From 88f157297970f6004c870284c23e792ca4ab0d31 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 15 Dec 2023 08:05:24 -0500 Subject: [PATCH] moved deployment guidesto subfolder --- .../hybrid-cert-trust-validate-pki.md} | 2 +- .../hybrid-cert-trust.md} | 2 +- .../hybrid-cert-whfb-provision.md} | 2 +- .../hybrid-cert-whfb-settings-adfs.md} | 2 +- .../on-premises-cert-trust-adfs.md} | 2 +- ...on-premises-cert-trust-policy-settings.md} | 2 +- ...remises-cert-trust-validate-deploy-mfa.md} | 2 +- .../on-premises-cert-trust-validate-pki.md} | 2 +- .../on-premises-cert-trust.md} | 2 +- .../hello-for-business/deploy/toc.yml | 81 ++++++++++++++++++ .../hello-for-business/toc.yml | 82 +------------------ 11 files changed, 91 insertions(+), 90 deletions(-) rename windows/security/identity-protection/hello-for-business/{hello-hybrid-cert-trust-validate-pki.md => deploy/hybrid-cert-trust-validate-pki.md} (98%) rename windows/security/identity-protection/hello-for-business/{hello-hybrid-cert-trust.md => deploy/hybrid-cert-trust.md} (99%) rename windows/security/identity-protection/hello-for-business/{hello-hybrid-cert-whfb-provision.md => deploy/hybrid-cert-whfb-provision.md} (99%) rename windows/security/identity-protection/hello-for-business/{hello-hybrid-cert-whfb-settings-adfs.md => deploy/hybrid-cert-whfb-settings-adfs.md} (98%) rename windows/security/identity-protection/hello-for-business/{hello-cert-trust-adfs.md => deploy/on-premises-cert-trust-adfs.md} (99%) rename windows/security/identity-protection/hello-for-business/{hello-cert-trust-policy-settings.md => deploy/on-premises-cert-trust-policy-settings.md} (98%) rename windows/security/identity-protection/hello-for-business/{hello-cert-trust-validate-deploy-mfa.md => deploy/on-premises-cert-trust-validate-deploy-mfa.md} (96%) rename windows/security/identity-protection/hello-for-business/{hello-cert-trust-validate-pki.md => deploy/on-premises-cert-trust-validate-pki.md} (96%) rename windows/security/identity-protection/hello-for-business/{hello-deployment-cert-trust.md => deploy/on-premises-cert-trust.md} (96%) create mode 100644 windows/security/identity-protection/hello-for-business/deploy/toc.yml diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-validate-pki.md similarity index 98% rename from windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-validate-pki.md rename to windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-validate-pki.md index 5c1373aff0..57aa1f1dce 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-validate-pki.md @@ -12,7 +12,7 @@ ms.topic: tutorial --- # Configure and validate the Public Key Infrastructure - hybrid certificate trust -[!INCLUDE [hello-hybrid-cert-trust](./includes/hello-hybrid-cert-trust.md)] +[!INCLUDE [hello-hybrid-cert-trust](../includes/hello-hybrid-cert-trust.md)] Windows Hello for Business must have a Public Key Infrastructure (PKI) when using the *key trust* or *certificate trust* models. The domain controllers must have a certificate, which serves as a *root of trust* for clients. The certificate ensures that clients don't communicate with rogue domain controllers. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust.md similarity index 99% rename from windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md rename to windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust.md index bd31955a65..a31d5d91dd 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md +++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust.md @@ -13,7 +13,7 @@ ms.topic: how-to # Hybrid certificate trust deployment -[!INCLUDE [hello-hybrid-cert-trust](./includes/hello-hybrid-cert-trust.md)] +[!INCLUDE [hello-hybrid-cert-trust](../includes/hello-hybrid-cert-trust.md)] Hybrid environments are distributed systems that enable organizations to use on-premises and Microsoft Entra protected resources. Windows Hello for Business uses the existing distributed system as a foundation on which organizations can provide two-factor authentication and single sign-on to modern resources. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-whfb-provision.md similarity index 99% rename from windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md rename to windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-whfb-provision.md index c9c9503992..50a832f0b2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-whfb-provision.md @@ -7,7 +7,7 @@ ms.topic: tutorial # Configure and provision Windows Hello for Business - hybrid certificate trust -[!INCLUDE [hello-hybrid-certificate-trust](./includes/hello-hybrid-cert-trust.md)] +[!INCLUDE [hello-hybrid-certificate-trust](../includes/hello-hybrid-cert-trust.md)] ## Policy Configuration diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-whfb-settings-adfs.md similarity index 98% rename from windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md rename to windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-whfb-settings-adfs.md index 03183dda2d..71c720474a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md +++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-whfb-settings-adfs.md @@ -13,7 +13,7 @@ ms.topic: tutorial # Configure Active Directory Federation Services - hybrid certificate trust -[!INCLUDE [hello-hybrid-key-trust](./includes/hello-hybrid-cert-trust.md)] +[!INCLUDE [hello-hybrid-key-trust](../includes/hello-hybrid-cert-trust.md)] The Windows Hello for Business certificate-based deployments use AD FS as the certificate registration authority (CRA). The CRA is responsible for issuing and revoking certificates to users. Once the registration authority verifies the certificate request, it signs the certificate request using its enrollment agent certificate and sends it to the certificate authority.\ diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-adfs.md similarity index 99% rename from windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md rename to windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-adfs.md index 4a9f5f7e9c..c4bfcddb01 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-adfs.md @@ -12,7 +12,7 @@ ms.topic: tutorial --- # Prepare and deploy Active Directory Federation Services - on-premises certificate trust -[!INCLUDE [hello-on-premises-cert-trust](./includes/hello-on-premises-cert-trust.md)] +[!INCLUDE [hello-on-premises-cert-trust](../includes/hello-on-premises-cert-trust.md)] Windows Hello for Business works exclusively with the Active Directory Federation Service (AD FS) role included with Windows Server. The on-premises certificate trust deployment model uses AD FS for *certificate enrollment* and *device registration*. diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-policy-settings.md similarity index 98% rename from windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md rename to windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-policy-settings.md index 7488f93b1a..4af7c0fb02 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-policy-settings.md @@ -6,7 +6,7 @@ ms.topic: tutorial --- # Configure Windows Hello for Business group policy settings - on-premises certificate Trust -[!INCLUDE [hello-on-premises-cert-trust](./includes/hello-on-premises-cert-trust.md)] +[!INCLUDE [hello-on-premises-cert-trust](../includes/hello-on-premises-cert-trust.md)] On-premises certificate-based deployments of Windows Hello for Business need three Group Policy settings: diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-validate-deploy-mfa.md similarity index 96% rename from windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md rename to windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-validate-deploy-mfa.md index 9c22949b67..2c78ab59af 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-validate-deploy-mfa.md @@ -13,7 +13,7 @@ ms.topic: tutorial # Validate and deploy multifactor authentication - on-premises certificate trust -[!INCLUDE [hello-on-premises-cert-trust](./includes/hello-on-premises-cert-trust.md)] +[!INCLUDE [hello-on-premises-cert-trust](../includes/hello-on-premises-cert-trust.md)] Windows Hello for Business requires users perform multifactor authentication (MFA) prior to enroll in the service. On-premises deployments can use, as MFA option: diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-validate-pki.md similarity index 96% rename from windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md rename to windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-validate-pki.md index 2b4e0e988c..bd85228ca6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-validate-pki.md @@ -13,7 +13,7 @@ ms.topic: tutorial # Configure and validate the Public Key Infrastructure - on-premises certificate trust -[!INCLUDE [hello-on-premises-cert-trust](./includes/hello-on-premises-cert-trust.md)] +[!INCLUDE [hello-on-premises-cert-trust](../includes/hello-on-premises-cert-trust.md)] Windows Hello for Business must have a Public Key Infrastructure (PKI) when using the *key trust* or *certificate trust* models. The domain controllers must have a certificate, which serves as a root of trust for clients. The certificate ensures that clients don't communicate with rogue domain controllers. The certificate trust model extends certificate issuance to client computers. During Windows Hello for Business provisioning, the user receives a sign-in certificate. diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust.md similarity index 96% rename from windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md rename to windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust.md index 6e3a9ccc04..717f2b0613 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md +++ b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust.md @@ -12,7 +12,7 @@ ms.topic: tutorial --- # Deployment guide overview - on-premises certificate trust -[!INCLUDE [hello-on-premises-cert-trust](./includes/hello-on-premises-cert-trust.md)] +[!INCLUDE [hello-on-premises-cert-trust](../includes/hello-on-premises-cert-trust.md)] Windows Hello for Business replaces username and password authentication to Windows with an asymmetric key pair. This deployment guide provides the information to deploy Windows Hello for Business in an on-premises environment. diff --git a/windows/security/identity-protection/hello-for-business/deploy/toc.yml b/windows/security/identity-protection/hello-for-business/deploy/toc.yml new file mode 100644 index 0000000000..9aade4c28a --- /dev/null +++ b/windows/security/identity-protection/hello-for-business/deploy/toc.yml @@ -0,0 +1,81 @@ +items: +- name: Deployment guides + items: + - name: Windows Hello for Business deployment overview + href: ../hello-deployment-guide.md + - name: Planning a Windows Hello for Business deployment + href: ../hello-planning-guide.md + - name: Deployment prerequisite overview + href: ../hello-identity-verification.md + - name: Cloud-only deployment + href: ../hello-aad-join-cloud-only-deploy.md + - name: Hybrid deployments + items: + - name: Cloud Kerberos trust deployment + items: + - name: Overview + href: ../hello-hybrid-cloud-kerberos-trust.md + displayName: cloud Kerberos trust + - name: Configure and provision Windows Hello for Business + href: ../hello-hybrid-cloud-kerberos-trust-provision.md + displayName: cloud Kerberos trust + - name: Key trust deployment + items: + - name: Overview + href: ../hello-hybrid-key-trust.md + displayName: key trust + - name: Configure and validate the PKI + href: ../hello-hybrid-key-trust-validate-pki.md + displayName: key trust + - name: Configure and provision Windows Hello for Business + href: ../hello-hybrid-key-trust-provision.md + displayName: key trust + - name: Configure SSO for Microsoft Entra joined devices + href: ../hello-hybrid-aadj-sso.md + displayName: key trust + - name: Certificate trust deployment + items: + - name: Overview + href: hybrid-cert-trust.md + displayName: certificate trust + - name: Configure and validate the PKI + href: hybrid-cert-trust-validate-pki.md + displayName: certificate trust + - name: Configure AD FS + href: hybrid-cert-whfb-settings-adfs.md + displayName: certificate trust + - name: Configure and provision Windows Hello for Business + href: hybrid-cert-whfb-provision.md + displayName: certificate trust + - name: Configure SSO for Microsoft Entra joined devices + href: ../hello-hybrid-aadj-sso.md + displayName: certificate trust + - name: Deploy certificates to Microsoft Entra joined devices + href: hello-hybrid-aadj-sso-cert.md + displayName: certificate trust + - name: On-premises deployments + items: + - name: Key trust deployment + items: + - name: Overview + href: ../hello-deployment-key-trust.md + - name: Configure and validate the PKI + href: ../hello-key-trust-validate-pki.md + - name: Prepare and deploy Active Directory Federation Services (AD FS) + href: ../hello-key-trust-adfs.md + - name: Validate and deploy multi-factor authentication (MFA) services + href: ../hello-key-trust-validate-deploy-mfa.md + - name: Configure Windows Hello for Business policy settings + href: ../hello-key-trust-policy-settings.md + - name: Certificate trust deployment + items: + - name: Overview + href: on-premises-cert-trust.md + - name: Configure and validate Public Key Infrastructure (PKI) + href: on-premises-cert-trust-validate-pki.md + - name: Prepare and Deploy Active Directory Federation Services (AD FS) + href: on-premises-cert-trust-adfs.md + - name: Validate and deploy multi-factor authentication (MFA) services + href: on-premises-cert-trust-validate-deploy-mfa.md + - name: Configure Windows Hello for Business policy settings + href: on-premises-cert-trust-policy-settings.md diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml index aabdeffe0d..40b101f937 100644 --- a/windows/security/identity-protection/hello-for-business/toc.yml +++ b/windows/security/identity-protection/hello-for-business/toc.yml @@ -11,87 +11,7 @@ items: - name: How Windows Hello for Business works href: hello-how-it-works.md - name: Deployment guides - items: - - name: Windows Hello for Business deployment overview - href: hello-deployment-guide.md - - name: Planning a Windows Hello for Business deployment - href: hello-planning-guide.md - - name: Deployment prerequisite overview - href: hello-identity-verification.md - - name: Cloud-only deployment - href: hello-aad-join-cloud-only-deploy.md - - name: Hybrid deployments - items: - - name: Cloud Kerberos trust deployment - items: - - name: Overview - href: hello-hybrid-cloud-kerberos-trust.md - displayName: cloud Kerberos trust - - name: Configure and provision Windows Hello for Business - href: hello-hybrid-cloud-kerberos-trust-provision.md - displayName: cloud Kerberos trust - - name: Key trust deployment - items: - - name: Overview - href: hello-hybrid-key-trust.md - displayName: key trust - - name: Configure and validate the PKI - href: hello-hybrid-key-trust-validate-pki.md - displayName: key trust - - name: Configure and provision Windows Hello for Business - href: hello-hybrid-key-trust-provision.md - displayName: key trust - - name: Configure SSO for Microsoft Entra joined devices - href: hello-hybrid-aadj-sso.md - displayName: key trust - - name: Certificate trust deployment - items: - - name: Overview - href: hello-hybrid-cert-trust.md - displayName: certificate trust - - name: Configure and validate the PKI - href: hello-hybrid-cert-trust-validate-pki.md - displayName: certificate trust - - name: Configure AD FS - href: hello-hybrid-cert-whfb-settings-adfs.md - displayName: certificate trust - - name: Configure and provision Windows Hello for Business - href: hello-hybrid-cert-whfb-provision.md - displayName: certificate trust - - name: Configure SSO for Microsoft Entra joined devices - href: hello-hybrid-aadj-sso.md - displayName: certificate trust - - name: Deploy certificates to Microsoft Entra joined devices - href: hello-hybrid-aadj-sso-cert.md - displayName: certificate trust - - name: On-premises deployments - items: - - name: Key trust deployment - items: - - name: Overview - href: hello-deployment-key-trust.md - - name: Configure and validate the PKI - href: hello-key-trust-validate-pki.md - - name: Prepare and deploy Active Directory Federation Services (AD FS) - href: hello-key-trust-adfs.md - - name: Validate and deploy multi-factor authentication (MFA) services - href: hello-key-trust-validate-deploy-mfa.md - - name: Configure Windows Hello for Business policy settings - href: hello-key-trust-policy-settings.md - - name: Certificate trust deployment - items: - - name: Overview - href: hello-deployment-cert-trust.md - - name: Validate Active Directory prerequisites - href: hello-cert-trust-validate-ad-prereq.md - - name: Configure and validate Public Key Infrastructure (PKI) - href: hello-cert-trust-validate-pki.md - - name: Prepare and Deploy Active Directory Federation Services (AD FS) - href: hello-cert-trust-adfs.md - - name: Validate and deploy multi-factor authentication (MFA) services - href: hello-cert-trust-validate-deploy-mfa.md - - name: Configure Windows Hello for Business policy settings - href: hello-cert-trust-policy-settings.md + href: deploy/toc.yml - name: How-to Guides items: - name: Prepare people to use Windows Hello