Update requirements and remove unnecessary content

2025-05-14 14:27:22 +00:00 · 2023-12-27 12:27:48 -05:00 · 2023-12-27 12:27:48 -05:00 · a46b9b230f
commit a46b9b230f
parent 59ad6d837c
4 changed files with 65 additions and 46 deletions
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust.md
@ -13,49 +13,10 @@ ms.topic: tutorial
 > Windows Hello for Business *cloud Kerberos trust* is the recommended deployment model when compared to the *key trust model*. For more information, see [cloud Kerberos trust deployment](hybrid-cloud-kerberos-trust.md).

 [!INCLUDE [requirements](includes/requirements.md)]
+[!INCLUDE [requirement-directory-sync](includes/requirement-directory-sync.md)]
+[!INCLUDE [requirement-auth-to-entra-id](includes/requirement-auth-to-entra-id.md)]
+[!INCLUDE [requirement-device-registration](includes/requirement-device-registration.md)]

-:::row:::
-    :::column span="1":::
-Directories and directory synchronization
-    :::column-end:::
-    :::column span="3":::
-Hybrid Windows Hello for Business needs two directories:
-
- An on-premises Active Directory
- A Microsoft Entra tenant
-
-The two directories must be synchronized with [Microsoft Entra Connect Sync][AZ-1], which synchronizes user accounts from the on-premises Active Directory to Microsoft Entra ID.\
-During the Window Hello for Business provisioning process, users register the public portion of their Windows Hello for Business credential with Microsoft Entra ID. *Microsoft Entra Connect Sync* synchronizes the Windows Hello for Business public key to Active Directory.
-
-> [!NOTE]
-> Windows Hello for Business hybrid key trust is not supported if the users' on-premises UPN suffix cannot be added as a verified domain in Microsoft Entra ID.
-
-> [!IMPORTANT]
-> Windows Hello for Business is tied between a user and a device. Both the user and device object must be synchronized between Microsoft Entra ID and Active Directory.
-    :::column-end:::
-
-:::row-end:::
-
-:::row:::
-    :::column span="1":::
-        Authentication to Microsoft Entra ID
-    :::column-end:::
-    :::column span="3":::
-Authentication to Microsoft Entra ID can be configured with or without federation:
- [Password hash synchronization][AZ-6] or [Microsoft Entra pass-through authentication][AZ-7] is required for non-federated environments
- Active Directory Federation Services (AD FS) or a third-party federation service is required for federated environments
-    :::column-end:::
-
-:::row-end:::
-
-:::row:::
-    :::column span="1":::
-        Device registration
-    :::column-end:::
-    :::column span="3":::
-The Windows devices must be registered in Microsoft Entra ID. Devices can be registered in Microsoft Entra ID using either *Microsoft Entra join* or *Microsoft Entra hybrid join*.\
-For *Microsoft Entra hybrid joined* devices, review the guidance on the [Plan your Microsoft Entra hybrid join implementation][AZ-8] page.
-    :::column-end:::

 :::row-end:::

@ -109,13 +70,10 @@ To configure Windows Hello for Business, devices can be configured through a mob
 > [Next: configure and validate the Public Key Infrastructure >](hybrid-key-trust-pki.md)

 <!--links-->
-[AZ-1]: /azure/active-directory/hybrid/how-to-connect-sync-whatis
+
 [AZ-2]: /azure/multi-factor-authentication/multi-factor-authentication
 [AZ-3]: /azure/multi-factor-authentication/multi-factor-authentication-whats-next
 [AZ-4]: /azure/active-directory/devices/troubleshoot-device-dsregcmd
 [AZ-5]: /azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler
-[AZ-6]: /azure/active-directory/hybrid/whatis-phs
-[AZ-7]: /azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication
-[AZ-8]: /azure/active-directory/devices/hybrid-azuread-join-plan

 [SER-1]: /windows-server/identity/ad-fs/operations/configure-ad-fs-2016-and-azure-mfa
--- a/windows/security/identity-protection/hello-for-business/deploy/includes/requirement-auth-to-entra-id.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/includes/requirement-auth-to-entra-id.md
@ -0,0 +1,18 @@
+---
+ms.date: 12/15/2023
+ms.topic: include
+---
+
+:::row:::
+    :::column span="1":::
+    Authentication to Microsoft Entra ID
+    :::column-end:::
+    :::column span="3":::
+    Authentication to Microsoft Entra ID can be configured with or without federation:
+    - [Password hash synchronization][AZ-6] or [Microsoft Entra pass-through authentication][AZ-7] is required for non-federated environments
+    - Active Directory Federation Services (AD FS) or a third-party federation service is required for federated environments
+    :::column-end:::
+:::row-end:::
+
+[AZ-6]: /azure/active-directory/hybrid/whatis-phs
+[AZ-7]: /azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication
--- a/windows/security/identity-protection/hello-for-business/deploy/includes/requirement-device-registration.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/includes/requirement-device-registration.md
@ -0,0 +1,15 @@
+---
+ms.date: 12/15/2023
+ms.topic: include
+---
+
+:::row:::
+    :::column span="1":::
+        Device registration
+    :::column-end:::
+    :::column span="3":::
+The Windows devices must be registered in Microsoft Entra ID. Devices can be registered in Microsoft Entra ID using either *Microsoft Entra join* or *Microsoft Entra hybrid join*.\
+For *Microsoft Entra hybrid joined* devices, review the guidance on the [Plan your Microsoft Entra hybrid join implementation][AZ-8] page.
+    :::column-end:::
+
+[AZ-8]: /azure/active-directory/devices/hybrid-azuread-join-plan
--- a/windows/security/identity-protection/hello-for-business/deploy/includes/requirement-directory-sync.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/includes/requirement-directory-sync.md
@ -0,0 +1,28 @@
+---
+ms.date: 12/15/2023
+ms.topic: include
+---
+
+:::row:::
+    :::column span="1":::
+Directories and directory synchronization
+    :::column-end:::
+    :::column span="3":::
+Hybrid Windows Hello for Business needs two directories:
+
+- An on-premises Active Directory
+- A Microsoft Entra tenant
+
+The two directories must be synchronized with [Microsoft Entra Connect Sync][AZ-1], which synchronizes user accounts from the on-premises Active Directory to Microsoft Entra ID.\
+During the Window Hello for Business provisioning process, users register the public portion of their Windows Hello for Business credential with Microsoft Entra ID. *Microsoft Entra Connect Sync* synchronizes the Windows Hello for Business public key to Active Directory.
+
+> [!NOTE]
+> Windows Hello for Business hybrid key trust is not supported if the users' on-premises UPN suffix cannot be added as a verified domain in Microsoft Entra ID.
+
+> [!IMPORTANT]
+> Windows Hello for Business is tied between a user and a device. Both the user and device object must be synchronized between Microsoft Entra ID and Active Directory.
+    :::column-end:::
+
+:::row-end:::
+
+[AZ-1]: /azure/active-directory/hybrid/how-to-connect-sync-whatis