from master

windows/keep-secure/implement-microsoft-passport-in-your-organization.md

@@ -1,6 +1,6 @@
 ---
-title: Implement Windows Hello in your organization (Windows 10)
-description: You can create a Group Policy or mobile device management (MDM) policy that will implement Windows Hello for Business on devices running Windows 10.
+title: Implement Microsoft Passport in your organization (Windows 10)
+description: You can create a Group Policy or mobile device management (MDM) policy that will implement Microsoft Passport on devices running Windows 10.
 ms.assetid: 47B55221-24BE-482D-BD31-C78B22AC06D8
 keywords: identity, PIN, biometric, Hello
 ms.prod: w10
@@ -10,41 +10,39 @@ ms.pagetype: security
 author: jdeckerMS
 ---
 
-# Implement Windows Hello for Business in your organization
+# Implement Microsoft Passport in your organization
 
 **Applies to**
 -   Windows 10
 -   Windows 10 Mobile
 
-You can create a Group Policy or mobile device management (MDM) policy that will implement Windows Hello on devices running Windows 10.
-> **Important:**  The Group Policy setting **Turn on PIN sign-in** does not apply to Windows 10. Use **Windows Hello for Business** policy settings to manage PINs.
+You can create a Group Policy or mobile device management (MDM) policy that will implement Microsoft Passport on devices running Windows 10.
+> **Important:**  The Group Policy setting **Turn on PIN sign-in** does not apply to Windows 10. Use **Microsoft Passport for Work** policy settings to manage PINs.
  
 ## Group Policy settings for Passport
 
-The following table lists the Group Policy settings that you can configure for Hello use in your workplace. These policy settings are available in both **User configuration** and **Computer Configuration** under **Policies** > **Administrative Templates** > **Windows Components** > **Windows Hello for Business**.
-
-
+The following table lists the Group Policy settings that you can configure for Passport use in your workplace. These policy settings are available in **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **Microsoft Passport for Work**.
 <table>
 <tr>
 <th colspan="2">Policy</th>
 <th>Options</th>
 </tr>
 <tr>
-<td>Use Windows Hello for Business</td>
+<td>Use Microsoft Passport for Work</td>
 <td></td>
 <td>
-<p><b>Not configured</b>: Users can provision Windows Hello for Business, which encrypts their domain password.</p>
-<p><b>Enabled</b>: Device provisions Windows Hello for Business using keys or certificates for all users.</p>
-<p><b>Disabled</b>: Device does not provision Windows Hello for Business for any user.</p>
+<p><b>Not configured</b>: Users can provision Passport for Work, which encrypts their domain password.</p>
+<p><b>Enabled</b>: Device provisions Passport for Work using keys or certificates for all users.</p>
+<p><b>Disabled</b>: Device does not provision Passport for Work for any user.</p>
 </td>
 </tr>
 <tr>
 <td>Use a hardware security device</td>
 <td></td>
 <td>
-<p><b>Not configured</b>: Windows Hello for Business will be provisioned using TPM if available, and will be provisioned using software if TPM is not available.</p>
-<p><b>Enabled</b>: Windows Hello for Business will only be provisioned using TPM.</p>
-<p><b>Disabled</b>: Windows Hello for Business will be provisioned using TPM if available, and will be provisioned using software if TPM is not available.</p>
+<p><b>Not configured</b>: Passport for Work will be provisioned using TPM if available, and will be provisioned using software if TPM is not available.</p>
+<p><b>Enabled</b>: Passport for Work will only be provisioned using TPM.</p>
+<p><b>Disabled</b>: Passport for Work will be provisioned using TPM if available, and will be provisioned using software if TPM is not available.</p>
 </td>
 </tr>
 <tr>
@@ -124,23 +122,23 @@ The following table lists the Group Policy settings that you can configure for H
 </td>
 </tr>
 <tr>
-<td><a href="prepare-people-to-use-microsoft-passport.md#BMK_remote">Phone Sign-in</a></td>
+<td><a href="prepare-people-to-use-microsoft-passport.md#BMK_remote">Remote Passport</a></td>
 <td>
-<p>Use Phone Sign-in</p>
+<p>Use Remote Passport</p>
 <div class="alert"><b>Note</b>  Applies to desktop only. Phone sign-in is currently limited to select Technology Adoption Program (TAP) participants.</div>
 <div> </div>
 </td>
 <td>
-<p><b>Not configured</b>: Phone sign-in is disabled.</p>
+<p><b>Not configured</b>: Remote Passport is disabled.</p>
 <p><b>Enabled</b>: Users can use a portable, registered device as a companion device for desktop authentication.</p>
-<p><b>Disabled</b>: Phone sign-in is disabled.</p>
+<p><b>Disabled</b>: Remote Passport is disabled.</p>
 </td>
 </tr>
 </table>
 
 ## MDM policy settings for Passport
 
-The following table lists the MDM policy settings that you can configure for Windows Hello for Business use in your workplace. These MDM policy settings use the [PassportForWork configuration service provider (CSP)](http://go.microsoft.com/fwlink/p/?LinkId=692070).
+The following table lists the MDM policy settings that you can configure for Passport use in your workplace. These MDM policy settings use the [PassportForWork configuration service provider (CSP)](http://go.microsoft.com/fwlink/p/?LinkId=692070).
 <table>
 <tr>
 <th colspan="2">Policy</th>
@@ -154,9 +152,9 @@ The following table lists the MDM policy settings that you can configure for Win
 <td>Device</td>
 <td>True</td>
 <td>
-<p>True: Windows Hello for Business will be provisioned for all users on the device.</p>
-<p>False: Users will not be able to provision Windows Hello for Business. </p>
-<div class="alert"><b>Note</b>  If Windows Hello for Business is enabled, and then the policy is changed to False, users who previously set up Windows Hello for Business can continue to use it, but will not be able to set up Windows Hello for Business on other devices.</div>
+<p>True: Passport will be provisioned for all users on the device.</p>
+<p>False: Users will not be able to provision Passport. </p>
+<div class="alert"><b>Note</b>  If Passport is enabled, and then the policy is changed to False, users who previously set up Passport can continue to use it, but will not be able to set up Passport on other devices.</div>
 <div> </div>
 </td>
 </tr>
@@ -166,8 +164,8 @@ The following table lists the MDM policy settings that you can configure for Win
 <td>Device</td>
 <td>False</td>
 <td>
-<p>True: Windows Hello for Business will only be provisioned using TPM.</p>
-<p>False: Windows Hello for Business will be provisioned using TPM if available, and will be provisioned using software if TPM is not available.</p>
+<p>True: Passport will only be provisioned using TPM.</p>
+<p>False: Passport will be provisioned using TPM if available, and will be provisioned using software if TPM is not available.</p>
 </td>
 </tr>
 <tr>
@@ -178,8 +176,8 @@ The following table lists the MDM policy settings that you can configure for Win
 <td>Device </td>
 <td>False</td>
 <td>
-<p>True: Biometrics can be used as a gesture in place of a PIN for domain sign-in.</p>
-<p>False: Only a PIN can be used as a gesture for domain sign-in.</p>
+<p>True: Biometrics can be used as a gesture in place of a PIN for domain logon.</p>
+<p>False: Only a PIN can be used as a gesture for domain logon.</p>
 </td>
 </tr>
 <tr>
@@ -278,8 +276,8 @@ The following table lists the MDM policy settings that you can configure for Win
 <td>Device or user</td>
 <td>False</td>
 <td>
-<p>True: <a href="prepare-people-to-use-microsoft-passport.md#BMK_remote">Phone sign-in</a> is enabled.</p>
-<p>False: <a href="prepare-people-to-use-microsoft-passport.md#BMK_remote">Phone sign-in</a> is disabled.</p>
+<p>True: <a href="prepare-people-to-use-microsoft-passport.md#BMK_remote">Remote Passport</a> is enabled.</p>
+<p>False: <a href="prepare-people-to-use-microsoft-passport.md#BMK_remote">Remote Passport</a> is disabled.</p>
 </td>
 </tr>
 </table>
@@ -289,7 +287,7 @@ If policy is not configured to explicitly require letters or special characters,
  
 ## Prerequisites
 
-You’ll need this software to set Windows Hello for Business policies in your enterprise.
+You’ll need this software to set Microsoft Passport policies in your enterprise.
 <table>
 <colgroup>
 <col width="25%" />
@@ -299,10 +297,10 @@ You’ll need this software to set Windows Hello for Business policies in your e
 </colgroup>
 <thead>
 <tr class="header">
-<th align="left">Windows Hello for Business mode</th>
+<th align="left">Microsoft Passport mode</th>
 <th align="left">Azure AD</th>
-<th align="left">Active Directory (AD) on-premises (available with production release of Windows Server 2016)</th>
-<th align="left">Azure AD/AD hybrid (available with production release of Windows Server 2016)</th>
+<th align="left">Active Directory (AD) on-premises (available with production release of Windows Server 2016 Technical Preview)</th>
+<th align="left">Azure AD/AD hybrid (available with production release of Windows Server 2016 Technical Preview)</th>
 </tr>
 </thead>
 <tbody>
@@ -310,14 +308,14 @@ You’ll need this software to set Windows Hello for Business policies in your e
 <td align="left">Key-based authentication</td>
 <td align="left">Azure AD subscription</td>
 <td align="left"><ul>
-<li>Active Directory Federation Service (AD FS) (Windows Server 2016)</li>
+<li>Active Directory Federation Service (AD FS) (Windows Server 2016 Technical Preview)</li>
 <li>A few Windows Server 2016 Technical Preview domain controllers on-site</li>
 <li>Microsoft System Center 2012 R2 Configuration Manager SP2</li>
 </ul></td>
 <td align="left"><ul>
 <li>Azure AD subscription</li>
 <li>[Azure AD Connect](http://go.microsoft.com/fwlink/p/?LinkId=616792)</li>
-<li>A few Windows Server 2016 domain controllers on-site</li>
+<li>A few Windows Server 2016 Technical Preview domain controllers on-site</li>
 <li>A management solution, such as Configuration Manager, Group Policy, or MDM</li>
 <li>Active Directory Certificate Services (AD CS) without Network Device Enrollment Service (NDES)</li>
 </ul></td>
@@ -330,8 +328,8 @@ You’ll need this software to set Windows Hello for Business policies in your e
 <li>PKI infrastructure</li>
 </ul></td>
 <td align="left"><ul>
-<li>ADFS (Windows Server 2016)</li>
-<li>Active Directory Domain Services (AD DS) Windows Server 2016 schema</li>
+<li>ADFS (Windows Server 2016 Technical Preview)</li>
+<li>Active Directory Domain Services (AD DS) Windows Server 2016 Technical Preview schema</li>
 <li>PKI infrastructure</li>
 <li>Configuration Manager SP2, Intune, or non-Microsoft MDM solution</li>
 </ul></td>
@@ -339,22 +337,20 @@ You’ll need this software to set Windows Hello for Business policies in your e
 <li>Azure AD subscription</li>
 <li>[Azure AD Connect](http://go.microsoft.com/fwlink/p/?LinkId=616792)</li>
 <li>AD CS with NDES</li>
-<li>Configuration Manager 2016 for domain-joined certificate enrollment, or InTune for non-domain-joined devices, or a non-Microsoft MDM service that supports Passport for Work</li>
+<li>Configuration Manager (current branch) or Configuration Manager 2016 Technical Preview for domain-joined certificate enrollment, or InTune for non-domain-joined devices, or a non-Microsoft MDM service that supports Passport for Work</li>
 </ul></td>
 </tr>
 </tbody>
 </table>
  
-Configuration Manager and MDM provide the ability to manage Windows Hello for Business policy and to deploy and manage certificates protected by Windows Hello for Business.
+Configuration Manager and MDM provide the ability to manage Passport policy and to deploy and manage certificates protected by Passport.
+Azure AD provides the ability to register devices with your enterprise and to provision Passport for organization accounts.
+Active Directory provides the ability to authorize users and devices using keys protected by Passport if domain controllers are running Windows 10 and the Microsoft Passport provisioning service in Windows 10 AD FS.
 
-Azure AD provides the ability to register devices with your enterprise and to provision Windows Hello for Business for organization accounts.
+## Passport for BYOD
 
-Active Directory provides the ability to authorize users and devices using keys protected by Windows Hello for Business if domain controllers are running Windows 10 and the Windows Hello for Business provisioning service in Windows 10 AD FS.
-
-## Windows Hello for BYOD
-
-Windows Hello can be managed on personal devices that your employees use for work purposes using MDM. On personal devices, users can create a personal Windows Hello PIN for unlocking the device and a separate work PIN for access to work resources.
-The work PIN is managed using the same Windows Hello for Business policies that you can use to manage Windows Hello for Business on organization-owned devices. The personal PIN is managed separately using DeviceLock policy. DeviceLock policy can be used to control length, complexity, history, and expiration requirements and can be configured using the [Policy configuration service provider](http://go.microsoft.com/fwlink/p/?LinkID=623244).
+Passport can be managed on personal devices that your employees use for work purposes using MDM. On personal devices, users can create a personal Passport PIN for unlocking the device and a separate work PIN for access to work resources.
+The work PIN is managed using the same Passport policies that you can use to manage Passport on organization owned devices. The personal PIN is managed separately using DeviceLock policy. DeviceLock policy can be used to control length, complexity, history, and expiration requirements and can be configured using the [Policy configuration service provider](http://go.microsoft.com/fwlink/p/?LinkID=623244).
 
 ## Related topics
 
@@ -362,17 +358,14 @@ The work PIN is managed using the same Windows Hello for Business policies that
 
 [Why a PIN is better than a password](why-a-pin-is-better-than-a-password.md)
 
-[Manage identity verification using Windows Hello for Business](manage-identity-verification-using-microsoft-passport.md)
+[Manage identity verification using Microsoft Passport](manage-identity-verification-using-microsoft-passport.md)
 
-[Enable phone sign-in to PC or VPN](enable-phone-signin-to-pc-and-vpn.md) 
+[Prepare people to use Microsoft Passport](prepare-people-to-use-microsoft-passport.md)
 
-[Prepare people to use Windows Hello](prepare-people-to-use-microsoft-passport.md)
+[Microsoft Passport and password changes](microsoft-passport-and-password-changes.md)
 
-[Windows Hello and password changes](microsoft-passport-and-password-changes.md)
 
-[Windows Hello errors during PIN creation](microsoft-passport-errors-during-pin-creation.md)
+[Microsoft Passport errors during PIN creation](microsoft-passport-errors-during-pin-creation.md)
 
-[Event ID 300 - Windows Hello successfully created](passport-event-300.md)
-
-[Windows Hello biometrics in the enterprise](windows-hello-in-enterprise.md)
+[Event ID 300 - Passport successfully created](passport-event-300.md)