deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merged PR 4339: Merged PR 4338: Merge ms-whfb-staging to whfb-staging

Browse Source 
Merged PR 4338: Merge ms-whfb-staging to whfb-staging

Corrections for Hybrid Cert trust deployment guide
This commit is contained in:
Dani Halfin 2017-11-08 00:07:37 +00:00
parent 8153f3d601
commit ab19870cb1
4 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/access-protection/hello-for-business/hello-deployment-guide.md
View File

@ -28,7 +28,7 @@ This deployment guide is to guide you through deploying Windows Hello for Busine
This guide assumes a baseline infrastructure exists that meets the requirements for your deployment. For either hybrid or on-premises deployments, it is expected that you have: This guide assumes a baseline infrastructure exists that meets the requirements for your deployment. For either hybrid or on-premises deployments, it is expected that you have:
* A well-connected, working network * A well-connected, working network
* Internet access * Internet access
* Multifactor Authentication Server to support MFA during Windows Hello for Business provisioning * Multifactor Authentication Server to support MFA during Windows Hello for Business provisioning
* Proper name resolution, both internal and external names * Proper name resolution, both internal and external names
* Active Directory and an adequate number of domain controllers per site to support authentication * Active Directory and an adequate number of domain controllers per site to support authentication
* Active Directory Certificate Services 2012 or later * Active Directory Certificate Services 2012 or later

2
windows/access-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
View File

@ -23,7 +23,7 @@ Hybrid environments are distributed systems that enable organizations to use on-
The distributed systems on which these technologies were built involved several pieces of on-premises and cloud infrastructure. High-level pieces of the infrastructure include: The distributed systems on which these technologies were built involved several pieces of on-premises and cloud infrastructure. High-level pieces of the infrastructure include:
* [Directories](#directories) * [Directories](#directories)
* [Public Key Infrastucture](#public-key-infastructure) * [Public Key Infrastucture](#public-key-infrastructure)
* [Directory Synchronization](#directory-synchronization) * [Directory Synchronization](#directory-synchronization)
* [Federation](#federation) * [Federation](#federation)
* [MultiFactor Authetication](#multifactor-authentication) * [MultiFactor Authetication](#multifactor-authentication)

2
windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
View File

@ -133,7 +133,7 @@ Sign-in a certificate authority or management workstations with _Domain Admin eq
9. On the **Subject** tab, select the **Build from this Active Directory information** button if it is not already selected. Select **Fully distinguished name** from the **Subject name format** list if **Fully distinguished name** is not already selected. Select the **User Principal Name (UPN)** check box under **Include this information in alternative subject name**. 9. On the **Subject** tab, select the **Build from this Active Directory information** button if it is not already selected. Select **Fully distinguished name** from the **Subject name format** list if **Fully distinguished name** is not already selected. Select the **User Principal Name (UPN)** check box under **Include this information in alternative subject name**.
10. On the **Request Handling** tab, select the **Renew with same key** check box. 10. On the **Request Handling** tab, select the **Renew with same key** check box.
11. On the **Security** tab, click **Add**. Type **Window Hello for Business Users** in the **Enter the object names to select** text box and click **OK**. 11. On the **Security** tab, click **Add**. Type **Window Hello for Business Users** in the **Enter the object names to select** text box and click **OK**.
12. Click the **Windows Hello for Business Users** from the **Group or users names** list. In the **Permissions for Windows Hello for Business Users** section, select the **Allow** check box for the **Enroll** permission. Excluding the **Windows Hello for Business Users** group, clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other entries in the **Group or users names** section if the check boxes are not already cleared. Click **OK**. 12. Click the **Windows Hello for Business Users** from the **Group or users names** list. In the **Permissions for Windows Hello for Business Users** section, select the **Allow** check box for the **Read**, **Enroll**, and **AutoEnroll** permissions. Excluding the **Windows Hello for Business Users** group, clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other entries in the **Group or users names** section if the check boxes are not already cleared. Click **OK**.
13. If you previously issued Windows Hello for Business sign-in certificates using Configuration Manger and are switching to an AD FS registration authority, then on the **Superseded Templates** tab, add the previously used **Windows Hello for Business Authentication** template(s), so they will be superseded by this template for the users that have Enroll permission for this template. 13. If you previously issued Windows Hello for Business sign-in certificates using Configuration Manger and are switching to an AD FS registration authority, then on the **Superseded Templates** tab, add the previously used **Windows Hello for Business Authentication** template(s), so they will be superseded by this template for the users that have Enroll permission for this template.
14. Click on the **Apply** to save changes and close the console. 14. Click on the **Apply** to save changes and close the console.

2
windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
View File

@ -108,7 +108,7 @@ Sign-in a domain controller or management workstations with _Domain Admin_ equiv
3. Right-click the **Enable Windows Hello for Business** Group Policy object and click **Edit**. 3. Right-click the **Enable Windows Hello for Business** Group Policy object and click **Edit**.
4. In the navigation pane, expand **Policies** under **User Configuration**. 4. In the navigation pane, expand **Policies** under **User Configuration**.
5. Expand **Windows Settings > Security Settings**, and click **Public Key Policies**. 5. Expand **Windows Settings > Security Settings**, and click **Public Key Policies**.
6. In the details pane, right-click **Certificate Services Client <EFBFBD> Auto-Enrollment** and select **Properties**. 6. In the details pane, right-click **Certificate Services Client - Auto-Enrollment** and select **Properties**.
7. Select **Enabled** from the **Configuration Model** list. 7. Select **Enabled** from the **Configuration Model** list.
8. Select the **Renew expired certificates**, **update pending certificates**, and **remove revoked certificates** check box. 8. Select the **Renew expired certificates**, **update pending certificates**, and **remove revoked certificates** check box.
9. Select the **Update certificates that use certificate templates** check box. 9. Select the **Update certificates that use certificate templates** check box.