deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #10797 from paolomatarazzo/pm-20250422-whfb

Browse Source 
[WHFB] Notes updates
This commit is contained in:
Aditi Srivastava 2025-04-22 12:15:02 +05:30 committed by GitHub
commit 6d910a6736
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
windows/security/identity-protection/hello-for-business/includes/expiration.md
View File

@ -17,4 +17,10 @@ The default value is 0.
| **GPO** | **Computer Configuration** > **Administrative Templates** > **System** > **PIN Complexity**| | **GPO** | **Computer Configuration** > **Administrative Templates** > **System** > **PIN Complexity**|
> [!NOTE] > [!NOTE]
> Starting with Windows 11, version 24H2, Windows Hello is further hardened by default to use Virtualization-based security (VBS) to isolate credentials. This enhancement is automatically applied on devices that support VBS and have it enabled. However, it's important to note that PIN expiration is not supported on such devices. This change aims to enhance security by ensuring that credentials are protected in a more secure environment. > Starting with Windows 11, version 23H2, Windows Hello uses Virtualization-based security (VBS) to isolate credentials on devices that support [Enhanced Security Settings (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security).
>
> Starting with Windows 11, version 24H2, Windows Hello uses VBS to isolate credentials on all devices that have VBS enabled.
>
> On such devices, PIN expiration is not supported.

6
windows/security/identity-protection/hello-for-business/includes/history.md
View File

@ -20,4 +20,8 @@ The default value is 0.
| **GPO** | **Computer Configuration** > **Administrative Templates** > **System** > **PIN Complexity** | | **GPO** | **Computer Configuration** > **Administrative Templates** > **System** > **PIN Complexity** |
> [!NOTE] > [!NOTE]
> Starting with Windows 11, version 24H2, Windows Hello is further hardened by default to use Virtualization-based security (VBS) to isolate credentials. This enhancement is automatically applied on devices that support VBS and have it enabled. However, it's important to note that PIN history is not supported on such devices. This change aims to enhance security by ensuring that credentials are protected in a more secure environment. > Starting with Windows 11, version 23H2, Windows Hello uses Virtualization-based security (VBS) to isolate credentials on devices that support [Enhanced Security Settings (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security).
>
> Starting with Windows 11, version 24H2, Windows Hello uses VBS to isolate credentials on all devices that have VBS enabled.
>
> On such devices, PIN history is not supported.