Merged PR 4339: Merged PR 4338: Merge ms-whfb-staging to whfb-staging

Merged PR 4338: Merge ms-whfb-staging to whfb-staging Corrections for Hybrid Cert trust deployment guide
2025-05-12 13:27:23 +00:00 · 2017-11-08 00:07:37 +00:00 · 2017-11-08 00:07:37 +00:00 · ab19870cb1
commit ab19870cb1
parent 8153f3d601
4 changed files with 4 additions and 4 deletions
--- a/windows/access-protection/hello-for-business/hello-deployment-guide.md
+++ b/windows/access-protection/hello-for-business/hello-deployment-guide.md
@ -28,7 +28,7 @@ This deployment guide is to guide you through deploying Windows Hello for Busine
 This guide assumes a baseline infrastructure exists that meets the requirements for your deployment.  For either hybrid or on-premises deployments, it is expected that you have: 
 * A well-connected, working network
 * Internet access
-   * Multifactor Authentication Server to support MFA during Windows Hello for Business provisioning
+* Multifactor Authentication Server to support MFA during Windows Hello for Business provisioning
 * Proper name resolution, both internal and external names
 * Active Directory and an adequate number of domain controllers per site to support authentication
 * Active Directory Certificate Services 2012 or later
--- a/windows/access-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
+++ b/windows/access-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
@ -23,7 +23,7 @@ Hybrid environments are distributed systems that enable organizations to use on-

 The distributed systems on which these technologies were built involved several pieces of on-premises and cloud infrastructure.  High-level pieces of the infrastructure include:
 * [Directories](#directories)
-* [Public Key Infrastucture](#public-key-infastructure)
+* [Public Key Infrastucture](#public-key-infrastructure)
 * [Directory Synchronization](#directory-synchronization)
 * [Federation](#federation)
 * [MultiFactor Authetication](#multifactor-authentication)
--- a/windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
+++ b/windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
@ -133,7 +133,7 @@ Sign-in a certificate authority or management workstations with _Domain Admin eq
 9. On the **Subject** tab, select the **Build from this Active Directory information** button if it is not already selected. Select **Fully distinguished name** from the **Subject name format** list if **Fully distinguished name** is not already selected. Select the **User Principal Name (UPN)** check box under **Include this information in alternative subject name**.
 10.	On the **Request Handling** tab, select the **Renew with same key** check box.
 11.	On the **Security** tab, click **Add**. Type **Window Hello for Business Users** in the **Enter the object names to select** text box and click **OK**.
-12.	Click the **Windows Hello for Business Users** from the **Group or users names** list. In the **Permissions for Windows Hello for Business Users** section, select the **Allow** check box for the **Enroll** permission. Excluding the **Windows Hello for Business Users** group, clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other entries in the **Group or users names** section if the check boxes are not already cleared. Click **OK**. 
+12.	Click the **Windows Hello for Business Users** from the **Group or users names** list. In the **Permissions for Windows Hello for Business Users** section, select the **Allow** check box for the **Read**, **Enroll**, and **AutoEnroll** permissions. Excluding the **Windows Hello for Business Users** group, clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other entries in the **Group or users names** section if the check boxes are not already cleared. Click **OK**. 
 13.	If you previously issued Windows Hello for Business sign-in certificates using Configuration Manger and are switching to an AD FS registration authority, then on the **Superseded Templates** tab, add the previously used **Windows Hello for Business Authentication** template(s), so they will be superseded by this template for the users that have Enroll permission for this template.
 14.	Click on the **Apply** to save changes and close the console.

--- a/windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
+++ b/windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
@ -108,7 +108,7 @@ Sign-in a domain controller or management workstations with _Domain Admin_ equiv
 3. Right-click the **Enable Windows Hello for Business** Group Policy object and click **Edit**.
 4. In the navigation pane, expand **Policies** under **User Configuration**.
 5. Expand **Windows Settings > Security Settings**, and click **Public Key Policies**.
-6. In the details pane, right-click **Certificate Services Client <EFBFBD> Auto-Enrollment** and select **Properties**.
+6. In the details pane, right-click **Certificate Services Client - Auto-Enrollment** and select **Properties**.
 7. Select **Enabled** from the **Configuration Model** list.
 8. Select the **Renew expired certificates**, **update pending certificates**, and **remove revoked certificates** check box.
 9. Select the **Update certificates that use certificate templates** check box.