diff --git a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md index af4b0207cd..c84b17cee4 100644 --- a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md +++ b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md @@ -2,14 +2,14 @@ title: WebAuthn APIs description: Learn how to use WebAuthn APIs to enable password-less authentication for your sites and apps. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 02/15/2019 -ms.reviewer: --- # WebAuthn APIs for password-less authentication on Windows diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md index 46c5ce15d2..50dac1c934 100644 --- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md +++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md @@ -2,22 +2,20 @@ title: Multi-factor Unlock description: Learn how Windows 10 and Windows 11 offer multi-factor device unlock by extending Windows Hello with trusted signals. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 03/20/2018 -ms.reviewer: +author: paolomatarazzo +ms.author: paoloma +ms.reviewer: prsriva +manager: aaroncz +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 --- # Multi-factor Unlock -**Applies to:** - -- Windows 10 -- Windows 11 - **Requirements:** * Windows Hello for Business deployment (Cloud, Hybrid or On-premises) * Azure AD, Hybrid Azure AD, or Domain Joined (Cloud, Hybrid, or On-Premises deployments) diff --git a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md index a22fdc4c4b..f83577bd98 100644 --- a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md +++ b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md @@ -2,14 +2,14 @@ title: Azure Active Directory join cloud only deployment description: Use this deployment guide to successfully use Azure Active Directory to join a Windows 10 or Windows 11 device. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 06/23/2021 -ms.reviewer: +author: paolomatarazzo +ms.author: paoloma +ms.reviewer: prsriva +manager: aaroncz --- # Azure Active Directory join cloud only deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md index 201f155223..edba592b4e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md +++ b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md @@ -2,24 +2,23 @@ title: Having enough Domain Controllers for Windows Hello for Business deployments description: Guide for planning to have an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 08/20/2018 -ms.reviewer: +author: paolomatarazzo +ms.author: paoloma +ms.reviewer: prsriva +manager: aaroncz +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Windows Server 2016 or later +- ✅ Hybrid or On-Premises deployment +- ✅ Key trust --- # Planning an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments -**Applies to** - -- Windows 10, version 1703 or later, or Windows 11 -- Windows Server, versions 2016 or later -- Hybrid or On-Premises deployment -- Key trust - > [!NOTE] >There was an issue with key trust authentication on Windows Server 2019. To fix it, refer to [KB4487044](https://support.microsoft.com/en-us/help/4487044/windows-10-update-kb4487044). @@ -90,7 +89,7 @@ Using the same methods described above, monitor the Kerberos authentication afte ```"Every n Windows Hello for Business clients results in x percentage of key-trust authentication."``` -Where _n_ equals the number of clients you switched to Windows Hello for Business and _x_ equals the increased percentage of authentication from the upgraded domain controller. Armed with this information, you can apply the observations of upgrading domain controllers and increasing Windows Hello for Business client count to appropriately phase your deployment. +Where *n* equals the number of clients you switched to Windows Hello for Business and _x_ equals the increased percentage of authentication from the upgraded domain controller. Armed with this information, you can apply the observations of upgrading domain controllers and increasing Windows Hello for Business client count to appropriately phase your deployment. Remember, increasing the number of clients changes the volume of authentication distributed across the Windows Server 2016 or newer domain controllers. If there is only one Windows Server 2016 or newer domain controller, there's no distribution and you are simply increasing the volume of authentication for which THAT domain controller is responsible. diff --git a/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md b/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md index 409d7ad594..0b82e155e7 100644 --- a/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md +++ b/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md @@ -1,23 +1,21 @@ --- title: Windows Hello and password changes (Windows) description: When you change your password on a device, you may need to sign in with a password on other devices to reset Hello. -ms.reviewer: ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp ms.collection: M365-identity-device-management ms.topic: article ms.localizationpriority: medium ms.date: 07/27/2017 +author: paolomatarazzo +ms.author: paoloma +ms.reviewer: prsriva +manager: aaroncz +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 --- # Windows Hello and password changes -**Applies to** - -- Windows 10 -- Windows 11 - When you set up Windows Hello, the PIN or biometric gesture that you use is specific to that device. You can set up Hello for the same account on multiple devices. If the PIN or biometric is configured as part of Windows Hello for Business, changing the account password will not impact sign-in or unlock with these gestures since it uses a key or certificate. However, if Windows Hello for Business is not deployed and the password for that account changes, you must provide the new password on each device to continue to use Hello. ## Example diff --git a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md index 1b7fc74348..ebbea60361 100644 --- a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md +++ b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md @@ -2,24 +2,23 @@ title: Windows Hello biometrics in the enterprise (Windows) description: Windows Hello uses biometrics to authenticate users and guard against potential spoofing, through fingerprint matching and facial recognition. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp ms.collection: - M365-identity-device-management - highpri ms.topic: article localizationpriority: medium ms.date: 01/12/2021 +author: paolomatarazzo +ms.author: paoloma +ms.reviewer: prsriva +manager: aaroncz +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 --- # Windows Hello biometrics in the enterprise -**Applies to:** - -- Windows 10 -- Windows 11 - Windows Hello is the biometric authentication feature that helps strengthen authentication and helps to guard against potential spoofing through fingerprint matching and facial recognition. >[!NOTE] diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md index 7c1152e8bf..8763270456 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md @@ -2,24 +2,22 @@ title: Prepare and Deploy Windows AD FS certificate trust (Windows Hello for Business) description: Learn how to Prepare and Deploy Windows Server 2016 Active Directory Federation Services (AD FS) for Windows Hello for Business, using certificate trust. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 01/14/2021 -ms.reviewer: +author: paolomatarazzo +ms.author: paoloma +ms.reviewer: prsriva +manager: aaroncz +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ On-premises deployments +- ✅ Certificate trust/b> --- # Prepare and Deploy Windows Server 2016 Active Directory Federation Services - Certificate Trust -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- On-premises deployment -- Certificate trust - Windows Hello for Business works exclusively with the Active Directory Federation Service role included with Windows Server 2016 and requires an additional server update. The on-premises certificate trust deployment uses Active Directory Federation Services roles for key registration, device registration, and as a certificate registration authority. The following guidance describes deploying a new instance of Active Directory Federation Services 2016 using the Windows Information Database as the configuration database, which is ideal for environments with no more than 30 federation servers and no more than 100 relying party trusts. diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md index eda6b35e15..e976e88743 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md @@ -2,25 +2,24 @@ title: Configure Windows Hello for Business Policy settings - certificate trust description: Configure Windows Hello for Business Policy settings for Windows Hello for Business. Certificate-based deployments need three group policy settings. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp ms.collection: - M365-identity-device-management - highpri ms.topic: article localizationpriority: medium ms.date: 08/20/2018 +author: paolomatarazzo +ms.author: paoloma +ms.reviewer: prsriva +manager: aaroncz +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ On-premises deployments +- ✅ Certificate trust/b> --- # Configure Windows Hello for Business Policy settings - Certificate Trust -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- On-premises deployment -- Certificate trust - You need at least a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). Install the Remote Server Administration Tools for Windows on a computer running Windows 10, version 1703 or later. diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md index 281f5bf449..ffeb72f7a9 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md @@ -2,24 +2,22 @@ title: Update Active Directory schema for cert-trust deployment (Windows Hello for Business) description: How to Validate Active Directory prerequisites for Windows Hello for Business when deploying with the certificate trust model. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 08/19/2018 -ms.reviewer: +author: paolomatarazzo +ms.author: paoloma +ms.reviewer: prsriva +manager: aaroncz +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ On-premises deployments +- ✅ Certificate trust/b> --- # Validate Active Directory prerequisites for cert-trust deployment -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- On-premises deployment -- Certificate trust - The key registration process for the on-premises deployment of Windows Hello for Business needs the Windows Server 2016 Active Directory or later schema. The key-trust model receives the schema extension when the first Windows Server 2016 or later domain controller is added to the forest. The certificate trust model requires manually updating the current schema to the Windows Server 2016 or later schema. > [!NOTE] diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md index 865759bf10..4fe4a8935e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md @@ -2,24 +2,22 @@ title: Validate and Deploy MFA for Windows Hello for Business with certificate trust description: How to Validate and Deploy Multi-factor Authentication (MFA) Services for Windows Hello for Business with certificate trust ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 08/19/2018 -ms.reviewer: +author: paolomatarazzo +ms.author: paoloma +ms.reviewer: prsriva +manager: aaroncz +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ On-premises deployments +- ✅ Certificate trust/b> --- # Validate and Deploy Multi-Factor Authentication feature -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- On-premises deployment -- Certificate trust - Windows Hello for Business requires all users perform multi-factor authentication prior to creating and registering a Windows Hello for Business credential. On-premises deployments can use certificates, third-party authentication providers for AD FS, or a custom authentication provider for AD FS as an on-premises MFA option. For information on available third-party authentication methods, see [Configure Additional Authentication Methods for AD FS](/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs). For creating a custom authentication method, see [Build a Custom Authentication Method for AD FS in Windows Server](/windows-server/identity/ad-fs/development/ad-fs-build-custom-auth-method) diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md index d6356353aa..fc4eb5a6f9 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md @@ -2,25 +2,22 @@ title: Validate Public Key Infrastructure - certificate trust model (Windows Hello for Business) description: How to Validate Public Key Infrastructure for Windows Hello for Business, under a certificate trust model. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 08/19/2018 -ms.reviewer: +author: paolomatarazzo +ms.author: paoloma +ms.reviewer: prsriva +manager: aaroncz +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ On-premises deployments +- ✅ Certificate trust/b> --- # Validate and Configure Public Key Infrastructure - Certificate Trust Model -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- On-premises deployment -- Certificate trust - - Windows Hello for Business must have a public key infrastructure regardless of the deployment or trust model. All trust models depend on the domain controllers having a certificate. The certificate serves as a root of trust for clients to ensure they are not communicating with a rogue domain controller. The certificate trust model extends certificate issuance to client computers. During Windows Hello for Business provisioning, the user receives a sign-in certificate. ## Deploy an enterprise certificate authority diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md index 278560bbc5..167eb0b472 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md @@ -2,24 +2,22 @@ title: Windows Hello for Business Deployment Guide - On Premises Certificate Trust Deployment description: A guide to on premises, certificate trust Windows Hello for Business deployment. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 08/19/2018 -ms.reviewer: +author: paolomatarazzo +ms.author: paoloma +ms.reviewer: prsriva +manager: aaroncz +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ On-premises deployments +- ✅ Certificate trust/b> --- # On Premises Certificate Trust Deployment -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- On-premises deployment -- Certificate trust - Windows Hello for Business replaces username and password sign-in to Windows with authentication using an asymmetric key pair. This deployment guide provides the information you'll need to successfully deploy Windows Hello for Business in an existing environment. Below, you can find all the information needed to deploy Windows Hello for Business in a Certificate Trust Model in your on-premises environment: diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md index afe7fdf157..0f2c45e2f0 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md @@ -2,9 +2,10 @@ title: Windows Hello for Business Deployment Overview description: Use this deployment guide to successfully deploy Windows Hello for Business in an existing environment. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: - M365-identity-device-management - highpri diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md index 47d8b38c53..43ff73fc92 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md @@ -3,14 +3,14 @@ title: Windows Hello for Business Deployment Known Issues description: A Troubleshooting Guide for Known Windows Hello for Business Deployment Issues params: siblings_only ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 05/03/2021 -ms.reviewer: --- # Windows Hello for Business Known Deployment Issues diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md index 280f51120d..faab624132 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md @@ -2,24 +2,22 @@ title: Windows Hello for Business Deployment Guide - On Premises Key Deployment description: A guide to on premises, key trust Windows Hello for Business deployment. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 08/20/2018 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ On-premises deployment +- ✅ Key trust --- # On Premises Key Trust Deployment -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- On-premises deployment -- Key trust - Windows Hello for Business replaces username and password sign-in to Windows with strong user authentication based on asymmetric key pair. The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in an existing environment. Below, you can find all the information you need to deploy Windows Hello for Business in a key trust model in your on-premises environment: diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md index 5df469ff3e..d0cc1cad93 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md @@ -2,25 +2,23 @@ title: Deploying Certificates to Key Trust Users to Enable RDP description: Learn how to deploy certificates to a Key Trust user to enable remote desktop with supplied credentials ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 02/22/2021 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Hybrid deployment +- ✅ Key trust --- # Deploying Certificates to Key Trust Users to Enable RDP -**Applies To** - -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid deployment -- Key trust - Windows Hello for Business supports using a certificate as the supplied credential when establishing a remote desktop connection to a server or other device. For certificate trust deployments, creation of this certificate occurs at container creation time. This document discusses an approach for key trust deployments where authentication certificates can be deployed to an existing key trust user. diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md index d7987dc9bc..d995550c13 100644 --- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md +++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md @@ -2,24 +2,23 @@ title: Windows Hello errors during PIN creation (Windows) description: When you set up Windows Hello in Windows 10/11, you may get an error during the Create a work PIN step. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: - M365-identity-device-management - highpri ms.topic: troubleshooting ms.localizationpriority: medium ms.date: 05/05/2018 +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 --- # Windows Hello errors during PIN creation -**Applies to** - -- Windows 10 -- Windows 11 - When you set up Windows Hello in Windows client, you may get an error during the **Create a PIN** step. This topic lists some of the error codes with recommendations for mitigating the problem. If you get an error code that is not listed here, contact Microsoft Support. ## Where is the error code? diff --git a/windows/security/identity-protection/hello-for-business/hello-event-300.md b/windows/security/identity-protection/hello-for-business/hello-event-300.md index 3e481d0f4d..8fa58bce19 100644 --- a/windows/security/identity-protection/hello-for-business/hello-event-300.md +++ b/windows/security/identity-protection/hello-for-business/hello-event-300.md @@ -1,24 +1,22 @@ --- title: Event ID 300 - Windows Hello successfully created (Windows) description: This event is created when a Windows Hello for Business is successfully created and registered with Azure Active Directory (Azure AD). -ms.reviewer: ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article ms.localizationpriority: medium ms.date: 07/27/2017 +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 --- # Event ID 300 - Windows Hello successfully created -**Applies to** - -- Windows 10 -- Windows 11 - This event is created when Windows Hello for Business is successfully created and registered with Azure Active Directory (Azure AD). Applications or services can trigger actions on this event. For example, a certificate provisioning service can listen to this event and trigger a certificate request. ## Event details diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index a0c26cb08e..0047419c51 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -8,9 +8,10 @@ metadata: ms.sitesec: library ms.pagetype: security, mobile audience: ITPro - author: GitPrakhar13 - ms.author: prsriva - manager: dansimp + author: paolomatarazzo + ms.author: paoloma + manager: aaroncz + ms.reviewer: prsriva ms.collection: - M365-identity-device-management - highpri diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md b/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md index 5dac00754e..2acbb4823a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md @@ -2,14 +2,14 @@ title: Conditional Access description: Ensure that only approved users can access your devices, applications, and services from anywhere by enabling single sign-on with Azure Active Directory. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 09/09/2019 -ms.reviewer: --- # Conditional access diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md b/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md index 445df8f5a8..489d5513cf 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md @@ -2,14 +2,14 @@ title: Dual Enrollment description: Learn how to configure Windows Hello for Business dual enrollment. Also, learn how to configure Active Directory to support Domain Administrator enrollment. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 09/09/2019 -ms.reviewer: --- # Dual Enrollment diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md index bdd56753a1..4fbe94952d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md @@ -2,22 +2,21 @@ title: Dynamic lock description: Learn how to set Dynamic lock on Windows 10 and Windows 11 devices, by configuring group policies. This feature locks a device when a Bluetooth signal falls below a set value. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 07/12/2022 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 --- # Dynamic lock -**Requirements:** - -* Windows 10, version 1703 or later - Dynamic lock enables you to configure Windows devices to automatically lock when Bluetooth paired device signal falls below the maximum Received Signal Strength Indicator (RSSI) value. This makes it more difficult for someone to gain access to your device if you step away from your PC and forget to lock it. > [!IMPORTANT] diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md index 64e72640b6..5b2df11202 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md @@ -2,9 +2,10 @@ title: Pin Reset description: Learn how Microsoft PIN reset services enable you to help users recover who have forgotten their PIN. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: - M365-identity-device-management - highpri diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md index b622e6277f..6e297b92e3 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md @@ -2,14 +2,14 @@ title: Remote Desktop description: Learn how Windows Hello for Business supports using biometrics with remote desktop ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 02/24/2021 -ms.reviewer: --- # Remote Desktop diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index 76b94b5ddb..909df0b77b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -2,22 +2,20 @@ title: How Windows Hello for Business works - Authentication description: Learn about the authentication flow for Windows Hello for Business. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 02/15/2022 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 --- # Windows Hello for Business and Authentication -**Applies to:** - -- Windows 10 -- Windows 11 - Windows Hello for Business authentication is passwordless, two-factor authentication. Authenticating with Windows Hello for Business provides a convenient sign-in experience that authenticates the user to both Azure Active Directory and Active Directory resources. Azure Active Directory-joined devices authenticate to Azure during sign-in and can optionally authenticate to Active Directory. Hybrid Azure Active Directory-joined devices authenticate to Active Directory during sign-in, and authenticate to Azure Active Directory in the background. diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md index c81ed991e1..7d93ef16b8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md @@ -2,22 +2,20 @@ title: How Windows Hello for Business works - Provisioning description: Explore the provisioning flows for Windows Hello for Business, from within a variety of environments. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 2/15/2022 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 --- # Windows Hello for Business Provisioning -**Applies to:** - -- Windows 10 -- Windows 11 - Windows Hello for Business provisioning enables a user to enroll a new, strong, two-factor credential that they can use for passwordless authentication. Provisioning experience vary based on: - How the device is joined to Azure Active Directory diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md index 1813f3e403..ff24499d85 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md @@ -2,23 +2,21 @@ title: How Windows Hello for Business works - technology and terms description: Explore technology and terms associated with Windows Hello for Business. Learn how Windows Hello for Business works. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 10/08/2018 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 --- # Technology and terms -**Applies to:** - -- Windows 10 -- Windows 11 - ## Attestation identity keys Because the endorsement certificate is unique for each device and doesn't change, the usage of it may present privacy concerns because it's theoretically possible to track a specific device. To avoid this privacy problem, Windows issues a derived attestation anchor based on the endorsement certificate. This intermediate key, which can be attested to an endorsement key, is the Attestation Identity Key (AIK) and the corresponding certificate is called the AIK certificate. This AIK certificate is issued by a Microsoft cloud service. diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md index 768b3a0e02..cb5b134268 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md @@ -2,22 +2,20 @@ title: How Windows Hello for Business works description: Learn how Windows Hello for Business works, and how it can help your users authenticate to services. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 05/05/2018 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 --- # How Windows Hello for Business works in Windows Devices -**Applies to** - -- Windows 10 -- Windows 11 - Windows Hello for Business is a modern, two-factor credential that is the more secure alternative to passwords. Whether you are cloud or on-premises, Windows Hello for Business has a deployment option for you. For cloud deployments, you can use Windows Hello for Business with Azure Active Directory-joined, Hybrid Azure Active Directory-joined, or Azure AD registered devices. Windows Hello for Business also works for domain joined devices. Watch this quick video where Pieter Wigleven gives a simple explanation of how Windows Hello for Business works and some of its supporting features. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 51f303b2ba..cb658f8704 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -2,26 +2,24 @@ title: Configure Azure AD-joined devices for On-premises Single-Sign On using Windows Hello for Business description: Before adding Azure Active Directory (Azure AD) joined devices to your existing hybrid deployment, you need to verify the existing deployment can support them. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: - M365-identity-device-management - highpri ms.topic: article localizationpriority: medium ms.date: 01/14/2021 +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Azure Active Directory-join +- ✅ Hybrid Deployment +- ✅ Key trust model --- # Configure Azure AD-joined devices for On-premises Single-Sign On using Windows Hello for Business - -**Applies to** - -- Windows 10 -- Windows 11 -- Azure Active Directory-joined -- Hybrid Deployment -- Key trust model - ## Prerequisites Before adding Azure Active Directory (Azure AD) joined devices to your existing hybrid deployment, you need to verify the existing deployment can support Azure AD-joined devices. Unlike hybrid Azure AD-joined devices, Azure AD-joined devices do not have a relationship with your Active Directory domain. This factor changes the way in which users authenticate to Active Directory. Validate the following configurations to ensure they support Azure AD-joined devices. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md index 53931e113c..3e922b467b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md @@ -2,26 +2,24 @@ title: Using Certificates for AADJ On-premises Single-sign On single sign-on description: If you want to use certificates for on-premises single-sign on for Azure Active Directory-joined devices, then follow these additional steps. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 08/19/2018 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Azure AD-join +- ✅ Hybrid Deployment +- ✅ Certificate trust model --- # Using Certificates for AADJ On-premises Single-sign On -**Applies to:** - -- Windows 10 -- Windows 11 -- Azure Active Directory-joined -- Hybrid Deployment -- Certificate trust - If you plan to use certificates for on-premises single-sign on, then follow these **additional** steps to configure the environment to enroll Windows Hello for Business certificates for Azure AD-joined devices. > [!IMPORTANT] diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md index 1acba0f5b3..0842bb52e6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md @@ -2,24 +2,20 @@ title: Azure AD Join Single Sign-on Deployment description: Learn how to provide single sign-on to your on-premises resources for Azure Active Directory-joined devices, using Windows Hello for Business. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 08/19/2018 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 --- # Azure AD Join Single Sign-on Deployment -**Applies to** - -- Windows 10 -- Windows 11 -- Azure Active Directory-joined -- Hybrid deployment - Windows Hello for Business combined with Azure Active Directory-joined devices makes it easy for users to securely access cloud-based resources using a strong, two-factor credential. Some resources may remain on-premises as enterprises transition resources to the cloud and Azure AD-joined devices may need to access these resources. With additional configurations to your current hybrid deployment, you can provide single sign-on to your on-premises resources for Azure Active Directory-joined devices using Windows Hello for Business, using a key or a certificate. ## Key vs. Certificate diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md index 546fe98a8e..1dbae77cc3 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md @@ -2,24 +2,22 @@ title: Hybrid Azure AD joined Windows Hello for Business Trust New Installation (Windows Hello for Business) description: Learn about new installations for Windows Hello for Business certificate trust and the various technologies hybrid certificate trust deployments rely on. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 4/30/2021 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Hybrid deployment +- ✅ Certificate trust --- # Hybrid Azure AD joined Windows Hello for Business Certificate Trust New Installation -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid deployment -- Certificate trust - Windows Hello for Business involves configuring distributed technologies that may or may not exist in your current infrastructure. Hybrid certificate trust deployments of Windows Hello for Business rely on these technologies - [Active Directory](#active-directory) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md index 2d15af954c..b35fa21dac 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md @@ -2,24 +2,22 @@ title: Configure Device Registration for Hybrid Azure AD joined Windows Hello for Business description: Azure Device Registration for Hybrid Certificate Trust Deployment (Windows Hello for Business) ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 4/30/2021 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Hybrid deployment +- ✅ Certificate trust --- # Configure Device Registration for Hybrid Azure AD joined Windows Hello for Business -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid deployment -- Certificate trust - Your environment is federated and you're ready to configure device registration for your hybrid environment. Hybrid Windows Hello for Business deployment needs device registration and device write-back to enable proper device authentication. > [!IMPORTANT] diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md index edba57fd05..b6d189d7c1 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md @@ -2,24 +2,22 @@ title: Hybrid Azure AD joined Windows Hello for Business Prerequisites description: Learn these prerequisites for hybrid Windows Hello for Business deployments using certificate trust. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 4/30/2021 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Hybrid deployment +- ✅ Certificate trust --- # Hybrid Azure AD joined Windows Hello for Business Prerequisites -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid deployment -- Certificate trust - Hybrid environments are distributed systems that enable organizations to use on-premises and Azure-based identities and resources. Windows Hello for Business uses the existing distributed system as a foundation on which organizations can provide two-factor authentication that provides a single sign-in like experience to modern resources. The distributed systems on which these technologies were built involved several pieces of on-premises and cloud infrastructure. High-level pieces of the infrastructure include: diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md index f9c3cf3feb..72086e9d13 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md @@ -2,24 +2,22 @@ title: Hybrid Certificate Trust Deployment (Windows Hello for Business) description: Learn the information you need to successfully deploy Windows Hello for Business in a hybrid certificate trust scenario. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 09/08/2017 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Hybrid deployment +- ✅ Certificate trust --- # Hybrid Azure AD joined Certificate Trust Deployment -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid deployment -- Certificate trust - Windows Hello for Business replaces username and password sign-in to Windows with strong user authentication based on asymmetric key pair. The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in a hybrid certificate trust scenario. It is recommended that you review the Windows Hello for Business planning guide prior to using the deployment guide. The planning guide helps you make decisions by explaining the available options with each aspect of the deployment and explains the potential outcomes based on each of these decisions. You can review the [planning guide](/windows/access-protection/hello-for-business/hello-planning-guide) and download the [planning worksheet](https://go.microsoft.com/fwlink/?linkid=852514). diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md index f6e69dad32..6721675b09 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md @@ -2,24 +2,22 @@ title: Hybrid Azure AD joined Windows Hello for Business Certificate Trust Provisioning (Windows Hello for Business) description: In this article, learn about provisioning for hybrid certificate trust deployments of Windows Hello for Business. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 4/30/2021 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Hybrid deployment +- ✅ Certificate trust --- # Hybrid Azure AD joined Windows Hello for Business Certificate Trust Provisioning -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid deployment -- Certificate trust - ## Provisioning The Windows Hello for Business provisioning begins immediately after the user has signed in, after the user profile is loaded, but before the user receives their desktop. Windows only launches the provisioning experience if all the prerequisite checks pass. You can determine the status of the prerequisite checks by viewing the **User Device Registration** in the **Event Viewer** under **Applications and Services Logs\Microsoft\Windows**. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md index f8b0c788c1..230a694361 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md @@ -2,24 +2,22 @@ title: Configure Hybrid Azure AD joined Windows Hello for Business - Active Directory (AD) description: Discussing the configuration of Active Directory (AD) in a Hybrid deployment of Windows Hello for Business ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 4/30/2021 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Hybrid deployment +- ✅ Certificate trust --- # Configure Hybrid Azure AD joined Windows Hello for Business: Active Directory -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid deployment -- Certificate trust - The key synchronization process for the hybrid deployment of Windows Hello for Business needs the Windows Server 2016 Active Directory schema. ### Creating Security Groups diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md index ed13229f6a..03989ad22c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md @@ -2,24 +2,22 @@ title: Configuring Hybrid Azure AD joined Windows Hello for Business - Active Directory Federation Services (ADFS) description: Discussing the configuration of Active Directory Federation Services (ADFS) in a Hybrid deployment of Windows Hello for Business ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 4/30/2021 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Hybrid deployment +- ✅ Certificate trust --- # Configure Hybrid Azure AD joined Windows Hello for Business: Active Directory Federation Services -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid deployment -- Certificate trust - ## Federation Services The Windows Server 2016 Active Directory Federation Server Certificate Registration Authority (AD FS RA) enrolls for an enrollment agent certificate. Once the registration authority verifies the certificate request, it signs the certificate request using its enrollment agent certificate and sends it to the certificate authority. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md index 3dea044165..7e29ef7f6a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md @@ -2,25 +2,23 @@ title: Configure Hybrid Azure AD joined Windows Hello for Business Directory Synch description: Discussing Directory Synchronization in a Hybrid deployment of Windows Hello for Business ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 4/30/2021 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Hybrid deployment +- ✅ Certificate trust --- # Configure Hybrid Azure AD joined Windows Hello for Business- Directory Synchronization -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid deployment -- Certificate Trust - ## Directory Synchronization In hybrid deployments, users register the public portion of their Windows Hello for Business credential with Azure. Azure AD Connect synchronizes the Windows Hello for Business public key to Active Directory. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md index 0a7da03055..e604fc736f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md @@ -2,25 +2,23 @@ title: Configuring Hybrid Azure AD joined Windows Hello for Business - Public Key Infrastructure (PKI) description: Discussing the configuration of the Public Key Infrastructure (PKI) in a Hybrid deployment of Windows Hello for Business ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 4/30/2021 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Hybrid deployment +- ✅ Certificate trust --- # Configure Hybrid Azure AD joined Windows Hello for Business - Public Key Infrastructure -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid Deployment -- Certificate Trust - Windows Hello for Business deployments rely on certificates. Hybrid deployments use publicly-issued server authentication certificates to validate the name of the server to which they are connecting and to encrypt the data that flows between them and the client computer. All deployments use enterprise issued certificates for domain controllers as a root of trust. Hybrid certificate trust deployments issue users with a sign-in certificate that enables them to authenticate using Windows Hello for Business credentials to non-Windows Server 2016 domain controllers. Additionally, hybrid certificate trust deployments issue certificates to registration authorities to provide defense-in-depth security when issuing user authentication certificates. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md index bba12adf27..2708e9a22c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md @@ -2,23 +2,22 @@ title: Configuring Hybrid Azure AD joined Windows Hello for Business - Group Policy description: Discussing the configuration of Group Policy in a Hybrid deployment of Windows Hello for Business ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 4/30/2021 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Hybrid deployment +- ✅ Certificate trust --- # Configure Hybrid Azure AD joined Windows Hello for Business - Group Policy -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid deployment -- Certificate trust ## Policy Configuration diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md index ec22d31a65..c0ba9ce415 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md @@ -2,24 +2,22 @@ title: Configure Hybrid Windows Hello for Business Settings (Windows Hello for Business) description: Learn how to configure Windows Hello for Business settings in hybrid certificate trust deployment. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 4/30/2021 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Hybrid deployment +- ✅ Certificate trust --- # Configure Hybrid Azure AD joined Windows Hello for Business -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid deployment -- Certificate trust - Your environment is federated and you are ready to configure your hybrid environment for Windows Hello for business using the certificate trust model. > [!IMPORTANT] > If your environment is not federated, review the [New Installation baseline](hello-hybrid-cert-new-install.md) section of this deployment document to learn how to federate your environment for your Windows Hello for Business deployment. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md index 1f4f7f1f17..e8589d8b29 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md @@ -2,22 +2,20 @@ title: Hybrid Cloud Trust Deployment (Windows Hello for Business) description: Learn the information you need to successfully deploy Windows Hello for Business in a hybrid cloud trust scenario. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 2/15/2022 -ms.reviewer: +appliesto: +- ✅ Windows 10 21H2 and later +- ✅ Windows 11 --- # Hybrid Cloud Trust Deployment (Preview) -Applies to - -- Windows 10, version 21H2 -- Windows 11 and later - Windows Hello for Business replaces username and password Windows sign-in with strong authentication using an asymmetric key pair. The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in a hybrid cloud trust scenario. ## Introduction to Cloud Trust diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md index 66a720d026..98599d9132 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md @@ -2,25 +2,22 @@ title: Windows Hello for Business Hybrid Azure AD joined Key Trust New Installation description: Learn how to configure a hybrid key trust deployment of Windows Hello for Business for systems with no previous installations. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 4/30/2021 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Hybrid deployment +- ✅ Key trust --- # Windows Hello for Business Hybrid Azure AD joined Key Trust New Installation -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid deployment -- Key trust - - Windows Hello for Business involves configuring distributed technologies that may or may not exist in your current infrastructure. Hybrid key trust deployments of Windows Hello for Business rely on these technologies - [Active Directory](#active-directory) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md index 4d064c210c..1c1867312d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md @@ -2,25 +2,23 @@ title: Configure Device Registration for Hybrid Azure AD joined key trust Windows Hello for Business description: Azure Device Registration for Hybrid Certificate Key Deployment (Windows Hello for Business) ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 05/04/2022 ms.reviewer: prsriva - +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Hybrid deployment +- ✅ Key trust --- # Configure Device Registration for Hybrid Azure AD joined key trust Windows Hello for Business -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid deployment -- Key trust - You're ready to configure device registration for your hybrid environment. Hybrid Windows Hello for Business deployment needs device registration to enable proper device authentication. > [!NOTE] diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md index 299e93c00c..d3e68887fd 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md @@ -2,24 +2,22 @@ title: Configure Directory Synchronization for Hybrid Azure AD joined key trust Windows Hello for Business description: Azure Directory Synchronization for Hybrid Certificate Key Deployment (Windows Hello for Business) ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 4/30/2021 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Hybrid deployment +- ✅ Key trust --- # Configure Directory Synchronization for Hybrid Azure AD joined key trust Windows Hello for Business -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid deployment -- Key trust - You are ready to configure directory synchronization for your hybrid environment. Hybrid Windows Hello for Business deployment needs both a cloud and an on-premises identity to authenticate and access resources in the cloud or on-premises. ## Deploy Azure AD Connect diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index 0850fae7f7..66fae5f56b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -9,17 +9,14 @@ ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 4/30/2021 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Hybrid deployment +- ✅ Key trust --- # Hybrid Azure AD joined Key trust Windows Hello for Business Prerequisites -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid deployment -- Key trust - Hybrid environments are distributed systems that enable organizations to use on-premises and Azure-based identities and resources. Windows Hello for Business uses the existing distributed system as a foundation on which organizations can provide two-factor authentication that provides a single sign-in like experience to modern resources. The distributed systems on which these technologies were built involved several pieces of on-premises and cloud infrastructure. High-level pieces of the infrastructure include: diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md index 833968247b..7a7e3f3eed 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md @@ -2,24 +2,22 @@ title: Hybrid Key Trust Deployment (Windows Hello for Business) description: Review this deployment guide to successfully deploy Windows Hello for Business in a hybrid key trust scenario. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 08/20/2018 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Hybrid deployment +- ✅ Key trust --- # Hybrid Azure AD joined Key Trust Deployment -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid deployment -- Key trust - Windows Hello for Business replaces username and password sign-in to Windows with strong user authentication based on asymmetric key pair. The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in a hybrid key trust scenario. It is recommended that you review the Windows Hello for Business planning guide prior to using the deployment guide. The planning guide helps you make decisions by explaining the available options with each aspect of the deployment and explains the potential outcomes based on each of these decisions. You can review the [planning guide](/windows/access-protection/hello-for-business/hello-planning-guide) and download the [planning worksheet](https://go.microsoft.com/fwlink/?linkid=852514). diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md index 925d6d12e8..7985f54d92 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md @@ -2,23 +2,22 @@ title: Hybrid Azure AD joined Windows Hello for Business key trust Provisioning (Windows Hello for Business) description: Learn about provisioning for hybrid key trust deployments of Windows Hello for Business and learn where to find the hybrid key trust deployment guide. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 4/30/2021 -ms.reviewer: --- # Hybrid Azure AD joined Windows Hello for Business Key Trust Provisioning +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Hybrid deployment +- ✅ Key trust -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid deployment -- Key trust ## Provisioning diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md index bbdde28351..49124b1ddf 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md @@ -2,23 +2,22 @@ title: Configuring Hybrid Azure AD joined key trust Windows Hello for Business - Active Directory (AD) description: Configuring Hybrid key trust Windows Hello for Business - Active Directory (AD) ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 4/30/2021 -ms.reviewer: --- # Configuring Hybrid Azure AD joined key trust Windows Hello for Business: Active Directory +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Hybrid deployment +- ✅ Key trust -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid deployment -- Key trust Configure the appropriate security groups to efficiently deploy Windows Hello for Business to users. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md index 0ed4142f70..1092173f9c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md @@ -2,24 +2,22 @@ title: Hybrid Azure AD joined Windows Hello for Business - Directory Synchronization description: How to configure Hybrid key trust Windows Hello for Business - Directory Synchronization ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 4/30/2021 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Hybrid deployment +- ✅ Key trust --- # Configure Hybrid Azure AD joined Windows Hello for Business: Directory Synchronization -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid deployment -- Key trust - ## Directory Synchronization In hybrid deployments, users register the public portion of their Windows Hello for Business credential with Azure. Azure AD Connect synchronizes the Windows Hello for Business public key to Active Directory. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md index 5f2d0ed289..8a9e8ee322 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md @@ -2,25 +2,22 @@ title: Configure Hybrid Azure AD joined key trust Windows Hello for Business description: Configuring Hybrid key trust Windows Hello for Business - Public Key Infrastructure (PKI) ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 04/30/2021 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Hybrid deployment +- ✅ Key trust --- - # Configure Hybrid Azure AD joined Windows Hello for Business: Public Key Infrastructure -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid Deployment -- Key trust - Windows Hello for Business deployments rely on certificates. Hybrid deployments use publicly issued server authentication certificates to validate the name of the server to which they are connecting and to encrypt the data that flows them and the client computer. All deployments use enterprise issued certificates for domain controllers as a root of trust. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md index 26b31e209b..4522c3b93d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md @@ -2,24 +2,22 @@ title: Configure Hybrid Azure AD joined Windows Hello for Business - Group Policy description: Configuring Hybrid key trust Windows Hello for Business - Group Policy ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 4/30/2021 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Hybrid deployment +- ✅ Key trust --- # Configure Hybrid Azure AD joined Windows Hello for Business: Group Policy -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid deployment -- Key trust - ## Policy Configuration You need at least a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md index 29c29de56f..ea0439b451 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md @@ -2,24 +2,22 @@ title: Configure Hybrid Azure AD joined Windows Hello for Business key trust Settings description: Begin the process of configuring your hybrid key trust environment for Windows Hello for Business. Start with your Active Directory configuration. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 4/30/2021 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ Hybrid deployment +- ✅ Key trust --- # Configure Hybrid Azure AD joined Windows Hello for Business key trust settings -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid deployment -- Key trust - You are ready to configure your hybrid Azure AD joined key trust environment for Windows Hello for Business. > [!IMPORTANT] @@ -36,10 +34,6 @@ For the most efficient deployment, configure these technologies in order beginni > [!div class="step-by-step"] > [Configure Active Directory >](hello-hybrid-key-whfb-settings-ad.md) -

- -
- ## Follow the Windows Hello for Business hybrid key trust deployment guide 1. [Overview](hello-hybrid-key-trust.md) diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md index 185768fe63..7a9e8e62b1 100644 --- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md +++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md @@ -2,9 +2,10 @@ title: Windows Hello for Business Deployment Prerequisite Overview description: Overview of all the different infrastructure requirements for Windows Hello for Business deployment models ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: - M365-identity-device-management - highpri diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md index d2c141ca3a..8761b3eaf6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md @@ -2,24 +2,22 @@ title: Prepare & Deploy Windows Active Directory Federation Services with key trust (Windows Hello for Business) description: How to Prepare and Deploy Windows Server 2016 Active Directory Federation Services for Windows Hello for Business using key trust. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 08/19/2018 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ On-premises deployment +- ✅ Key trust --- # Prepare and Deploy Windows Server 2016 Active Directory Federation Services with Key Trust -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- On-premises deployment -- Key trust - Windows Hello for Business works exclusively with the Active Directory Federation Service role included with Windows Server 2016 and requires an additional server update. The on-premises key trust deployment uses Active Directory Federation Services roles for key registration and device registration. The following guidance describes deploying a new instance of Active Directory Federation Services 2016 using the Windows Information Database as the configuration database, which is ideal for environments with no more than 30 federation servers and no more than 100 relying party trusts. diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md index 5baf31a055..b954e4d073 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md @@ -2,25 +2,22 @@ title: Configure Windows Hello for Business Policy settings - key trust description: Configure Windows Hello for Business Policy settings for Windows Hello for Business ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 08/19/2018 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ On-premises deployment +- ✅ Key trust --- # Configure Windows Hello for Business Policy settings - Key Trust -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- On-premises deployment -- Key trust - - You need at least a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520). Install the Remote Server Administration Tools for Windows on a computer running Windows 10, version 1703 or later. diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md index c8227d9536..64195a8b82 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md @@ -2,24 +2,22 @@ title: Key registration for on-premises deployment of Windows Hello for Business description: How to Validate Active Directory prerequisites for Windows Hello for Business when deploying with the key trust model. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 08/19/2018 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ On-premises deployment +- ✅ Key trust --- # Validate Active Directory prerequisites - Key Trust -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- On-premises deployment -- Key trust - Key trust deployments need an adequate number of 2016 or later domain controllers to ensure successful user authentication with Windows Hello for Business. To learn more about domain controller planning for key trust deployments, read the [Windows Hello for Business planning guide](hello-planning-guide.md), the [Planning an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) section. > [!NOTE] diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md index 968ae0d5b0..81e0df5016 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md @@ -2,27 +2,25 @@ title: Validate and Deploy MFA for Windows Hello for Business with key trust description: How to Validate and Deploy Multifactor Authentication (MFA) Services for Windows Hello for Business with key trust ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 08/19/2018 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ On-premises deployment +- ✅ Key trust --- # Validate and Deploy Multifactor Authentication (MFA) > [!IMPORTANT] > As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multifactor authentication from their users should use cloud-based Azure AD Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1 will be able to download the latest version, future updates and generate activation credentials as usual. -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- On-premises deployment -- Key trust - Windows Hello for Business requires all users perform multi-factor authentication prior to creating and registering a Windows Hello for Business credential. On-premises deployments can use certificates, third-party authentication providers for AD FS, or a custom authentication provider for AD FS as an on-premises MFA option. For information on available third-party authentication methods see [Configure Additional Authentication Methods for AD FS](/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs). For creating a custom authentication method see [Build a Custom Authentication Method for AD FS in Windows Server](/windows-server/identity/ad-fs/development/ad-fs-build-custom-auth-method) diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md index 809720fdba..d12ad32ade 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md @@ -2,25 +2,22 @@ title: Validate Public Key Infrastructure - key trust model (Windows Hello for Business) description: How to Validate Public Key Infrastructure for Windows Hello for Business, under a key trust model. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 08/19/2018 -ms.reviewer: +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 +- ✅ On-premises deployment +- ✅ Key trust --- - # Validate and Configure Public Key Infrastructure - Key Trust -**Applies to** - -- Windows 10, version 1703 or later -- Windows 11 -- On-premises deployment -- Key trust - Windows Hello for Business must have a public key infrastructure regardless of the deployment or trust model. All trust models depend on the domain controllers having a certificate. The certificate serves as a root of trust for clients to ensure they are not communicating with a rogue domain controller. ## Deploy an enterprise certificate authority diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md index deba83abae..7127970af5 100644 --- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md +++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md @@ -2,24 +2,23 @@ title: Manage Windows Hello in your organization (Windows) description: You can create a Group Policy or mobile device management (MDM) policy that will implement Windows Hello for Business on devices running Windows 10. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: - M365-identity-device-management - highpri ms.topic: article ms.localizationpriority: medium ms.date: 2/15/2022 +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 --- # Manage Windows Hello for Business in your organization -**Applies to** - -- Windows 10 -- Windows 11 - You can create a Group Policy or mobile device management (MDM) policy that will implement Windows Hello on devices running Windows 10. >[!IMPORTANT] diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md index 37a81d4995..3199b2ae91 100644 --- a/windows/security/identity-protection/hello-for-business/hello-overview.md +++ b/windows/security/identity-protection/hello-for-business/hello-overview.md @@ -3,23 +3,21 @@ title: Windows Hello for Business Overview (Windows) ms.reviewer: An overview of Windows Hello for Business description: Learn how Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices in Windows 10 and Windows 11. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: - M365-identity-device-management - highpri ms.topic: conceptual localizationpriority: medium +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 --- - # Windows Hello for Business Overview -**Applies to** - -- Windows 10 -- Windows 11 - In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN. >[!NOTE] diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index 3212485067..c1dc768999 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -2,23 +2,22 @@ title: Planning a Windows Hello for Business Deployment description: Learn about the role of each component within Windows Hello for Business and how certain deployment decisions affect other aspects of your infrastructure. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: - M365-identity-device-management - highpri ms.topic: article localizationpriority: conceptual ms.date: 09/16/2020 +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 --- # Planning a Windows Hello for Business Deployment -**Applies to** - -- Windows 10 -- Windows 11 - Congratulations! You are taking the first step forward in helping move your organizations away from password to a two-factor, convenience authentication for Windows — Windows Hello for Business. This planning guide helps you understand the different topologies, architectures, and components that encompass a Windows Hello for Business infrastructure. This guide explains the role of each component within Windows Hello for Business and how certain deployment decisions affect other aspects of the infrastructure. Armed with your planning worksheet, you'll use that information to select the correct deployment guide for your needs. diff --git a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md index 6b57daee9c..dd469ded49 100644 --- a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md +++ b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md @@ -3,22 +3,20 @@ title: Prepare people to use Windows Hello (Windows) description: When you set a policy to require Windows Hello for Business in the workplace, you will want to prepare people in your organization. ms.reviewer: ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 08/19/2018 +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 --- - # Prepare people to use Windows Hello -**Applies to** - -- Windows 10 -- Windows 11 - When you set a policy to require Windows Hello for Business in the workplace, you will want to prepare people in your organization by explaining how to use Hello. After enrollment in Hello, users should use their gesture (such as a PIN or fingerprint) for access to corporate resources. Their gesture is only valid on the enrolled device. diff --git a/windows/security/identity-protection/hello-for-business/hello-videos.md b/windows/security/identity-protection/hello-for-business/hello-videos.md index 05c92d9ba2..139a74ae31 100644 --- a/windows/security/identity-protection/hello-for-business/hello-videos.md +++ b/windows/security/identity-protection/hello-for-business/hello-videos.md @@ -2,22 +2,20 @@ title: Windows Hello for Business Videos description: View several informative videos describing features and experiences in Windows Hello for Business in Windows 10 and Windows 11. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 07/26/2022 ms.reviewer: paoloma +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 --- # Windows Hello for Business Videos - -**Applies to** - -- Windows 10 -- Windows 11 - ## Overview of Windows Hello for Business and Features Watch Pieter Wigleven explain Windows Hello for Business, Multi-factor Unlock, and Dynamic Lock diff --git a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md index ef30d59ed1..887d2893eb 100644 --- a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md +++ b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md @@ -2,24 +2,22 @@ title: Why a PIN is better than an online password (Windows) description: Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) an online password . ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: - M365-identity-device-management - highpri ms.topic: article ms.localizationpriority: medium ms.date: 10/23/2017 +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 --- - # Why a PIN is better than an online password -**Applies to** - -- Windows 10 -- Windows 11 - Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) a local password? On the surface, a PIN looks much like a password. A PIN can be a set of numbers, but enterprise policy might allow complex PINs that include special characters and letters, both upper-case and lower-case. Something like **t758A!** could be an account password or a complex Hello PIN. It isn't the structure of a PIN (length, complexity) that makes it better than an online password, it's how it works. First we need to distinguish between two types of passwords: `local` passwords are validated against the machine's password store, whereas `online` passwords are validated against a server. This article mostly covers the benefits a PIN has over an online password, and also why it can be considered even better than a local password. diff --git a/windows/security/identity-protection/hello-for-business/index.yml b/windows/security/identity-protection/hello-for-business/index.yml index 62c038bd6b..bdd841ab2c 100644 --- a/windows/security/identity-protection/hello-for-business/index.yml +++ b/windows/security/identity-protection/hello-for-business/index.yml @@ -8,9 +8,10 @@ metadata: description: Learn how to manage and deploy Windows Hello for Business. ms.prod: m365-security ms.topic: landing-page - author: GitPrakhar13 - manager: dansimp - ms.author: prsriva + author: paolomatarazzo + ms.author: paoloma + manager: aaroncz + ms.reviewer: prsriva ms.date: 01/22/2021 ms.collection: - M365-identity-device-management diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md index 75645f288d..2d0f9aed02 100644 --- a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md +++ b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md @@ -2,14 +2,14 @@ title: Microsoft-compatible security key description: Learn how a Microsoft-compatible security key for Windows is different (and better) than any other FIDO2 security key. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 11/14/2018 -ms.reviewer: --- # What is a Microsoft-compatible security key? diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 74765dffac..333d6270a0 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -2,10 +2,10 @@ title: Password-less strategy description: Learn about the password-less strategy and how Windows Hello for Business implements this strategy in Windows 10 and Windows 11. ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp -ms.reviewer: +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: conceptual localizationpriority: medium diff --git a/windows/security/identity-protection/hello-for-business/reset-security-key.md b/windows/security/identity-protection/hello-for-business/reset-security-key.md index e2f9b9e978..3818cf29e6 100644 --- a/windows/security/identity-protection/hello-for-business/reset-security-key.md +++ b/windows/security/identity-protection/hello-for-business/reset-security-key.md @@ -2,14 +2,14 @@ title: Reset-security-key description: Windows 10 and Windows 11 enables users to sign in to their device using a security key. How to reset a security key ms.prod: m365-security -author: GitPrakhar13 -ms.author: prsriva -manager: dansimp +author: paolomatarazzo +ms.author: paoloma +manager: aaroncz +ms.reviewer: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 11/14/2018 -ms.reviewer: --- # How to reset a Microsoft-compatible security key? > [!Warning] diff --git a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md index 29e42655ab..b703e6ea15 100644 --- a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md @@ -9,14 +9,12 @@ ms.date: 10/16/2017 ms.reviewer: manager: dansimp ms.topic: article +appliesto: +- ✅ Windows 10 +- ✅ Windows 11 --- # How Windows Hello for Business works in Windows devices -**Applies to** - -- Windows 10 -- Windows 11 - Windows Hello for Business requires a registered device. When the device is set up, its user can use the device to authenticate to services. This topic explains how device registration works, what happens when a user requests authentication, how key material is stored and processed, and which servers and infrastructure components are involved in different parts of this process. ## Register a new user or device