From b249e48e3e894d1609b0c303672da5a3d347d59f Mon Sep 17 00:00:00 2001 From: Mike Stephens Date: Fri, 17 Aug 2018 10:54:35 -0700 Subject: [PATCH] another round of changes --- .../hello-for-business/hello-how-it-works.md | 2 +- .../hello-for-business/hello-hybrid-aadj-sso-cert.md | 11 ++--------- 2 files changed, 3 insertions(+), 10 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md index 6ae4990712..8f2df655ab 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md @@ -15,7 +15,7 @@ ms.date: 05/05/2018 **Applies to** - Windows 10 -Windows Hello for Business is a modern, two-factor credential that is the more secure alternative to passwords. Windows. Whether you are cloud or on-premises, Windows Hello for Business has a deployment option for you. For cloud deployments, you can use Windows Hello for Business with Azure Active Directory joined, Hybrid Azure Active Directory joined, or Azure Active Directory registered devices. Windows Hello for Business also works for domain joined devices. +Windows Hello for Business is a modern, two-factor credential that is the more secure alternative to passwords. Whether you are cloud or on-premises, Windows Hello for Business has a deployment option for you. For cloud deployments, you can use Windows Hello for Business with Azure Active Directory joined, Hybrid Azure Active Directory joined, or Azure Active Directory registered devices. Windows Hello for Business also works for domain joined devices. Watch this quick video where Pieter Wigleven gives a simple explanation of how Windows Hello for Business works and some of its supporting features. > [!VIDEO https://www.youtube.com/embed/G-GJuDWbBE8] diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md index d640411c29..8bdd8a8d53 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md @@ -572,20 +572,16 @@ Sign-in the NDES server with access equivalent to _domain administrator_. Sign-in the NDES server with access equivalent to _domain administrator_. 1. The **NDES Connector** user interface should be open from the last task. - > [!NOTE] > If the **NDES Connector** user interface is not open, you can start it from **\\NDESConnectorUI\NDESConnectorUI.exe**. 2. If your organization uses a proxy server and the proxy is needed for the NDES server to access the Internet, select **Use proxy server**, and then enter the proxy server name, port, and credentials to connect. Click **Apply** - ![Intune Certificate Connector Configuration 01](images/aadjcert/intunecertconnectorconfig-01.png) 3. Click **Sign-in**. Type credentials for your Intune administrator, or tenant administrator that has the **Global Administrator** directory role. - ![Intune Certificate Connector Configuration 02](images/aadjcert/intunecertconnectorconfig-02.png) - > [!IMPORTANT] -> THe user account must have a valid Intune licenese asssigned. If the user account does not have a valid Intune license, the sign-in fails. +> The user account must have a valid Intune licenese asssigned. If the user account does not have a valid Intune license, the sign-in fails. 4. Optionally, you can configure the NDES Connector for certificate revocation. If you want to do this, continue to the next task. Otherwise, Click **Close**, restart the **Intune Connector Service** and the **World Wide Web Publishing Service**, and skip the next task. @@ -625,7 +621,6 @@ Sign-in the NDES server with access equivalent to _domain admin_. where **[fqdnHostName]** is the fully qualified internal DNS host name of the NDES server. A web page showing a 403 error (similar to the following should appear) in your web browser. If you do not see similar page, or you get a **503 Service unavailable**, ensure the NDES Service account as the proper user rights. You can also review the application event log for events with the **NetworkDeviceEnrollmentSerice** source. - ![NDES web site test after Intune Certificate Connector](images/aadjcert/ndes-https-website-test-after-intune-connector.png) 6. Using **Server Manager**, enable **Internet Explorer Enhanced Security Configuration**. @@ -647,12 +642,11 @@ Sign-in a workstation with access equivalent to a _domain user_. 8. Click **Members**. Use the **Select members** pane to add members to this group. When finished click **Select**. 9. Click **Create**. - ### Create a SCEP Certificte Profile Sign-in a workstation with access equivalent to a _domain user_. 1. Sign-in to the [Azure Portal](https://portal.azure.com/). -2. 2. Select **All Services**. Type **Intune** to filter the list of services. Click **Microsoft Intune**. +2. Select **All Services**. Type **Intune** to filter the list of services. Click **Microsoft Intune**. 3. Select **Device Configuration**, and then click **Profiles**. 4. Select **Create Profile**. ![Intune Device Configuration Create Profile](images/aadjcert/intunedeviceconfigurationcreateprofile.png) @@ -664,7 +658,6 @@ Sign-in a workstation with access equivalent to a _domain user_. ![WHFB Scep Profile Blade](images/aadjcert/intunewhfbscepprofile-00.png) 9. The **SCEP Certificate** blade should open. Configure **Certificate validity period** to match your organization. - > [!IMPORTANT] > Remember that you need to configiure your certificate authority to allow Microsoft Intune to configure certificate validity.