
|
||||
- ✅ <b>Key trust</b>
|
||||
---
|
||||
# Hybrid Azure AD joined Key trust Windows Hello for Business Prerequisites
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- Hybrid deployment
|
||||
- Key trust
|
||||
|
||||
Hybrid environments are distributed systems that enable organizations to use on-premises and Azure-based identities and resources. Windows Hello for Business uses the existing distributed system as a foundation on which organizations can provide two-factor authentication that provides a single sign-in like experience to modern resources.
|
||||
|
||||
The distributed systems on which these technologies were built involved several pieces of on-premises and cloud infrastructure. High-level pieces of the infrastructure include:
|
||||
|
||||
@ -2,24 +2,22 @@
|
||||
title: Hybrid Key Trust Deployment (Windows Hello for Business)
|
||||
description: Review this deployment guide to successfully deploy Windows Hello for Business in a hybrid key trust scenario.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/20/2018
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>Hybrid deployment</b>
|
||||
- ✅ <b>Key trust</b>
|
||||
---
|
||||
# Hybrid Azure AD joined Key Trust Deployment
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- Hybrid deployment
|
||||
- Key trust
|
||||
|
||||
Windows Hello for Business replaces username and password sign-in to Windows with strong user authentication based on asymmetric key pair. The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in a hybrid key trust scenario.
|
||||
|
||||
It is recommended that you review the Windows Hello for Business planning guide prior to using the deployment guide. The planning guide helps you make decisions by explaining the available options with each aspect of the deployment and explains the potential outcomes based on each of these decisions. You can review the [planning guide](/windows/access-protection/hello-for-business/hello-planning-guide) and download the [planning worksheet](https://go.microsoft.com/fwlink/?linkid=852514).
|
||||
|
||||
@ -2,23 +2,22 @@
|
||||
title: Hybrid Azure AD joined Windows Hello for Business key trust Provisioning (Windows Hello for Business)
|
||||
description: Learn about provisioning for hybrid key trust deployments of Windows Hello for Business and learn where to find the hybrid key trust deployment guide.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
---
|
||||
# Hybrid Azure AD joined Windows Hello for Business Key Trust Provisioning
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>Hybrid deployment</b>
|
||||
- ✅ <b>Key trust</b>
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- Hybrid deployment
|
||||
- Key trust
|
||||
|
||||
## Provisioning
|
||||
|
||||
|
||||
@ -2,23 +2,22 @@
|
||||
title: Configuring Hybrid Azure AD joined key trust Windows Hello for Business - Active Directory (AD)
|
||||
description: Configuring Hybrid key trust Windows Hello for Business - Active Directory (AD)
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
---
|
||||
# Configuring Hybrid Azure AD joined key trust Windows Hello for Business: Active Directory
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>Hybrid deployment</b>
|
||||
- ✅ <b>Key trust</b>
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- Hybrid deployment
|
||||
- Key trust
|
||||
|
||||
Configure the appropriate security groups to efficiently deploy Windows Hello for Business to users.
|
||||
|
||||
|
||||
@ -2,24 +2,22 @@
|
||||
title: Hybrid Azure AD joined Windows Hello for Business - Directory Synchronization
|
||||
description: How to configure Hybrid key trust Windows Hello for Business - Directory Synchronization
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>Hybrid deployment</b>
|
||||
- ✅ <b>Key trust</b>
|
||||
---
|
||||
# Configure Hybrid Azure AD joined Windows Hello for Business: Directory Synchronization
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- Hybrid deployment
|
||||
- Key trust
|
||||
|
||||
## Directory Synchronization
|
||||
|
||||
In hybrid deployments, users register the public portion of their Windows Hello for Business credential with Azure. Azure AD Connect synchronizes the Windows Hello for Business public key to Active Directory.
|
||||
|
||||
@ -2,25 +2,22 @@
|
||||
title: Configure Hybrid Azure AD joined key trust Windows Hello for Business
|
||||
description: Configuring Hybrid key trust Windows Hello for Business - Public Key Infrastructure (PKI)
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 04/30/2021
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>Hybrid deployment</b>
|
||||
- ✅ <b>Key trust</b>
|
||||
---
|
||||
|
||||
# Configure Hybrid Azure AD joined Windows Hello for Business: Public Key Infrastructure
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- Hybrid Deployment
|
||||
- Key trust
|
||||
|
||||
Windows Hello for Business deployments rely on certificates. Hybrid deployments use publicly issued server authentication certificates to validate the name of the server to which they are connecting and to encrypt the data that flows them and the client computer.
|
||||
|
||||
All deployments use enterprise issued certificates for domain controllers as a root of trust.
|
||||
|
||||
@ -2,24 +2,22 @@
|
||||
title: Configure Hybrid Azure AD joined Windows Hello for Business - Group Policy
|
||||
description: Configuring Hybrid key trust Windows Hello for Business - Group Policy
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>Hybrid deployment</b>
|
||||
- ✅ <b>Key trust</b>
|
||||
---
|
||||
# Configure Hybrid Azure AD joined Windows Hello for Business: Group Policy
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- Hybrid deployment
|
||||
- Key trust
|
||||
|
||||
## Policy Configuration
|
||||
|
||||
You need at least a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520).
|
||||
|
||||
@ -2,24 +2,22 @@
|
||||
title: Configure Hybrid Azure AD joined Windows Hello for Business key trust Settings
|
||||
description: Begin the process of configuring your hybrid key trust environment for Windows Hello for Business. Start with your Active Directory configuration.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 4/30/2021
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>Hybrid deployment</b>
|
||||
- ✅ <b>Key trust</b>
|
||||
---
|
||||
# Configure Hybrid Azure AD joined Windows Hello for Business key trust settings
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- Hybrid deployment
|
||||
- Key trust
|
||||
|
||||
You are ready to configure your hybrid Azure AD joined key trust environment for Windows Hello for Business.
|
||||
|
||||
> [!IMPORTANT]
|
||||
@ -36,10 +34,6 @@ For the most efficient deployment, configure these technologies in order beginni
|
||||
> [!div class="step-by-step"]
|
||||
> [Configure Active Directory >](hello-hybrid-key-whfb-settings-ad.md)
|
||||
|
||||
<br><br>
|
||||
|
||||
<hr>
|
||||
|
||||
## Follow the Windows Hello for Business hybrid key trust deployment guide
|
||||
|
||||
1. [Overview](hello-hybrid-key-trust.md)
|
||||
|
||||
@ -2,9 +2,10 @@
|
||||
title: Windows Hello for Business Deployment Prerequisite Overview
|
||||
description: Overview of all the different infrastructure requirements for Windows Hello for Business deployment models
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection:
|
||||
- M365-identity-device-management
|
||||
- highpri
|
||||
|
||||
@ -2,24 +2,22 @@
|
||||
title: Prepare & Deploy Windows Active Directory Federation Services with key trust (Windows Hello for Business)
|
||||
description: How to Prepare and Deploy Windows Server 2016 Active Directory Federation Services for Windows Hello for Business using key trust.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/19/2018
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>On-premises deployment</b>
|
||||
- ✅ <b>Key trust</b>
|
||||
---
|
||||
# Prepare and Deploy Windows Server 2016 Active Directory Federation Services with Key Trust
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- On-premises deployment
|
||||
- Key trust
|
||||
|
||||
Windows Hello for Business works exclusively with the Active Directory Federation Service role included with Windows Server 2016 and requires an additional server update. The on-premises key trust deployment uses Active Directory Federation Services roles for key registration and device registration.
|
||||
|
||||
The following guidance describes deploying a new instance of Active Directory Federation Services 2016 using the Windows Information Database as the configuration database, which is ideal for environments with no more than 30 federation servers and no more than 100 relying party trusts.
|
||||
|
||||
@ -2,25 +2,22 @@
|
||||
title: Configure Windows Hello for Business Policy settings - key trust
|
||||
description: Configure Windows Hello for Business Policy settings for Windows Hello for Business
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/19/2018
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>On-premises deployment</b>
|
||||
- ✅ <b>Key trust</b>
|
||||
---
|
||||
# Configure Windows Hello for Business Policy settings - Key Trust
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- On-premises deployment
|
||||
- Key trust
|
||||
|
||||
|
||||
You need at least a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520).
|
||||
Install the Remote Server Administration Tools for Windows on a computer running Windows 10, version 1703 or later.
|
||||
|
||||
|
||||
@ -2,24 +2,22 @@
|
||||
title: Key registration for on-premises deployment of Windows Hello for Business
|
||||
description: How to Validate Active Directory prerequisites for Windows Hello for Business when deploying with the key trust model.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/19/2018
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>On-premises deployment</b>
|
||||
- ✅ <b>Key trust</b>
|
||||
---
|
||||
# Validate Active Directory prerequisites - Key Trust
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- On-premises deployment
|
||||
- Key trust
|
||||
|
||||
Key trust deployments need an adequate number of 2016 or later domain controllers to ensure successful user authentication with Windows Hello for Business. To learn more about domain controller planning for key trust deployments, read the [Windows Hello for Business planning guide](hello-planning-guide.md), the [Planning an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) section.
|
||||
|
||||
> [!NOTE]
|
||||
|
||||
@ -2,27 +2,25 @@
|
||||
title: Validate and Deploy MFA for Windows Hello for Business with key trust
|
||||
description: How to Validate and Deploy Multifactor Authentication (MFA) Services for Windows Hello for Business with key trust
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/19/2018
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>On-premises deployment</b>
|
||||
- ✅ <b>Key trust</b>
|
||||
---
|
||||
# Validate and Deploy Multifactor Authentication (MFA)
|
||||
|
||||
> [!IMPORTANT]
|
||||
> As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multifactor authentication from their users should use cloud-based Azure AD Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1 will be able to download the latest version, future updates and generate activation credentials as usual.
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- On-premises deployment
|
||||
- Key trust
|
||||
|
||||
Windows Hello for Business requires all users perform multi-factor authentication prior to creating and registering a Windows Hello for Business credential. On-premises deployments can use certificates, third-party authentication providers for AD FS, or a custom authentication provider for AD FS as an on-premises MFA option.
|
||||
|
||||
For information on available third-party authentication methods see [Configure Additional Authentication Methods for AD FS](/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs). For creating a custom authentication method see [Build a Custom Authentication Method for AD FS in Windows Server](/windows-server/identity/ad-fs/development/ad-fs-build-custom-auth-method)
|
||||
|
||||
@ -2,25 +2,22 @@
|
||||
title: Validate Public Key Infrastructure - key trust model (Windows Hello for Business)
|
||||
description: How to Validate Public Key Infrastructure for Windows Hello for Business, under a key trust model.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/19/2018
|
||||
ms.reviewer:
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
- ✅ <b>On-premises deployment</b>
|
||||
- ✅ <b>Key trust</b>
|
||||
---
|
||||
|
||||
# Validate and Configure Public Key Infrastructure - Key Trust
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10, version 1703 or later
|
||||
- Windows 11
|
||||
- On-premises deployment
|
||||
- Key trust
|
||||
|
||||
Windows Hello for Business must have a public key infrastructure regardless of the deployment or trust model. All trust models depend on the domain controllers having a certificate. The certificate serves as a root of trust for clients to ensure they are not communicating with a rogue domain controller.
|
||||
|
||||
## Deploy an enterprise certificate authority
|
||||
|
||||
@ -2,24 +2,23 @@
|
||||
title: Manage Windows Hello in your organization (Windows)
|
||||
description: You can create a Group Policy or mobile device management (MDM) policy that will implement Windows Hello for Business on devices running Windows 10.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection:
|
||||
- M365-identity-device-management
|
||||
- highpri
|
||||
ms.topic: article
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 2/15/2022
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
---
|
||||
|
||||
# Manage Windows Hello for Business in your organization
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
|
||||
You can create a Group Policy or mobile device management (MDM) policy that will implement Windows Hello on devices running Windows 10.
|
||||
|
||||
>[!IMPORTANT]
|
||||
|
||||
@ -3,23 +3,21 @@ title: Windows Hello for Business Overview (Windows)
|
||||
ms.reviewer: An overview of Windows Hello for Business
|
||||
description: Learn how Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices in Windows 10 and Windows 11.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection:
|
||||
- M365-identity-device-management
|
||||
- highpri
|
||||
ms.topic: conceptual
|
||||
localizationpriority: medium
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
---
|
||||
|
||||
# Windows Hello for Business Overview
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
|
||||
In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN.
|
||||
|
||||
>[!NOTE]
|
||||
|
||||
@ -2,23 +2,22 @@
|
||||
title: Planning a Windows Hello for Business Deployment
|
||||
description: Learn about the role of each component within Windows Hello for Business and how certain deployment decisions affect other aspects of your infrastructure.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection:
|
||||
- M365-identity-device-management
|
||||
- highpri
|
||||
ms.topic: article
|
||||
localizationpriority: conceptual
|
||||
ms.date: 09/16/2020
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
---
|
||||
# Planning a Windows Hello for Business Deployment
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
|
||||
Congratulations! You are taking the first step forward in helping move your organizations away from password to a two-factor, convenience authentication for Windows — Windows Hello for Business. This planning guide helps you understand the different topologies, architectures, and components that encompass a Windows Hello for Business infrastructure.
|
||||
|
||||
This guide explains the role of each component within Windows Hello for Business and how certain deployment decisions affect other aspects of the infrastructure. Armed with your planning worksheet, you'll use that information to select the correct deployment guide for your needs.
|
||||
|
||||
@ -3,22 +3,20 @@ title: Prepare people to use Windows Hello (Windows)
|
||||
description: When you set a policy to require Windows Hello for Business in the workplace, you will want to prepare people in your organization.
|
||||
ms.reviewer:
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 08/19/2018
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
---
|
||||
|
||||
# Prepare people to use Windows Hello
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
|
||||
When you set a policy to require Windows Hello for Business in the workplace, you will want to prepare people in your organization by explaining how to use Hello.
|
||||
|
||||
After enrollment in Hello, users should use their gesture (such as a PIN or fingerprint) for access to corporate resources. Their gesture is only valid on the enrolled device.
|
||||
|
||||
@ -2,22 +2,20 @@
|
||||
title: Windows Hello for Business Videos
|
||||
description: View several informative videos describing features and experiences in Windows Hello for Business in Windows 10 and Windows 11.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 07/26/2022
|
||||
ms.reviewer: paoloma
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
---
|
||||
# Windows Hello for Business Videos
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
|
||||
## Overview of Windows Hello for Business and Features
|
||||
|
||||
Watch Pieter Wigleven explain Windows Hello for Business, Multi-factor Unlock, and Dynamic Lock
|
||||
|
||||
@ -2,24 +2,22 @@
|
||||
title: Why a PIN is better than an online password (Windows)
|
||||
description: Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) an online password .
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection:
|
||||
- M365-identity-device-management
|
||||
- highpri
|
||||
ms.topic: article
|
||||
ms.localizationpriority: medium
|
||||
ms.date: 10/23/2017
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
---
|
||||
|
||||
# Why a PIN is better than an online password
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
|
||||
Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) a local password?
|
||||
On the surface, a PIN looks much like a password. A PIN can be a set of numbers, but enterprise policy might allow complex PINs that include special characters and letters, both upper-case and lower-case. Something like **t758A!** could be an account password or a complex Hello PIN. It isn't the structure of a PIN (length, complexity) that makes it better than an online password, it's how it works. First we need to distinguish between two types of passwords: `local` passwords are validated against the machine's password store, whereas `online` passwords are validated against a server. This article mostly covers the benefits a PIN has over an online password, and also why it can be considered even better than a local password.
|
||||
|
||||
|
||||
@ -8,9 +8,10 @@ metadata:
|
||||
description: Learn how to manage and deploy Windows Hello for Business.
|
||||
ms.prod: m365-security
|
||||
ms.topic: landing-page
|
||||
author: GitPrakhar13
|
||||
manager: dansimp
|
||||
ms.author: prsriva
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.date: 01/22/2021
|
||||
ms.collection:
|
||||
- M365-identity-device-management
|
||||
|
||||
@ -2,14 +2,14 @@
|
||||
title: Microsoft-compatible security key
|
||||
description: Learn how a Microsoft-compatible security key for Windows is different (and better) than any other FIDO2 security key.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 11/14/2018
|
||||
ms.reviewer:
|
||||
---
|
||||
# What is a Microsoft-compatible security key?
|
||||
|
||||
|
||||
@ -2,10 +2,10 @@
|
||||
title: Password-less strategy
|
||||
description: Learn about the password-less strategy and how Windows Hello for Business implements this strategy in Windows 10 and Windows 11.
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
ms.reviewer:
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: conceptual
|
||||
localizationpriority: medium
|
||||
|
||||
@ -2,14 +2,14 @@
|
||||
title: Reset-security-key
|
||||
description: Windows 10 and Windows 11 enables users to sign in to their device using a security key. How to reset a security key
|
||||
ms.prod: m365-security
|
||||
author: GitPrakhar13
|
||||
ms.author: prsriva
|
||||
manager: dansimp
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
manager: aaroncz
|
||||
ms.reviewer: prsriva
|
||||
ms.collection: M365-identity-device-management
|
||||
ms.topic: article
|
||||
localizationpriority: medium
|
||||
ms.date: 11/14/2018
|
||||
ms.reviewer:
|
||||
---
|
||||
# How to reset a Microsoft-compatible security key?
|
||||
> [!Warning]
|
||||
|
||||
@ -9,14 +9,12 @@ ms.date: 10/16/2017
|
||||
ms.reviewer:
|
||||
manager: dansimp
|
||||
ms.topic: article
|
||||
appliesto:
|
||||
- ✅ <b>Windows 10</b>
|
||||
- ✅ <b>Windows 11</b>
|
||||
---
|
||||
# How Windows Hello for Business works in Windows devices
|
||||
|
||||
**Applies to**
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
|
||||
Windows Hello for Business requires a registered device. When the device is set up, its user can use the device to authenticate to services. This topic explains how device registration works, what happens when a user requests authentication, how key material is stored and processed, and which servers and infrastructure components are involved in different parts of this process.
|
||||
|
||||
## Register a new user or device
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user