From 93e4791fdb3a37c3102d3b0b92ac0f8c44af0b0b Mon Sep 17 00:00:00 2001 From: Matthew Palko Date: Tue, 22 Feb 2022 10:21:11 -0800 Subject: [PATCH] fixing ms.author --- .../hello-for-business/WebAuthnAPIs.md | 2 +- .../feature-multifactor-unlock.md | 2 +- .../hello-aad-join-cloud-only-deploy.md | 2 +- .../hello-adequate-domain-controllers.md | 2 +- .../hello-and-password-changes.md | 2 +- .../hello-biometrics-in-enterprise.md | 2 +- .../hello-cert-trust-adfs.md | 2 +- .../hello-cert-trust-validate-ad-prereq.md | 2 +- .../hello-cert-trust-validate-deploy-mfa.md | 2 +- .../hello-cert-trust-validate-pki.md | 2 +- .../hello-deployment-cert-trust.md | 12 ++--- .../hello-deployment-guide.md | 2 +- .../hello-deployment-issues.md | 2 +- .../hello-deployment-key-trust.md | 2 +- .../hello-deployment-rdp-certs.md | 2 +- .../hello-errors-during-pin-creation.md | 2 +- .../hello-for-business/hello-event-300.md | 3 +- .../hello-for-business/hello-faq.yml | 2 +- .../hello-feature-conditional-access.md | 18 ++++---- .../hello-feature-dynamic-lock.md | 2 +- .../hello-feature-pin-reset.md | 2 +- .../hello-feature-remote-desktop.md | 2 +- .../hello-how-it-works-authentication.md | 2 +- .../hello-how-it-works-provisioning.md | 2 +- .../hello-how-it-works-technology.md | 3 +- .../hello-for-business/hello-how-it-works.md | 2 +- .../hello-hybrid-aadj-sso-base.md | 2 +- .../hello-hybrid-aadj-sso-cert.md | 2 +- .../hello-hybrid-aadj-sso.md | 2 +- .../hello-hybrid-cert-new-install.md | 2 +- .../hello-hybrid-cert-trust-devreg.md | 2 +- .../hello-hybrid-cert-trust-prereqs.md | 45 ++++++++++++------- .../hello-hybrid-cert-trust.md | 2 +- .../hello-hybrid-cert-whfb-provision.md | 2 +- .../hello-hybrid-cert-whfb-settings-ad.md | 12 ++--- .../hello-hybrid-cert-whfb-settings-adfs.md | 4 +- ...ello-hybrid-cert-whfb-settings-dir-sync.md | 2 +- .../hello-hybrid-cert-whfb-settings-pki.md | 2 +- .../hello-hybrid-cert-whfb-settings-policy.md | 2 +- .../hello-hybrid-cert-whfb-settings.md | 2 +- .../hello-hybrid-cloud-trust.md | 4 +- .../hello-hybrid-key-new-install.md | 2 +- .../hello-hybrid-key-trust-devreg.md | 2 +- .../hello-hybrid-key-trust-dirsync.md | 19 ++++---- .../hello-hybrid-key-trust-prereqs.md | 2 +- .../hello-hybrid-key-trust.md | 4 +- .../hello-hybrid-key-whfb-provision.md | 26 ++++++----- .../hello-hybrid-key-whfb-settings-ad.md | 2 +- ...hello-hybrid-key-whfb-settings-dir-sync.md | 2 +- .../hello-hybrid-key-whfb-settings-pki.md | 4 +- .../hello-hybrid-key-whfb-settings-policy.md | 12 ++--- .../hello-hybrid-key-whfb-settings.md | 14 +++--- .../hello-identity-verification.md | 2 +- .../hello-key-trust-adfs.md | 2 +- .../hello-key-trust-policy-settings.md | 2 +- .../hello-key-trust-validate-ad-prereq.md | 4 +- .../hello-key-trust-validate-deploy-mfa.md | 3 +- .../hello-key-trust-validate-pki.md | 25 +++++------ .../hello-manage-in-organization.md | 2 +- .../hello-for-business/hello-overview.md | 5 +-- .../hello-planning-guide.md | 2 +- .../hello-prepare-people-to-use.md | 2 +- .../hello-for-business/hello-videos.md | 2 +- .../hello-why-pin-is-better-than-password.md | 2 +- .../hello-for-business/index.yml | 2 +- .../microsoft-compatible-security-key.md | 7 +-- .../passwordless-strategy.md | 2 +- .../hello-for-business/reset-security-key.md | 2 +- 68 files changed, 171 insertions(+), 151 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md index d71ef1fd5a..9b8365686e 100644 --- a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md +++ b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md @@ -7,7 +7,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md index f0e6aca970..1cc41effde 100644 --- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md +++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md index dbcde35a83..9afeccfdbd 100644 --- a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md +++ b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md index 2bc957ad18..fae8060193 100644 --- a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md +++ b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md b/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md index ad4155307d..ce4fee62d1 100644 --- a/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md +++ b/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.pagetype: security audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md index b78321c716..fb5244ee95 100644 --- a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md +++ b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.pagetype: security audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: - M365-identity-device-management diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md index 15327a70a2..c9023f3eab 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md index 0641e2b351..53a69d9ca8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md index 5db3d2ab93..d666ddb619 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md index 4f2c2c7bb1..1972c3d210 100644 --- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md index 58b48a30c5..429e5794e7 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article @@ -19,15 +19,17 @@ ms.reviewer: # On Premises Certificate Trust Deployment **Applies to** -- Windows 10, version 1703 or later -- Windows 11 -- On-premises deployment -- Certificate trust + +- Windows 10, version 1703 or later +- Windows 11 +- On-premises deployment +- Certificate trust Windows Hello for Business replaces username and password sign-in to Windows with strong user authentication based on asymmetric key pair. The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in an existing environment. Below, you can find all the information you will need to deploy Windows Hello for Business in a Certificate Trust Model in your on-premises environment: + 1. [Validate Active Directory prerequisites](hello-cert-trust-validate-ad-prereq.md) 2. [Validate and Configure Public Key Infrastructure](hello-cert-trust-validate-pki.md) 3. [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-cert-trust-adfs.md) diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md index 2f607d99e9..1a167b69c6 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: - M365-identity-device-management diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md index b967f71d50..16f8e33766 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md index 217e151cb2..0798dee5a2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md index 6174bf55f1..741371c28d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md index 10321d22a4..72148e773a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md +++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.pagetype: security audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: - M365-identity-device-management diff --git a/windows/security/identity-protection/hello-for-business/hello-event-300.md b/windows/security/identity-protection/hello-for-business/hello-event-300.md index be7eb5e14a..c5e10be931 100644 --- a/windows/security/identity-protection/hello-for-business/hello-event-300.md +++ b/windows/security/identity-protection/hello-for-business/hello-event-300.md @@ -10,7 +10,7 @@ ms.sitesec: library ms.pagetype: security audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article @@ -25,7 +25,6 @@ ms.date: 07/27/2017 - Windows 10 - Windows 11 - This event is created when Windows Hello for Business is successfully created and registered with Azure Active Directory (Azure AD). Applications or services can trigger actions on this event. For example, a certificate provisioning service can listen to this event and trigger a certificate request. ## Event details diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml index 75863201f5..cee2090f74 100644 --- a/windows/security/identity-protection/hello-for-business/hello-faq.yml +++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml @@ -9,7 +9,7 @@ metadata: ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 - ms.author: GitPrakhar13 + ms.author: prsriva manager: dansimp ms.collection: - M365-identity-device-management diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md b/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md index 59dc0697ba..c48d64dc42 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article @@ -38,11 +38,11 @@ Read [Conditional access in Azure Active Directory](/azure/active-directory/acti ## Related topics -* [Windows Hello for Business](hello-identity-verification.md) -* [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md) -* [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md) -* [Prepare people to use Windows Hello](hello-prepare-people-to-use.md) -* [Windows Hello and password changes](hello-and-password-changes.md) -* [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md) -* [Event ID 300 - Windows Hello successfully created](hello-event-300.md) -* [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md) \ No newline at end of file +- [Windows Hello for Business](hello-identity-verification.md) +- [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md) +- [Why a PIN is better than a password](hello-why-pin-is-better-than-password.md) +- [Prepare people to use Windows Hello](hello-prepare-people-to-use.md) +- [Windows Hello and password changes](hello-and-password-changes.md) +- [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md) +- [Event ID 300 - Windows Hello successfully created](hello-event-300.md) +- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md) diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md index 9721fe35b0..7d4e7d36ed 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md index 987a36d824..3ab6494347 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: - M365-identity-device-management diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md index ef7d1721ad..fc797a8b6e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md index b82afe3c1d..69d3ba639e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md @@ -7,7 +7,7 @@ ms.sitesec: library ms.pagetype: security audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md index 219e93788f..91e6db25cf 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md @@ -7,7 +7,7 @@ ms.sitesec: library ms.pagetype: security audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md index bbfb502c02..a4e61a2244 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md @@ -7,7 +7,7 @@ ms.sitesec: library ms.pagetype: security audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article @@ -18,6 +18,7 @@ ms.reviewer: # Technology and Terms **Applies to:** + - Windows 10 - Windows 11 diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md index dd6b26cb7e..0b25b65df8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md @@ -7,7 +7,7 @@ ms.sitesec: library ms.pagetype: security audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md index 19dc6646a1..c9bbe2c198 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: - M365-identity-device-management diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md index 070df10d93..638d001dcf 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md index 8a7e0fa4c3..ddff708e26 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md index 34007dd8f6..6de21388aa 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md index 24ace5b26a..49ed9f19f0 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md index e5006ebcaa..6432ef517b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article @@ -19,23 +19,25 @@ ms.reviewer: # Hybrid Azure AD joined Windows Hello for Business Prerequisites **Applies to** -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid deployment -- Certificate trust +- Windows 10, version 1703 or later +- Windows 11 +- Hybrid deployment +- Certificate trust Hybrid environments are distributed systems that enable organizations to use on-premises and Azure-based identities and resources. Windows Hello for Business uses the existing distributed system as a foundation on which organizations can provide two-factor authentication that provides a single sign-in like experience to modern resources. The distributed systems on which these technologies were built involved several pieces of on-premises and cloud infrastructure. High-level pieces of the infrastructure include: -* [Directories](#directories) -* [Public Key Infrastructure](#public-key-infrastructure) -* [Directory Synchronization](#directory-synchronization) -* [Federation](#federation) -* [Multifactor Authentication](#multifactor-authentication) -* [Device Registration](#device-registration) + +- [Directories](#directories) +- [Public Key Infrastructure](#public-key-infrastructure) +- [Directory Synchronization](#directory-synchronization) +- [Federation](#federation) +- [Multifactor Authentication](#multifactor-authentication) +- [Device Registration](#device-registration) ## Directories ## + Hybrid Windows Hello for Business needs two directories: on-premises Active Directory and a cloud Azure Active Directory. The minimum required domain controller, domain functional level, and forest functional level for Windows Hello for Business deployment is Windows Server 2008 R2. A hybrid Windows Hello for Business deployment needs an Azure Active Directory subscription. Different deployment configurations are supported by different Azure subscriptions. The hybrid-certificate trust deployment needs an Azure Active Directory premium subscription because it uses the device write-back synchronization feature. Other deployments, such as the hybrid key-trust deployment, may not require Azure Active Directory premium subscription. @@ -57,13 +59,15 @@ Review these requirements and those from the Windows Hello for Business planning
## Public Key Infrastructure ## + The Windows Hello for Business deployment depends on an enterprise public key infrastructure as trust anchor for authentication. Domain controllers for hybrid deployments need a certificate in order for Windows devices to trust the domain controller. - + Certificate trust deployments need an enterprise public key infrastructure and a certificate registration authority to issue authentication certificates to users. When using Group Policy, hybrid certificate trust deployment uses the Windows Server 2016 Active Directory Federation Server (AD FS) as a certificate registration authority. The minimum required enterprise certificate authority that can be used with Windows Hello for Business is Windows Server 2012. ### Section Review + > [!div class="checklist"] > * Windows Server 2012 Issuing Certificate Authority > * Windows Server 2016 Active Directory Federation Services @@ -71,17 +75,19 @@ The minimum required enterprise certificate authority that can be used with Wind
## Directory Synchronization ## + The two directories used in hybrid deployments must be synchronized. You need Azure Active Directory Connect to synchronize user accounts in the on-premises Active Directory with Azure Active Directory. Organizations using older directory synchronization technology, such as DirSync or Azure AD sync, need to upgrade to Azure AD Connect. In case the schema of your local AD DS was changed since the last directory synchronization, you may need to [refresh directory schema](/azure/active-directory/hybrid/how-to-connect-installation-wizard#refresh-directory-schema). - + > [!NOTE] > User accounts enrolling for Windows Hello for Business in a Hybrid Certificate Trust scenario must have a UPN matching a verified domain name in Azure AD. For more details, see [Troubleshoot Post-Join issues](/azure/active-directory/devices/troubleshoot-hybrid-join-windows-current#troubleshoot-post-join-issues). > [!NOTE] > Windows Hello for Business is tied between a user and a device. Both the user and device need to be synchronized between Azure Active Directory and Active Directory. - -### Section Review + +### Section Review + > [!div class="checklist"] > * Azure Active Directory Connect directory synchronization > * [Upgrade from DirSync](/azure/active-directory/connect/active-directory-aadconnect-dirsync-upgrade-get-started) @@ -90,11 +96,13 @@ Organizations using older directory synchronization technology, such as DirSync
## Federation ## + Windows Hello for Business hybrid certificate trust requires Active Directory being federated with Azure Active Directory and needs Windows Server 2016 Active Directory Federation Services or newer. Windows Hello for Business hybrid certificate trust doesn’t support Managed Azure Active Directory using Pass-through authentication or password hash sync. All nodes in the AD FS farm must run the same version of AD FS. Additionally, you need to configure your AD FS farm to support Azure registered devices. The AD FS farm used with Windows Hello for Business must be Windows Server 2016 with minimum update of [KB4088889 (14393.2155)](https://support.microsoft.com/help/4088889). If your AD FS farm is not running the AD FS role with updates from Windows Server 2016, then read [Upgrading to AD FS in Windows Server 2016](/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016) ### Section Review ### + > [!div class="checklist"] > * Windows Server 2016 Active Directory Federation Services > * Minimum update of [KB4088889 (14393.2155)](https://support.microsoft.com/help/4088889) @@ -102,11 +110,13 @@ The AD FS farm used with Windows Hello for Business must be Windows Server 2016
## Multifactor Authentication ## + Windows Hello for Business is a strong, two-factor credential the helps organizations reduce their dependency on passwords. The provisioning process lets a user enroll in Windows Hello for Business using their username and password as one factor. but needs a second factor of authentication. Hybrid Windows Hello for Business deployments can use Azure’s Multifactor Authentication service, or they can use multifactor authentication provides by Windows Server 2016 Active Directory Federation Services, which includes an adapter model that enables third parties to integrate their multifactor authentication into AD FS. -### Section Review +### Section Review + > [!div class="checklist"] > * Azure MFA Service > * Windows Server 2016 AD FS and Azure @@ -115,6 +125,7 @@ Hybrid Windows Hello for Business deployments can use Azure’s Multifactor Auth
## Device Registration ## + Organizations wanting to deploy hybrid certificate trust need their domain joined devices to register to Azure Active Directory. Just as a computer has an identity in Active Directory, that same computer has an identity in the cloud. This ensures that only approved computers are used with that Azure Active Directory. Each computer registers its identity in Azure Active Directory. Hybrid certificate trust deployments need the device write back feature. Authentication to the Windows Server 2016 Active Directory Federation Services needs both the user and the computer to authenticate. Typically the users are synchronized, but not devices. This prevents AD FS from authenticating the computer and results in Windows Hello for Business certificate enrollment failures. For this reason, Windows Hello for Business deployments need device writeback, which is an Azure Active Directory premium feature. @@ -128,6 +139,7 @@ You need to allow access to the URL account.microsoft.com to initiate Windows He ### Section Checklist ### + > [!div class="checklist"] > * Azure Active Directory Device writeback > * Azure Active Directory Premium subscription @@ -151,6 +163,7 @@ If your environment is already federated and supports Azure device registration,
## Follow the Windows Hello for Business hybrid certificate trust deployment guide + 1. [Overview](hello-hybrid-cert-trust.md) 2. Prerequisites (*You are here*) 3. [New Installation Baseline](hello-hybrid-cert-new-install.md) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md index 14ba0196f1..bec180c498 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md index 067d7c0cad..15ec076a51 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md index 6d48646f3b..94462ebe1d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md @@ -7,8 +7,8 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile audience: ITPro -author: mapalko -ms.author: mapalko +author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article @@ -19,11 +19,11 @@ ms.reviewer: # Configure Hybrid Azure AD joined Windows Hello for Business: Active Directory **Applies to** -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid deployment -- Certificate trust +- Windows 10, version 1703 or later +- Windows 11 +- Hybrid deployment +- Certificate trust The key synchronization process for the hybrid deployment of Windows Hello for Business needs the Windows Server 2016 Active Directory schema. diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md index 8c0059c5c7..dc028844a0 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article @@ -36,7 +36,7 @@ The Windows Hello for Business Authentication certificate template is configured ### Configure the Registration Authority -Sign-in the AD FS server with *Domain Admin* equivalent credentials. +Sign-in the AD FS server with *Domain Admin* equivalent credentials. 1. Open a **Windows PowerShell** prompt. 2. Enter the following command: diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md index 13d9858051..7ef3176f22 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md index 1e26c79def..bc3b32a38e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md index 38c435c790..a7bc32dc4c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md index 5cf1466b7e..dcffcfc154 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md index 157f25c9bb..71209f0294 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md @@ -7,8 +7,8 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile audience: ITPro -author: mapalko -ms.author: mapalko +author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md index 195a7a41cb..ea3e5ae8d1 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md index 243a75c718..fdd927d52e 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md index db1f93ef28..28c80840a2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md @@ -7,8 +7,8 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile audience: ITPro -author: mapalko -ms.author: mapalko +author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article @@ -19,17 +19,17 @@ ms.reviewer: # Configure Directory Synchronization for Hybrid Azure AD joined key trust Windows Hello for Business **Applies to** -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid deployment -- Key trust - -You are ready to configure directory synchronization for your hybrid environment. Hybrid Windows Hello for Business deployment needs both a cloud and an on-premises identity to authenticate and access resources in the cloud or on-premises. +- Windows 10, version 1703 or later +- Windows 11 +- Hybrid deployment +- Key trust + +You are ready to configure directory synchronization for your hybrid environment. Hybrid Windows Hello for Business deployment needs both a cloud and an on-premises identity to authenticate and access resources in the cloud or on-premises. ## Deploy Azure AD Connect -Next, you need to synchronize the on-premises Active Directory with Azure Active Directory. To do this, first review the [Integrating on-prem directories with Azure Active Directory](/azure/active-directory/connect/active-directory-aadconnect) and [hardware and prerequisites](/azure/active-directory/connect/active-directory-aadconnect-prerequisites) needed and then [download the software](https://go.microsoft.com/fwlink/?LinkId=615771). +Next, you need to synchronize the on-premises Active Directory with Azure Active Directory. To do this, first review the [Integrating on-prem directories with Azure Active Directory](/azure/active-directory/connect/active-directory-aadconnect) and [hardware and prerequisites](/azure/active-directory/connect/active-directory-aadconnect-prerequisites) needed and then [download the software](https://go.microsoft.com/fwlink/?LinkId=615771). > [!NOTE] > If you installed Azure AD Connect prior to upgrading the schema, you will need to re-run the Azure AD Connect installation and refresh the on-premises AD schema to ensure the synchronization rule for msDS-KeyCredentialLink is configured. @@ -39,6 +39,7 @@ Next, you need to synchronize the on-premises Active Directory with Azure Active
## Follow the Windows Hello for Business hybrid key trust deployment guide + 1. [Overview](hello-hybrid-key-trust.md) 2. [Prerequisites](hello-hybrid-key-trust-prereqs.md) 3. [New Installation Baseline](hello-hybrid-key-new-install.md) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index 641fe32c0c..f32954e088 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: mapalko -ms.author: mapalko +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md index a8b090fc5b..db6d3e0a33 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md @@ -7,8 +7,8 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile audience: ITPro -author: mapalko -ms.author: mapalko +author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md index 224aa7d094..d2c8eb0585 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md @@ -7,8 +7,8 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile audience: ITPro -author: mapalko -ms.author: mapalko +author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article @@ -19,20 +19,20 @@ ms.reviewer: # Hybrid Azure AD joined Windows Hello for Business Key Trust Provisioning **Applies to** -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid deployment -- Key trust +- Windows 10, version 1703 or later +- Windows 11 +- Hybrid deployment +- Key trust ## Provisioning + The Windows Hello for Business provisioning begins immediately after the user has signed in, after the user profile is loaded, but before the user receives their desktop. Windows only launches the provisioning experience if all the prerequisite checks pass. You can determine the status of the prerequisite checks by viewing the **User Device Registration** in the **Event Viewer** under **Applications and Services Logs\Microsoft\Windows**. ![Event358.](images/Event358-2.png) The first thing to validate is the computer has processed device registration. You can view this from the User device registration logs where the check **Device is AAD joined (AADJ or DJ++): Yes** appears. Additionally, you can validate this using the **dsregcmd /status** command from a console prompt where the value for **AzureADJoined** reads **Yes**. - Windows Hello for Business provisioning begins with a full screen page with the title **Setup a PIN** and button with the same name. The user clicks **Setup a PIN**. ![Setup a PIN Provisioning.](images/setupapin.png) @@ -46,12 +46,13 @@ After a successful MFA, the provisioning flow asks the user to create and valida ![Create a PIN during provisioning.](images/createPin.png) The provisioning flow has all the information it needs to complete the Windows Hello for Business enrollment. -* A successful single factor authentication (username and password at sign-in) -* A device that has successfully completed device registration -* A fresh, successful multi-factor authentication -* A validated PIN that meets the PIN complexity requirements -The remainder of the provisioning includes Windows Hello for Business requesting an asymmetric key pair for the user, preferably from the TPM (or required if explicitly set through policy). Once the key pair is acquired, Windows communicates with Azure Active Directory to register the public key. When key registration completes, Windows Hello for Business provisioning informs the user they can use their PIN to sign-in. The user may close the provisioning application and see their desktop. While the user has completed provisioning, Azure AD Connect synchronizes the user's key to Active Directory. +- A successful single factor authentication (username and password at sign-in) +- A device that has successfully completed device registration +- A fresh, successful multi-factor authentication +- A validated PIN that meets the PIN complexity requirements + +The remainder of the provisioning includes Windows Hello for Business requesting an asymmetric key pair for the user, preferably from the TPM (or required if explicitly set through policy). Once the key pair is acquired, Windows communicates with Azure Active Directory to register the public key. When key registration completes, Windows Hello for Business provisioning informs the user they can use their PIN to sign-in. The user may close the provisioning application and see their desktop. While the user has completed provisioning, Azure AD Connect synchronizes the user's key to Active Directory. > [!IMPORTANT] > The minimum time needed to synchronize the user's public key from Azure Active Directory to the on-premises Active Directory is 30 minutes. The Azure AD Connect scheduler controls the synchronization interval. @@ -63,6 +64,7 @@ The remainder of the provisioning includes Windows Hello for Business requesting
## Follow the Windows Hello for Business hybrid key trust deployment guide + 1. [Overview](hello-hybrid-key-trust.md) 2. [Prerequisites](hello-hybrid-key-trust-prereqs.md) 3. [New Installation Baseline](hello-hybrid-key-new-install.md) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md index 4a3d72f393..46ba983c83 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md index ec68777427..3843fecaa8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md index 700d8a0062..de67cd6dd3 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md @@ -7,8 +7,8 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile audience: ITPro -author: mapalko -ms.author: mapalko +author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md index 6b08257dd3..6ea84e8f0d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md @@ -7,8 +7,8 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile audience: ITPro -author: mapalko -ms.author: mapalko +author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article @@ -19,11 +19,11 @@ ms.reviewer: # Configure Hybrid Azure AD joined Windows Hello for Business: Group Policy **Applies to** -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid deployment -- Key trust +- Windows 10, version 1703 or later +- Windows 11 +- Hybrid deployment +- Key trust ## Policy Configuration diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md index b7f6408196..38b7194d9c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md @@ -7,8 +7,8 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile audience: ITPro -author: mapalko -ms.author: mapalko +author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article @@ -19,10 +19,11 @@ ms.reviewer: # Configure Hybrid Azure AD joined Windows Hello for Business key trust settings **Applies to** -- Windows 10, version 1703 or later -- Windows 11 -- Hybrid deployment -- Key trust + +- Windows 10, version 1703 or later +- Windows 11 +- Hybrid deployment +- Key trust You are ready to configure your hybrid Azure AD joined key trust environment for Windows Hello for Business. @@ -45,6 +46,7 @@ For the most efficient deployment, configure these technologies in order beginni
## Follow the Windows Hello for Business hybrid key trust deployment guide + 1. [Overview](hello-hybrid-key-trust.md) 2. [Prerequisites](hello-hybrid-key-trust-prereqs.md) 3. [New Installation Baseline](hello-hybrid-key-new-install.md) diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md index 352cf1f3bb..4135615f1c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md +++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: - M365-identity-device-management diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md index ced71bc7c8..d608421337 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md index 240e3b4a9b..187d42ad0f 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md index 8c3849151b..eef5885eb8 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md @@ -9,7 +9,7 @@ ms.pagetype: security, mobile author: dansimp audience: ITPro ms.author: GitPrakhar13 -manager: GitPrakhar13 +manager: prsriva ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium @@ -19,12 +19,12 @@ ms.reviewer: # Validate Active Directory prerequisites - Key Trust **Applies to** + - Windows 10, version 1703 or later - Windows 11 - On-premises deployment - Key trust - Key trust deployments need an adequate number of 2016 or later domain controllers to ensure successful user authentication with Windows Hello for Business. To learn more about domain controller planning for key trust deployments, read the [Windows Hello for Business planning guide](hello-planning-guide.md), the [Planning an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) section. > [!NOTE] diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md index 35b1e59252..e0d299b2df 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article @@ -35,6 +35,7 @@ For information on available third-party authentication methods see [Configure A Follow the integration and deployment guide for the authentication provider you select to integrate and deploy it to AD FS. Make sure that the authentication provider is selected as a multi-factor authentication option in the AD FS authentication policy. For information on configuring AD FS authentication policies see [Configure Authentication Policies](/windows-server/identity/ad-fs/operations/configure-authentication-policies). ## Follow the Windows Hello for Business on premises certificate trust deployment guide + 1. [Validate Active Directory prerequisites](hello-key-trust-validate-ad-prereq.md) 2. [Validate and Configure Public Key Infrastructure](hello-key-trust-validate-pki.md) 3. [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-key-trust-adfs.md) diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md index e4d0dbd8ab..debf3022c5 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md @@ -7,8 +7,8 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile audience: ITPro -author: mapalko -ms.author: mapalko +author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article @@ -20,11 +20,11 @@ ms.reviewer: # Validate and Configure Public Key Infrastructure - Key Trust **Applies to** -- Windows 10, version 1703 or later -- Windows 11 -- On-premises deployment -- Key trust +- Windows 10, version 1703 or later +- Windows 11 +- On-premises deployment +- Key trust Windows Hello for Business must have a public key infrastructure regardless of the deployment or trust model. All trust models depend on the domain controllers having a certificate. The certificate serves as a root of trust for clients to ensure they are not communicating with a rogue domain controller. @@ -51,7 +51,7 @@ Sign-in using _Enterprise Admin_ equivalent credentials on Windows Server 2012 o ```PowerShell Install-AdcsCertificationAuthority ``` - + ## Configure a Production Public Key Infrastructure If you do have an existing public key infrastructure, please review [Certification Authority Guidance](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831574(v=ws.11)) from Microsoft TechNet to properly design your infrastructure. Then, consult the [Test Lab Guide: Deploying an AD CS Two-Tier PKI Hierarchy](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831348(v=ws.11)) for instructions on how to configure your public key infrastructure using the information from your design session. @@ -176,9 +176,9 @@ Sign-in to the certificate authority or management workstations with an _Enterpr 5. In the **Enable Certificates Templates** window, select the **Domain Controller Authentication (Kerberos)**, and **Internal Web Server** templates you created in the previous steps. Click **OK** to publish the selected certificate templates to the certificate authority. -6. If you published the Domain Controller Authentication (Kerberos) certificate template, then you should unpublish the certificate templates you included in the superseded templates list. +6. If you published the Domain Controller Authentication (Kerberos) certificate template, then you should unpublish the certificate templates you included in the superseded templates list. - \* To unpublish a certificate template, right-click the certificate template you want to unpublish in the details pane of the Certificate Authority console and select **Delete**. Click **Yes** to confirm the operation. + \* To unpublish a certificate template, right-click the certificate template you want to unpublish in the details pane of the Certificate Authority console and select **Delete**. Click **Yes** to confirm the operation. 7. Close the console. @@ -234,7 +234,6 @@ Look for an event indicating a new certificate enrollment (autoenrollment). The Certificates superseded by your new domain controller certificate generate an archive event in the CertificateServices-Lifecycles-System event. The archive event contains the certificate template name and thumbprint of the certificate that was superseded by the new certificate. - #### Certificate Manager You can use the Certificate Manager console to validate the domain controller has the properly enrolled certificate based on the correct certificate template with the proper EKUs. Use **certlm.msc** to view certificate in the local computers certificate stores. Expand the **Personal** store and view the certificates enrolled for the computer. Archived certificates do not appear in Certificate Manager. @@ -243,7 +242,7 @@ You can use the Certificate Manager console to validate the domain controller ha You can use **certutil.exe** to view enrolled certificates in the local computer. Certutil shows enrolled and archived certificates for the local computer. From an elevated command prompt, run `certutil -q -store my` to view locally enrolled certificates. -To view detailed information about each certificate in the store, use `certutil -q -v -store my` to validate automatic certificate enrollment enrolled the proper certificates. +To view detailed information about each certificate in the store, use `certutil -q -v -store my` to validate automatic certificate enrollment enrolled the proper certificates. #### Troubleshooting @@ -253,10 +252,10 @@ Alternatively, you can forcefully trigger automatic certificate enrollment using Use the event logs to monitor certificate enrollment and archive. Review the configuration, such as publishing certificate templates to issuing certificate authority and the allow auto enrollment permissions. - ## Follow the Windows Hello for Business on premises key trust deployment guide + 1. [Validate Active Directory prerequisites](hello-key-trust-validate-ad-prereq.md) 2. Validate and Configure Public Key Infrastructure (*You are here*) 3. [Prepare and Deploy Windows Server 2016 Active Directory Federation Services](hello-key-trust-adfs.md) 4. [Validate and Deploy Multifactor Authentication Services (MFA)](hello-key-trust-validate-deploy-mfa.md) -5. [Configure Windows Hello for Business Policy settings](hello-key-trust-policy-settings.md) \ No newline at end of file +5. [Configure Windows Hello for Business Policy settings](hello-key-trust-policy-settings.md) diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md index d98f82336d..4b44e661ec 100644 --- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md +++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.pagetype: security audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: - M365-identity-device-management diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md index 5938679856..2cc0527401 100644 --- a/windows/security/identity-protection/hello-for-business/hello-overview.md +++ b/windows/security/identity-protection/hello-for-business/hello-overview.md @@ -8,8 +8,8 @@ ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security, mobile audience: ITPro -author: mapalko -ms.author: mapalko +author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: - M365-identity-device-management @@ -120,7 +120,6 @@ Windows Hello for Business with a key, including cloud trust, does not support s [Windows 10: The End Game for Passwords and Credential Theft?](https://go.microsoft.com/fwlink/p/?LinkId=533891) - ## Related topics - [How Windows Hello for Business works](hello-how-it-works.md) diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index d1bc260624..65b58ef1a0 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: - M365-identity-device-management diff --git a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md index 0ffe5c3a7b..8ab37765f1 100644 --- a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md +++ b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md @@ -10,7 +10,7 @@ ms.sitesec: library ms.pagetype: security audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-videos.md b/windows/security/identity-protection/hello-for-business/hello-videos.md index c150a526a2..013f236742 100644 --- a/windows/security/identity-protection/hello-for-business/hello-videos.md +++ b/windows/security/identity-protection/hello-for-business/hello-videos.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md index 1290d2dba6..0635a17b37 100644 --- a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md +++ b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md @@ -9,7 +9,7 @@ ms.sitesec: library ms.pagetype: security audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: - M365-identity-device-management diff --git a/windows/security/identity-protection/hello-for-business/index.yml b/windows/security/identity-protection/hello-for-business/index.yml index 972f6343ab..62c038bd6b 100644 --- a/windows/security/identity-protection/hello-for-business/index.yml +++ b/windows/security/identity-protection/hello-for-business/index.yml @@ -10,7 +10,7 @@ metadata: ms.topic: landing-page author: GitPrakhar13 manager: dansimp - ms.author: GitPrakhar13 + ms.author: prsriva ms.date: 01/22/2021 ms.collection: - M365-identity-device-management diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md index e106bb2c8a..556f49c888 100644 --- a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md +++ b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article @@ -16,9 +16,10 @@ localizationpriority: medium ms.date: 11/14/2018 ms.reviewer: --- -# What is a Microsoft-compatible security key? +# What is a Microsoft-compatible security key? + > [!Warning] -> Some information relates to pre-released product that may change before it is commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. +> Some information relates to pre-released product that may change before it is commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. Microsoft has been aligned with the [FIDO Alliance](https://fidoalliance.org/) with a mission to replace passwords with an easy to use, strong 2FA credential. We have been working with our partners to extensively test and deliver a seamless and secure authentication experience to end users. See [FIDO2 security keys features and providers](/azure/active-directory/authentication/concept-authentication-passwordless#fido2-security-keys). diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 6c3d7dc1b8..f54986956f 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article diff --git a/windows/security/identity-protection/hello-for-business/reset-security-key.md b/windows/security/identity-protection/hello-for-business/reset-security-key.md index 91592e2183..99df1a799a 100644 --- a/windows/security/identity-protection/hello-for-business/reset-security-key.md +++ b/windows/security/identity-protection/hello-for-business/reset-security-key.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.pagetype: security, mobile audience: ITPro author: GitPrakhar13 -ms.author: GitPrakhar13 +ms.author: prsriva manager: dansimp ms.collection: M365-identity-device-management ms.topic: article