mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-13 22:07:22 +00:00
Merging changes synced from https://github.com/MicrosoftDocs/windows-docs-pr (branch live)
This commit is contained in:
Learn Build Service GitHub App
commit
b25d5a0ab1
@ -67,6 +67,15 @@
|
|||||||
"v-stsavell"
|
"v-stsavell"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
"fileMetadata": {
|
||||||
|
"appliesto":{
|
||||||
|
"windows/**/*.md": [
|
||||||
|
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
|
||||||
|
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11 SE</a>",
|
||||||
|
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
"externalReference": [],
|
"externalReference": [],
|
||||||
"template": "op.html",
|
"template": "op.html",
|
||||||
"dest": "education",
|
"dest": "education",
|
||||||
|
|||||||
@ -15,7 +15,7 @@ ms.collection:
|
|||||||
|
|
||||||
IT admins or technical teachers can use Autopilot Reset to quickly remove personal files, apps, and settings, and reset Windows 10 devices from the lock screen anytime and apply original settings and management enrollment (Azure Active Directory and device management) so the devices are ready to use. With Autopilot Reset, devices are returned to a fully configured or known IT-approved state.
|
IT admins or technical teachers can use Autopilot Reset to quickly remove personal files, apps, and settings, and reset Windows 10 devices from the lock screen anytime and apply original settings and management enrollment (Azure Active Directory and device management) so the devices are ready to use. With Autopilot Reset, devices are returned to a fully configured or known IT-approved state.
|
||||||
|
|
||||||
To enable Autopilot Reset in Windows 10, version 1709 (Fall Creators Update), you must:
|
To enable Autopilot Reset you must:
|
||||||
|
|
||||||
1. [Enable the policy for the feature](#enable-autopilot-reset)
|
1. [Enable the policy for the feature](#enable-autopilot-reset)
|
||||||
2. [Trigger a reset for each device](#trigger-autopilot-reset)
|
2. [Trigger a reset for each device](#trigger-autopilot-reset)
|
||||||
|
|||||||
@ -10,8 +10,6 @@ manager: jeffbu
|
|||||||
ms.collection:
|
ms.collection:
|
||||||
- tier3
|
- tier3
|
||||||
- education
|
- education
|
||||||
appliesto:
|
|
||||||
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Upgrade Windows Home to Windows Education on student-owned devices
|
# Upgrade Windows Home to Windows Education on student-owned devices
|
||||||
|
|||||||
@ -3,6 +3,7 @@ title: Configure federation between Google Workspace and Azure AD
|
|||||||
description: Configuration of a federated trust between Google Workspace and Azure AD, with Google Workspace acting as an identity provider (IdP) for Azure AD.
|
description: Configuration of a federated trust between Google Workspace and Azure AD, with Google Workspace acting as an identity provider (IdP) for Azure AD.
|
||||||
ms.date: 02/24/2023
|
ms.date: 02/24/2023
|
||||||
ms.topic: how-to
|
ms.topic: how-to
|
||||||
|
appliesto:
|
||||||
---
|
---
|
||||||
|
|
||||||
# Configure federation between Google Workspace and Azure AD
|
# Configure federation between Google Workspace and Azure AD
|
||||||
|
|||||||
@ -3,8 +3,6 @@ title: Configure Take a Test in kiosk mode
|
|||||||
description: Learn how to configure Windows to execute the Take a Test app in kiosk mode, using Intune and provisioning packages.
|
description: Learn how to configure Windows to execute the Take a Test app in kiosk mode, using Intune and provisioning packages.
|
||||||
ms.date: 09/30/2022
|
ms.date: 09/30/2022
|
||||||
ms.topic: how-to
|
ms.topic: how-to
|
||||||
appliesto:
|
|
||||||
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Configure Take a Test in kiosk mode
|
# Configure Take a Test in kiosk mode
|
||||||
|
|||||||
@ -5,6 +5,7 @@ ms.date: 09/15/2022
|
|||||||
ms.topic: how-to
|
ms.topic: how-to
|
||||||
appliesto:
|
appliesto:
|
||||||
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
|
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
|
||||||
|
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE</a>
|
||||||
---
|
---
|
||||||
|
|
||||||
# Configure education themes for Windows 11
|
# Configure education themes for Windows 11
|
||||||
|
|||||||
@ -5,6 +5,7 @@ ms.date: 03/15/2023
|
|||||||
ms.topic: how-to
|
ms.topic: how-to
|
||||||
appliesto:
|
appliesto:
|
||||||
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
|
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
|
||||||
|
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE</a>
|
||||||
ms.collection:
|
ms.collection:
|
||||||
- highpri
|
- highpri
|
||||||
- tier1
|
- tier1
|
||||||
|
|||||||
@ -3,8 +3,6 @@ title: Get and deploy Minecraft Education
|
|||||||
description: Learn how to obtain and distribute Minecraft Education to Windows devices.
|
description: Learn how to obtain and distribute Minecraft Education to Windows devices.
|
||||||
ms.topic: how-to
|
ms.topic: how-to
|
||||||
ms.date: 02/23/2023
|
ms.date: 02/23/2023
|
||||||
appliesto:
|
|
||||||
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
|
|
||||||
ms.collection:
|
ms.collection:
|
||||||
- highpri
|
- highpri
|
||||||
- education
|
- education
|
||||||
|
|||||||
@ -1,6 +1,4 @@
|
|||||||
---
|
---
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
ms.date: 02/22/2022
|
ms.date: 02/22/2022
|
||||||
ms.topic: include
|
ms.topic: include
|
||||||
---
|
---
|
||||||
|
|||||||
@ -1,6 +1,4 @@
|
|||||||
---
|
---
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
ms.date: 11/08/2022
|
ms.date: 11/08/2022
|
||||||
ms.topic: include
|
ms.topic: include
|
||||||
---
|
---
|
||||||
|
|||||||
@ -1,6 +1,4 @@
|
|||||||
---
|
---
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
ms.date: 11/08/2022
|
ms.date: 11/08/2022
|
||||||
ms.topic: include
|
ms.topic: include
|
||||||
---
|
---
|
||||||
|
|||||||
@ -3,8 +3,6 @@ title: What's new in the Windows Set up School PCs app
|
|||||||
description: Find out about app updates and new features in Set up School PCs.
|
description: Find out about app updates and new features in Set up School PCs.
|
||||||
ms.topic: whats-new
|
ms.topic: whats-new
|
||||||
ms.date: 08/10/2022
|
ms.date: 08/10/2022
|
||||||
appliesto:
|
|
||||||
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# What's new in Set up School PCs
|
# What's new in Set up School PCs
|
||||||
|
|||||||
@ -1,10 +1,8 @@
|
|||||||
---
|
---
|
||||||
title: Take a Test app technical reference
|
title: Take a Test app technical reference
|
||||||
description: List of policies and settings applied by the Take a Test app.
|
description: List of policies and settings applied by the Take a Test app.
|
||||||
ms.date: 09/30/2022
|
ms.date: 03/31/2023
|
||||||
ms.topic: reference
|
ms.topic: reference
|
||||||
appliesto:
|
|
||||||
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Take a Test app technical reference
|
# Take a Test app technical reference
|
||||||
|
|||||||
@ -1,10 +1,8 @@
|
|||||||
---
|
---
|
||||||
title: Take tests and assessments in Windows
|
title: Take tests and assessments in Windows
|
||||||
description: Learn about the built-in Take a Test app for Windows and how to use it.
|
description: Learn about the built-in Take a Test app for Windows and how to use it.
|
||||||
ms.date: 09/30/2022
|
ms.date: 03/31/2023
|
||||||
ms.topic: conceptual
|
ms.topic: conceptual
|
||||||
appliesto:
|
|
||||||
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Take tests and assessments in Windows
|
# Take tests and assessments in Windows
|
||||||
|
|||||||
@ -3,8 +3,6 @@ title: Configure applications with Microsoft Intune
|
|||||||
description: Learn how to configure applications with Microsoft Intune in preparation for device deployment.
|
description: Learn how to configure applications with Microsoft Intune in preparation for device deployment.
|
||||||
ms.date: 08/31/2022
|
ms.date: 08/31/2022
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
appliesto:
|
|
||||||
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Configure applications with Microsoft Intune
|
# Configure applications with Microsoft Intune
|
||||||
|
|||||||
@ -3,8 +3,6 @@ title: Configure and secure devices with Microsoft Intune
|
|||||||
description: Learn how to configure policies with Microsoft Intune in preparation for device deployment.
|
description: Learn how to configure policies with Microsoft Intune in preparation for device deployment.
|
||||||
ms.date: 08/31/2022
|
ms.date: 08/31/2022
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
appliesto:
|
|
||||||
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Configure and secure devices with Microsoft Intune
|
# Configure and secure devices with Microsoft Intune
|
||||||
|
|||||||
@ -3,8 +3,6 @@ title: Configure devices with Microsoft Intune
|
|||||||
description: Learn how to configure policies and applications in preparation for device deployment.
|
description: Learn how to configure policies and applications in preparation for device deployment.
|
||||||
ms.date: 08/31/2022
|
ms.date: 08/31/2022
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
appliesto:
|
|
||||||
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Configure settings and applications with Microsoft Intune
|
# Configure settings and applications with Microsoft Intune
|
||||||
|
|||||||
@ -3,8 +3,6 @@ title: Enrollment in Intune with standard out-of-box experience (OOBE)
|
|||||||
description: Learn how to join devices to Azure AD from OOBE and automatically get them enrolled in Intune.
|
description: Learn how to join devices to Azure AD from OOBE and automatically get them enrolled in Intune.
|
||||||
ms.date: 08/31/2022
|
ms.date: 08/31/2022
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
appliesto:
|
|
||||||
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
|
|
||||||
---
|
---
|
||||||
# Automatic Intune enrollment via Azure AD join
|
# Automatic Intune enrollment via Azure AD join
|
||||||
|
|
||||||
|
|||||||
@ -3,8 +3,6 @@ title: Enrollment in Intune with Windows Autopilot
|
|||||||
description: Learn how to join Azure AD and enroll in Intune using Windows Autopilot.
|
description: Learn how to join Azure AD and enroll in Intune using Windows Autopilot.
|
||||||
ms.date: 08/31/2022
|
ms.date: 08/31/2022
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
appliesto:
|
|
||||||
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Windows Autopilot
|
# Windows Autopilot
|
||||||
|
|||||||
@ -3,8 +3,6 @@ title: Device enrollment overview
|
|||||||
description: Learn about the different options to enroll Windows devices in Microsoft Intune
|
description: Learn about the different options to enroll Windows devices in Microsoft Intune
|
||||||
ms.date: 08/31/2022
|
ms.date: 08/31/2022
|
||||||
ms.topic: overview
|
ms.topic: overview
|
||||||
appliesto:
|
|
||||||
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Device enrollment overview
|
# Device enrollment overview
|
||||||
|
|||||||
@ -3,8 +3,6 @@ title: Enrollment of Windows devices with provisioning packages
|
|||||||
description: Learn about how to enroll Windows devices with provisioning packages using SUSPCs and Windows Configuration Designer.
|
description: Learn about how to enroll Windows devices with provisioning packages using SUSPCs and Windows Configuration Designer.
|
||||||
ms.date: 08/31/2022
|
ms.date: 08/31/2022
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
appliesto:
|
|
||||||
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Enrollment with provisioning packages
|
# Enrollment with provisioning packages
|
||||||
|
|||||||
@ -3,8 +3,6 @@ title: Introduction to the tutorial deploy and manage Windows devices in a schoo
|
|||||||
description: Introduction to deployment and management of Windows devices in education environments.
|
description: Introduction to deployment and management of Windows devices in education environments.
|
||||||
ms.date: 08/31/2022
|
ms.date: 08/31/2022
|
||||||
ms.topic: conceptual
|
ms.topic: conceptual
|
||||||
appliesto:
|
|
||||||
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Tutorial: deploy and manage Windows devices in a school
|
# Tutorial: deploy and manage Windows devices in a school
|
||||||
|
|||||||
@ -3,8 +3,6 @@ title: Manage devices with Microsoft Intune
|
|||||||
description: Overview of device management capabilities in Intune for Education, including remote actions, remote assistance and inventory/reporting.
|
description: Overview of device management capabilities in Intune for Education, including remote actions, remote assistance and inventory/reporting.
|
||||||
ms.date: 08/31/2022
|
ms.date: 08/31/2022
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
appliesto:
|
|
||||||
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Manage devices with Microsoft Intune
|
# Manage devices with Microsoft Intune
|
||||||
|
|||||||
@ -3,8 +3,6 @@ title: Reset and wipe Windows devices
|
|||||||
description: Learn about the reset and wipe options for Windows devices using Intune for Education, including scenarios when to delete devices.
|
description: Learn about the reset and wipe options for Windows devices using Intune for Education, including scenarios when to delete devices.
|
||||||
ms.date: 08/31/2022
|
ms.date: 08/31/2022
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
appliesto:
|
|
||||||
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Device reset options
|
# Device reset options
|
||||||
|
|||||||
@ -3,6 +3,7 @@ title: Set up Azure Active Directory
|
|||||||
description: Learn how to create and prepare your Azure AD tenant for an education environment.
|
description: Learn how to create and prepare your Azure AD tenant for an education environment.
|
||||||
ms.date: 08/31/2022
|
ms.date: 08/31/2022
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
|
appliesto:
|
||||||
---
|
---
|
||||||
|
|
||||||
# Set up Azure Active Directory
|
# Set up Azure Active Directory
|
||||||
|
|||||||
@ -3,6 +3,7 @@ title: Set up device management
|
|||||||
description: Learn how to configure the Intune service and set up the environment for education.
|
description: Learn how to configure the Intune service and set up the environment for education.
|
||||||
ms.date: 08/31/2022
|
ms.date: 08/31/2022
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
|
appliesto:
|
||||||
---
|
---
|
||||||
|
|
||||||
# Set up Microsoft Intune
|
# Set up Microsoft Intune
|
||||||
|
|||||||
@ -3,8 +3,6 @@ title: Troubleshoot Windows devices
|
|||||||
description: Learn how to troubleshoot Windows devices from Intune and contact Microsoft Support for issues related to Intune and other services.
|
description: Learn how to troubleshoot Windows devices from Intune and contact Microsoft Support for issues related to Intune and other services.
|
||||||
ms.date: 08/31/2022
|
ms.date: 08/31/2022
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
appliesto:
|
|
||||||
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Troubleshoot Windows devices
|
# Troubleshoot Windows devices
|
||||||
|
|||||||
@ -76,11 +76,46 @@
|
|||||||
"identity-protection/**/*.md": "paoloma",
|
"identity-protection/**/*.md": "paoloma",
|
||||||
"threat-protection/windows-firewall/*.md": "aaroncz"
|
"threat-protection/windows-firewall/*.md": "aaroncz"
|
||||||
},
|
},
|
||||||
|
"appliesto":{
|
||||||
|
"identity-protection/**/*.md": [
|
||||||
|
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
|
||||||
|
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>"
|
||||||
|
],
|
||||||
|
"identity-protection/credential-guard/**/*.md": [
|
||||||
|
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
|
||||||
|
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
|
||||||
|
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
|
||||||
|
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
|
||||||
|
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
|
||||||
|
],
|
||||||
|
"identity-protection/smart-cards/**/*.md": [
|
||||||
|
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
|
||||||
|
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
|
||||||
|
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
|
||||||
|
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
|
||||||
|
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
|
||||||
|
],
|
||||||
|
"identity-protection/user-account-control/**/*.md": [
|
||||||
|
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
|
||||||
|
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
|
||||||
|
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
|
||||||
|
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
|
||||||
|
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
|
||||||
|
],
|
||||||
|
"identity-protection/virtual-smart-cards/**/*.md": [
|
||||||
|
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
|
||||||
|
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
|
||||||
|
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
|
||||||
|
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
|
||||||
|
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
|
||||||
|
]
|
||||||
|
},
|
||||||
"ms.reviewer":{
|
"ms.reviewer":{
|
||||||
"identity-protection/hello-for-business/*.md": "erikdau",
|
"identity-protection/hello-for-business/*.md": "erikdau",
|
||||||
"identity-protection/credential-guard/*.md": "zwhittington",
|
"identity-protection/credential-guard/*.md": "zwhittington",
|
||||||
"identity-protection/access-control/*.md": "sulahiri",
|
"identity-protection/access-control/*.md": "sulahiri",
|
||||||
"threat-protection/windows-firewall/*.md": "paoloma"
|
"threat-protection/windows-firewall/*.md": "paoloma",
|
||||||
|
"identity-protection/vpn/*.md": "pesmith"
|
||||||
},
|
},
|
||||||
"ms.collection":{
|
"ms.collection":{
|
||||||
"identity-protection/hello-for-business/*.md": "tier1",
|
"identity-protection/hello-for-business/*.md": "tier1",
|
||||||
|
|||||||
@ -1,13 +1,14 @@
|
|||||||
---
|
---
|
||||||
|
ms.date: 11/22/2022
|
||||||
title: Access Control Overview
|
title: Access Control Overview
|
||||||
description: Description of the access controls in Windows, which is the process of authorizing users, groups, and computers to access objects on the network or computer.
|
description: Description of the access controls in Windows, which is the process of authorizing users, groups, and computers to access objects on the network or computer.
|
||||||
ms.prod: windows-client
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.date: 11/22/2022
|
|
||||||
appliesto:
|
appliesto:
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
|
||||||
ms.technology: itpro-security
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>
|
||||||
---
|
---
|
||||||
|
|
||||||
# Access Control Overview
|
# Access Control Overview
|
||||||
|
|||||||
@ -1,15 +1,17 @@
|
|||||||
---
|
---
|
||||||
|
ms.date: 12/05/2022
|
||||||
title: Local Accounts
|
title: Local Accounts
|
||||||
description: Learn how to secure and manage access to the resources on a standalone or member server for services or users.
|
description: Learn how to secure and manage access to the resources on a standalone or member server for services or users.
|
||||||
ms.date: 12/05/2022
|
ms.topic: conceptual
|
||||||
ms.collection:
|
ms.collection:
|
||||||
- highpri
|
- highpri
|
||||||
- tier2
|
- tier2
|
||||||
ms.topic: article
|
|
||||||
appliesto:
|
appliesto:
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
|
||||||
ms.technology: itpro-security
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>
|
||||||
---
|
---
|
||||||
|
|
||||||
# Local Accounts
|
# Local Accounts
|
||||||
@ -60,7 +62,7 @@ Group Policy can be used to control the use of the local Administrators group au
|
|||||||
|
|
||||||
> [!IMPORTANT]
|
> [!IMPORTANT]
|
||||||
>
|
>
|
||||||
> - Blank passwords are not allowed in the versions designated in the **Applies To** list at the beginning of this topic.
|
> - Blank passwords are not allowed.
|
||||||
>
|
>
|
||||||
> - Even when the Administrator account has been disabled, it can still be used to gain access to a computer by using safe mode. In the Recovery Console or in safe mode, the Administrator account is automatically enabled. When normal operations are resumed, it is disabled.
|
> - Even when the Administrator account has been disabled, it can still be used to gain access to a computer by using safe mode. In the Recovery Console or in safe mode, the Administrator account is automatically enabled. When normal operations are resumed, it is disabled.
|
||||||
|
|
||||||
|
|||||||
@ -1,26 +1,13 @@
|
|||||||
---
|
---
|
||||||
title: Configure S/MIME for Windows
|
title: Configure S/MIME for Windows
|
||||||
description: S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients with a digital ID, also known as a certificate, can read them.
|
description: S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients with a digital ID, also known as a certificate, can read them.
|
||||||
ms.prod: windows-client
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
manager: aaroncz
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.localizationpriority: medium
|
|
||||||
ms.date: 07/27/2017
|
ms.date: 07/27/2017
|
||||||
appliesto:
|
|
||||||
- ✅ <b>Windows 10</b>
|
|
||||||
- ✅ <b>Windows 11</b>
|
|
||||||
ms.technology: itpro-security
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
||||||
# Configure S/MIME for Windows
|
# Configure S/MIME for Windows
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
- Windows 10
|
|
||||||
- Windows 11
|
|
||||||
|
|
||||||
S/MIME stands for Secure/Multipurpose Internet Mail Extensions, and provides an added layer of security for email sent to and from an Exchange ActiveSync (EAS) account. S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients who have a digital identification (ID), also known as a certificate, can read them. Users can digitally sign a message, which provides the recipients with a way to verify the identity of the sender and that the message hasn't been tampered with.
|
S/MIME stands for Secure/Multipurpose Internet Mail Extensions, and provides an added layer of security for email sent to and from an Exchange ActiveSync (EAS) account. S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients who have a digital identification (ID), also known as a certificate, can read them. Users can digitally sign a message, which provides the recipients with a way to verify the identity of the sender and that the message hasn't been tampered with.
|
||||||
|
|
||||||
## About message encryption
|
## About message encryption
|
||||||
@ -31,11 +18,11 @@ Encrypted messages can be read only by recipients who have a certificate. If you
|
|||||||
|
|
||||||
## About digital signatures
|
## About digital signatures
|
||||||
|
|
||||||
A digitally signed message reassures the recipient that the message hasn't been tampered with and verifies the identity of the sender. Recipients can only verify the digital signature if they’re using an email client that supports S/MIME.
|
A digitally signed message reassures the recipient that the message hasn't been tampered with and verifies the identity of the sender. Recipients can only verify the digital signature if they're using an email client that supports S/MIME.
|
||||||
|
|
||||||
## Prerequisites
|
## Prerequisites
|
||||||
|
|
||||||
- [S/MIME is enabled for Exchange accounts](/microsoft-365/security/office-365-security/s-mime-for-message-signing-and-encryption) (on-premises and Office 365). Users can’t use S/MIME signing and encryption with a personal account such as Outlook.com.
|
- [S/MIME is enabled for Exchange accounts](/microsoft-365/security/office-365-security/s-mime-for-message-signing-and-encryption) (on-premises and Office 365). Users can't use S/MIME signing and encryption with a personal account such as Outlook.com.
|
||||||
- Valid Personal Information Exchange (PFX) certificates are installed on the device.
|
- Valid Personal Information Exchange (PFX) certificates are installed on the device.
|
||||||
|
|
||||||
- [How to Create PFX Certificate Profiles in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/mt131410(v=technet.10))
|
- [How to Create PFX Certificate Profiles in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/mt131410(v=technet.10))
|
||||||
|
|||||||
@ -1,11 +1,8 @@
|
|||||||
---
|
---
|
||||||
|
ms.date: 08/17/2017
|
||||||
title: Additional mitigations
|
title: Additional mitigations
|
||||||
description: Advice and sample code for making your domain environment more secure and robust with Windows Defender Credential Guard.
|
description: Advice and sample code for making your domain environment more secure and robust with Windows Defender Credential Guard.
|
||||||
ms.date: 08/17/2017
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Additional mitigations
|
# Additional mitigations
|
||||||
|
|||||||
@ -1,11 +1,8 @@
|
|||||||
---
|
---
|
||||||
|
ms.date: 01/06/2023
|
||||||
title: Considerations when using Windows Defender Credential Guard
|
title: Considerations when using Windows Defender Credential Guard
|
||||||
description: Considerations and recommendations for certain scenarios when using Windows Defender Credential Guard.
|
description: Considerations and recommendations for certain scenarios when using Windows Defender Credential Guard.
|
||||||
ms.date: 01/06/2023
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Considerations when using Windows Defender Credential Guard
|
# Considerations when using Windows Defender Credential Guard
|
||||||
|
|||||||
@ -1,11 +1,8 @@
|
|||||||
---
|
---
|
||||||
|
ms.date: 08/17/2017
|
||||||
title: How Windows Defender Credential Guard works
|
title: How Windows Defender Credential Guard works
|
||||||
description: Learn how Windows Defender Credential Guard uses virtualization to protect secrets, so that only privileged system software can access them.
|
description: Learn how Windows Defender Credential Guard uses virtualization to protect secrets, so that only privileged system software can access them.
|
||||||
ms.date: 08/17/2017
|
|
||||||
ms.topic: conceptual
|
ms.topic: conceptual
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# How Windows Defender Credential Guard works
|
# How Windows Defender Credential Guard works
|
||||||
|
|||||||
@ -1,11 +1,8 @@
|
|||||||
---
|
---
|
||||||
|
ms.date: 11/28/2022
|
||||||
title: Windows Defender Credential Guard - Known issues
|
title: Windows Defender Credential Guard - Known issues
|
||||||
description: Windows Defender Credential Guard - Known issues in Windows Enterprise
|
description: Windows Defender Credential Guard - Known issues in Windows Enterprise
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.date: 11/28/2022
|
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
|
||||||
---
|
---
|
||||||
# Windows Defender Credential Guard: Known issues
|
# Windows Defender Credential Guard: Known issues
|
||||||
|
|
||||||
|
|||||||
@ -6,9 +6,6 @@ ms.collection:
|
|||||||
- highpri
|
- highpri
|
||||||
- tier2
|
- tier2
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Manage Windows Defender Credential Guard
|
# Manage Windows Defender Credential Guard
|
||||||
|
|||||||
@ -3,9 +3,6 @@ title: Windows Defender Credential Guard protection limits (Windows)
|
|||||||
description: Some ways to store credentials are not protected by Windows Defender Credential Guard in Windows. Learn more with this guide.
|
description: Some ways to store credentials are not protected by Windows Defender Credential Guard in Windows. Learn more with this guide.
|
||||||
ms.date: 08/17/2017
|
ms.date: 08/17/2017
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
|
||||||
---
|
---
|
||||||
# Windows Defender Credential Guard protection limits
|
# Windows Defender Credential Guard protection limits
|
||||||
|
|
||||||
|
|||||||
@ -3,9 +3,6 @@ title: Windows Defender Credential Guard requirements
|
|||||||
description: Windows Defender Credential Guard baseline hardware, firmware, and software requirements, and additional protections for improved security.
|
description: Windows Defender Credential Guard baseline hardware, firmware, and software requirements, and additional protections for improved security.
|
||||||
ms.date: 12/27/2021
|
ms.date: 12/27/2021
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Windows Defender Credential Guard requirements
|
# Windows Defender Credential Guard requirements
|
||||||
|
|||||||
@ -6,9 +6,6 @@ ms.topic: article
|
|||||||
ms.collection:
|
ms.collection:
|
||||||
- highpri
|
- highpri
|
||||||
- tier2
|
- tier2
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Protect derived domain credentials with Windows Defender Credential Guard
|
# Protect derived domain credentials with Windows Defender Credential Guard
|
||||||
|
|||||||
@ -1,17 +1,8 @@
|
|||||||
---
|
---
|
||||||
title: Enterprise Certificate Pinning
|
title: Enterprise Certificate Pinning
|
||||||
description: Enterprise certificate pinning is a Windows feature for remembering; or pinning a root issuing certificate authority, or end entity certificate to a given domain name.
|
description: Enterprise certificate pinning is a Windows feature for remembering; or pinning a root issuing certificate authority, or end entity certificate to a given domain name.
|
||||||
author: paolomatarazzo
|
ms.topic: conceptual
|
||||||
ms.author: paoloma
|
|
||||||
manager: aaroncz
|
|
||||||
ms.topic: article
|
|
||||||
ms.prod: windows-client
|
|
||||||
ms.technology: itpro-security
|
|
||||||
ms.localizationpriority: medium
|
|
||||||
ms.date: 07/27/2017
|
ms.date: 07/27/2017
|
||||||
appliesto:
|
|
||||||
- ✅ <b>Windows 10</b>
|
|
||||||
- ✅ <b>Windows 11</b>
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Enterprise Certificate Pinning
|
# Enterprise Certificate Pinning
|
||||||
@ -22,7 +13,7 @@ Enterprise certificate pinning helps reduce man-in-the-middle attacks by enablin
|
|||||||
> [!NOTE]
|
> [!NOTE]
|
||||||
> External domain names, where the certificate issued to these domains is issued by a public certificate authority, are not ideal for enterprise certificate pinning.
|
> External domain names, where the certificate issued to these domains is issued by a public certificate authority, are not ideal for enterprise certificate pinning.
|
||||||
|
|
||||||
Windows Certificate APIs (CertVerifyCertificateChainPolicy and WinVerifyTrust) are updated to check if the site’s chain that authenticates servers matches a restricted set of certificates.
|
Windows Certificate APIs (CertVerifyCertificateChainPolicy and WinVerifyTrust) are updated to check if the site's chain that authenticates servers matches a restricted set of certificates.
|
||||||
These restrictions are encapsulated in a Pin Rules Certificate Trust List (CTL) that is configured and deployed to Windows 10 computers.
|
These restrictions are encapsulated in a Pin Rules Certificate Trust List (CTL) that is configured and deployed to Windows 10 computers.
|
||||||
Any site certificate that triggers a name mismatch causes Windows to write an event to the CAPI2 event log and prevents the user from navigating to the web site using Microsoft Edge or Internet Explorer.
|
Any site certificate that triggers a name mismatch causes Windows to write an event to the CAPI2 event log and prevents the user from navigating to the web site using Microsoft Edge or Internet Explorer.
|
||||||
|
|
||||||
@ -97,7 +88,7 @@ The **Certificate** element can have the following attributes.
|
|||||||
| **File** | Path to a file containing one or more certificates. Where the certificate(s) can be encoded as: <br>- single certificate <br>- p7b <br>- sst <br> These files can also be Base64 formatted. All **Site** elements included in the same **PinRule** element can match any of these certificates. | Yes (File, Directory, or Base64 must be present). |
|
| **File** | Path to a file containing one or more certificates. Where the certificate(s) can be encoded as: <br>- single certificate <br>- p7b <br>- sst <br> These files can also be Base64 formatted. All **Site** elements included in the same **PinRule** element can match any of these certificates. | Yes (File, Directory, or Base64 must be present). |
|
||||||
| **Directory** | Path to a directory containing one or more of the above certificate files. Skips any files not containing any certificates. | Yes (File, Directory, or Base64 must be present). |
|
| **Directory** | Path to a directory containing one or more of the above certificate files. Skips any files not containing any certificates. | Yes (File, Directory, or Base64 must be present). |
|
||||||
| **Base64** | Base64 encoded certificate(s). Where the certificate(s) can be encoded as: <br>- single certificate <br>- p7b <br> - sst <br> This allows the certificates to be included in the XML file without a file directory dependency. <br> Note: <br> You can use **certutil -encode** to convert a .cer file into base64. You can then use Notepad to copy and paste the base64 encoded certificate into the pin rule. | Yes (File, Directory, or Base64 must be present). |
|
| **Base64** | Base64 encoded certificate(s). Where the certificate(s) can be encoded as: <br>- single certificate <br>- p7b <br> - sst <br> This allows the certificates to be included in the XML file without a file directory dependency. <br> Note: <br> You can use **certutil -encode** to convert a .cer file into base64. You can then use Notepad to copy and paste the base64 encoded certificate into the pin rule. | Yes (File, Directory, or Base64 must be present). |
|
||||||
| **EndDate** | Enables you to configure an expiration date for when the certificate is no longer valid in the pin rule. <br>If you are in the process of switching to a new root or CA, you can set the **EndDate** to allow matching of this element’s certificates.<br> If the current time is past the **EndDate**, then, when creating the certificate trust list (CTL), the parser outputs a warning message and excludes the certificate(s) from the Pin Rule in the generated CTL.<br> For help with formatting Pin Rules, see [Representing a Date in XML](#representing-a-date-in-xml).| No.|
|
| **EndDate** | Enables you to configure an expiration date for when the certificate is no longer valid in the pin rule. <br>If you are in the process of switching to a new root or CA, you can set the **EndDate** to allow matching of this element's certificates.<br> If the current time is past the **EndDate**, then, when creating the certificate trust list (CTL), the parser outputs a warning message and excludes the certificate(s) from the Pin Rule in the generated CTL.<br> For help with formatting Pin Rules, see [Representing a Date in XML](#representing-a-date-in-xml).| No.|
|
||||||
|
|
||||||
#### Site element
|
#### Site element
|
||||||
|
|
||||||
@ -154,7 +145,7 @@ Use **certutil.exe** to apply your certificate pinning rules to your reference c
|
|||||||
The **setreg** argument takes a secondary argument that determines the location of where certutil writes the certificate pining rules.
|
The **setreg** argument takes a secondary argument that determines the location of where certutil writes the certificate pining rules.
|
||||||
This secondary argument is **chain\PinRules**.
|
This secondary argument is **chain\PinRules**.
|
||||||
The last argument you provide is the name of file that contains your certificate pinning rules in certificate trust list format (.stl).
|
The last argument you provide is the name of file that contains your certificate pinning rules in certificate trust list format (.stl).
|
||||||
You’ll pass the name of the file as the last argument; however, you need to prefix the file name with the '@' symbol as shown in the following example.
|
You'll pass the name of the file as the last argument; however, you need to prefix the file name with the '@' symbol as shown in the following example.
|
||||||
You need to perform this command from an elevated command prompt.
|
You need to perform this command from an elevated command prompt.
|
||||||
|
|
||||||
```code
|
```code
|
||||||
@ -174,7 +165,7 @@ Certutil writes the binary information to the following registration location:
|
|||||||
|
|
||||||
### Deploying Enterprise Pin Rule Settings using Group Policy
|
### Deploying Enterprise Pin Rule Settings using Group Policy
|
||||||
|
|
||||||
You’ve successfully created a certificate pinning rules XML file.
|
You've successfully created a certificate pinning rules XML file.
|
||||||
From the XML file you've created a certificate pinning trust list file, and you've applied the contents of that file to your reference computer from which you can run the Group Policy Management Console.
|
From the XML file you've created a certificate pinning trust list file, and you've applied the contents of that file to your reference computer from which you can run the Group Policy Management Console.
|
||||||
Now you need to configure a Group Policy object to include the applied certificate pin rule settings and deploy it to your environment.
|
Now you need to configure a Group Policy object to include the applied certificate pin rule settings and deploy it to your environment.
|
||||||
|
|
||||||
@ -182,7 +173,7 @@ Sign-in to the reference computer using domain administrator equivalent credenti
|
|||||||
|
|
||||||
1. Start the **Group Policy Management Console** (gpmc.msc)
|
1. Start the **Group Policy Management Console** (gpmc.msc)
|
||||||
2. In the navigation pane, expand the forest node and then expand the domain node.
|
2. In the navigation pane, expand the forest node and then expand the domain node.
|
||||||
3. Expand the node that contains your Active Directory’s domain name
|
3. Expand the node that contains your Active Directory's domain name
|
||||||
4. Select the **Group Policy objects** node. Right-click the **Group Policy objects** node and click **New**.
|
4. Select the **Group Policy objects** node. Right-click the **Group Policy objects** node and click **New**.
|
||||||
5. In the **New GPO** dialog box, type _Enterprise Certificate Pinning Rules_ in the **Name** text box and click **OK**.
|
5. In the **New GPO** dialog box, type _Enterprise Certificate Pinning Rules_ in the **Name** text box and click **OK**.
|
||||||
6. In the content pane, right-click the **Enterprise Certificate Pinning Rules** Group Policy object and click **Edit**.
|
6. In the content pane, right-click the **Enterprise Certificate Pinning Rules** Group Policy object and click **Edit**.
|
||||||
@ -227,16 +218,16 @@ icacls %PinRulesLogDir% /grant *S-1-5-12:(OI)(CI)(F)
|
|||||||
icacls %PinRulesLogDir% /inheritance:e /setintegritylevel (OI)(CI)L
|
icacls %PinRulesLogDir% /inheritance:e /setintegritylevel (OI)(CI)L
|
||||||
```
|
```
|
||||||
|
|
||||||
Whenever an application verifies a TLS/SSL certificate chain that contains a server name matching a DNS name in the server certificate, Windows writes a .p7b file consisting of all the certificates in the server’s chain to one of three child folders:
|
Whenever an application verifies a TLS/SSL certificate chain that contains a server name matching a DNS name in the server certificate, Windows writes a .p7b file consisting of all the certificates in the server's chain to one of three child folders:
|
||||||
|
|
||||||
- AdminPinRules
|
- AdminPinRules
|
||||||
Matched a site in the enterprise certificate pinning rules.
|
Matched a site in the enterprise certificate pinning rules.
|
||||||
- AutoUpdatePinRules
|
- AutoUpdatePinRules
|
||||||
Matched a site in the certificate pinning rules managed by Microsoft.
|
Matched a site in the certificate pinning rules managed by Microsoft.
|
||||||
- NoPinRules
|
- NoPinRules
|
||||||
Didn’t match any site in the certificate pin rules.
|
Didn't match any site in the certificate pin rules.
|
||||||
|
|
||||||
The output file name consists of the leading eight ASCII hex digits of the root’s SHA1 thumbprint followed by the server name.
|
The output file name consists of the leading eight ASCII hex digits of the root's SHA1 thumbprint followed by the server name.
|
||||||
For example:
|
For example:
|
||||||
|
|
||||||
- `D4DE20D0_xsi.outlook.com.p7b`
|
- `D4DE20D0_xsi.outlook.com.p7b`
|
||||||
@ -255,7 +246,7 @@ You can then copy and paste the output of the cmdlet into the XML file.
|
|||||||
|
|
||||||
|
|
||||||
For simplicity, you can truncate decimal point (.) and the numbers after it.
|
For simplicity, you can truncate decimal point (.) and the numbers after it.
|
||||||
However, be certain to append the uppercase “Z” to the end of the XML date string.
|
However, be certain to append the uppercase "Z" to the end of the XML date string.
|
||||||
|
|
||||||
```code
|
```code
|
||||||
2015-05-11T07:00:00.2655691Z
|
2015-05-11T07:00:00.2655691Z
|
||||||
@ -264,7 +255,7 @@ However, be certain to append the uppercase “Z” to the end of the XML date s
|
|||||||
|
|
||||||
## Converting an XML Date
|
## Converting an XML Date
|
||||||
|
|
||||||
You can also use Windows PowerShell to validate and convert an XML date into a human readable date to validate it’s the correct date.
|
You can also use Windows PowerShell to validate and convert an XML date into a human readable date to validate it's the correct date.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -1,9 +1,7 @@
|
|||||||
---
|
---
|
||||||
title: Multi-factor unlock
|
title: Multi-factor unlock
|
||||||
description: Learn how Windows offers multi-factor device unlock by extending Windows Hello with trusted signals.
|
description: Learn how Windows offers multi-factor device unlock by extending Windows Hello with trusted signals.
|
||||||
ms.date: 03/09/2023
|
ms.date: 03/30/2023
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
ms.topic: how-to
|
ms.topic: how-to
|
||||||
---
|
---
|
||||||
# Multi-factor unlock
|
# Multi-factor unlock
|
||||||
|
|||||||
@ -2,8 +2,6 @@
|
|||||||
title: Windows Hello for Business cloud-only deployment
|
title: Windows Hello for Business cloud-only deployment
|
||||||
description: Learn how to configure Windows Hello for Business in a cloud-only deployment scenario.
|
description: Learn how to configure Windows Hello for Business in a cloud-only deployment scenario.
|
||||||
ms.date: 06/23/2021
|
ms.date: 06/23/2021
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
---
|
---
|
||||||
# Cloud-only deployment
|
# Cloud-only deployment
|
||||||
|
|||||||
@ -3,8 +3,11 @@ title: Plan an adequate number of Domain Controllers for Windows Hello for Busin
|
|||||||
description: Learn how to plan for an adequate number of Domain Controllers to support Windows Hello for Business deployments.
|
description: Learn how to plan for an adequate number of Domain Controllers to support Windows Hello for Business deployments.
|
||||||
ms.date: 03/10/2023
|
ms.date: 03/10/2023
|
||||||
appliesto:
|
appliesto:
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>
|
||||||
ms.topic: conceptual
|
ms.topic: conceptual
|
||||||
---
|
---
|
||||||
# Plan an adequate number of Domain Controllers for Windows Hello for Business deployments
|
# Plan an adequate number of Domain Controllers for Windows Hello for Business deployments
|
||||||
|
|||||||
@ -2,8 +2,6 @@
|
|||||||
title: Windows Hello and password changes
|
title: Windows Hello and password changes
|
||||||
description: Learn the impact of changing a password when using Windows Hello.
|
description: Learn the impact of changing a password when using Windows Hello.
|
||||||
ms.date: 03/15/2023
|
ms.date: 03/15/2023
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
ms.topic: conceptual
|
ms.topic: conceptual
|
||||||
---
|
---
|
||||||
# Windows Hello and password changes
|
# Windows Hello and password changes
|
||||||
|
|||||||
@ -2,8 +2,6 @@
|
|||||||
title: Windows Hello biometrics in the enterprise (Windows)
|
title: Windows Hello biometrics in the enterprise (Windows)
|
||||||
description: Windows Hello uses biometrics to authenticate users and guard against potential spoofing, through fingerprint matching and facial recognition.
|
description: Windows Hello uses biometrics to authenticate users and guard against potential spoofing, through fingerprint matching and facial recognition.
|
||||||
ms.date: 01/12/2021
|
ms.date: 01/12/2021
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -3,8 +3,11 @@ title: Prepare and deploy Active Directory Federation Services in an on-premises
|
|||||||
description: Learn how to configure Active Directory Federation Services to support the Windows Hello for Business on-premises certificate trust model.
|
description: Learn how to configure Active Directory Federation Services to support the Windows Hello for Business on-premises certificate trust model.
|
||||||
ms.date: 12/12/2022
|
ms.date: 12/12/2022
|
||||||
appliesto:
|
appliesto:
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
# Prepare and deploy Active Directory Federation Services - on-premises certificate trust
|
# Prepare and deploy Active Directory Federation Services - on-premises certificate trust
|
||||||
|
|||||||
@ -2,12 +2,9 @@
|
|||||||
title: Configure Windows Hello for Business Policy settings in an on-premises certificate trust
|
title: Configure Windows Hello for Business Policy settings in an on-premises certificate trust
|
||||||
description: Configure Windows Hello for Business Policy settings for Windows Hello for Business in an on-premises certificate trust scenario
|
description: Configure Windows Hello for Business Policy settings for Windows Hello for Business in an on-premises certificate trust scenario
|
||||||
ms.collection:
|
ms.collection:
|
||||||
- highpri
|
- highpri
|
||||||
- tier1
|
- tier1
|
||||||
ms.date: 12/12/2022
|
ms.date: 12/12/2022
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
# Configure Windows Hello for Business group policy settings - on-premises certificate Trust
|
# Configure Windows Hello for Business group policy settings - on-premises certificate Trust
|
||||||
|
|||||||
@ -3,8 +3,11 @@ title: Validate Active Directory prerequisites in an on-premises certificate tru
|
|||||||
description: Validate Active Directory prerequisites when deploying Windows Hello for Business in a certificate trust model.
|
description: Validate Active Directory prerequisites when deploying Windows Hello for Business in a certificate trust model.
|
||||||
ms.date: 12/12/2022
|
ms.date: 12/12/2022
|
||||||
appliesto:
|
appliesto:
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
# Validate Active Directory prerequisites - on-premises certificate trust
|
# Validate Active Directory prerequisites - on-premises certificate trust
|
||||||
|
|||||||
@ -3,8 +3,11 @@ title: Validate and Deploy MFA for Windows Hello for Business with certificate t
|
|||||||
description: Validate and deploy multi-factor authentication (MFA) for Windows Hello for Business in an on-premises certificate trust model.
|
description: Validate and deploy multi-factor authentication (MFA) for Windows Hello for Business in an on-premises certificate trust model.
|
||||||
ms.date: 12/13/2022
|
ms.date: 12/13/2022
|
||||||
appliesto:
|
appliesto:
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -3,8 +3,11 @@ title: Configure and validate the Public Key Infrastructure in an on-premises ce
|
|||||||
description: Configure and validate the Public Key Infrastructure the Public Key Infrastructure when deploying Windows Hello for Business in a certificate trust model.
|
description: Configure and validate the Public Key Infrastructure the Public Key Infrastructure when deploying Windows Hello for Business in a certificate trust model.
|
||||||
ms.date: 12/12/2022
|
ms.date: 12/12/2022
|
||||||
appliesto:
|
appliesto:
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
# Configure and validate the Public Key Infrastructure - on-premises certificate trust
|
# Configure and validate the Public Key Infrastructure - on-premises certificate trust
|
||||||
|
|||||||
@ -3,8 +3,11 @@ title: Windows Hello for Business deployment guide for the on-premises certifica
|
|||||||
description: Learn how to deploy Windows Hello for Business in an on-premises, certificate trust model.
|
description: Learn how to deploy Windows Hello for Business in an on-premises, certificate trust model.
|
||||||
ms.date: 12/12/2022
|
ms.date: 12/12/2022
|
||||||
appliesto:
|
appliesto:
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
# Deployment guide overview - on-premises certificate trust
|
# Deployment guide overview - on-premises certificate trust
|
||||||
|
|||||||
@ -2,8 +2,6 @@
|
|||||||
title: Windows Hello for Business Deployment Overview
|
title: Windows Hello for Business Deployment Overview
|
||||||
description: Use this deployment guide to successfully deploy Windows Hello for Business in an existing environment.
|
description: Use this deployment guide to successfully deploy Windows Hello for Business in an existing environment.
|
||||||
ms.date: 02/15/2022
|
ms.date: 02/15/2022
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
---
|
---
|
||||||
# Windows Hello for Business Deployment Overview
|
# Windows Hello for Business Deployment Overview
|
||||||
|
|||||||
@ -2,8 +2,6 @@
|
|||||||
title: Windows Hello for Business Deployment Known Issues
|
title: Windows Hello for Business Deployment Known Issues
|
||||||
description: A Troubleshooting Guide for Known Windows Hello for Business Deployment Issues
|
description: A Troubleshooting Guide for Known Windows Hello for Business Deployment Issues
|
||||||
ms.date: 05/03/2021
|
ms.date: 05/03/2021
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
---
|
---
|
||||||
# Windows Hello for Business Known Deployment Issues
|
# Windows Hello for Business Known Deployment Issues
|
||||||
|
|||||||
@ -2,9 +2,6 @@
|
|||||||
title: Windows Hello for Business deployment guide for the on-premises key trust model
|
title: Windows Hello for Business deployment guide for the on-premises key trust model
|
||||||
description: Learn how to deploy Windows Hello for Business in an on-premises, key trust model.
|
description: Learn how to deploy Windows Hello for Business in an on-premises, key trust model.
|
||||||
ms.date: 12/12/2022
|
ms.date: 12/12/2022
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
# Deployment guide overview - on-premises key trust
|
# Deployment guide overview - on-premises key trust
|
||||||
|
|||||||
@ -6,8 +6,6 @@ ms.collection:
|
|||||||
- tier1
|
- tier1
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.date: 03/15/2023
|
ms.date: 03/15/2023
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Deploy certificates for remote desktop (RDP) sign-in
|
# Deploy certificates for remote desktop (RDP) sign-in
|
||||||
|
|||||||
@ -1,10 +1,8 @@
|
|||||||
---
|
---
|
||||||
title: Windows Hello errors during PIN creation (Windows)
|
title: Windows Hello errors during PIN creation
|
||||||
description: When you set up Windows Hello in Windows 10/11, you may get an error during the Create a work PIN step.
|
description: When you set up Windows Hello, you may get an error during the Create a work PIN step.
|
||||||
ms.topic: troubleshooting
|
ms.topic: troubleshooting
|
||||||
ms.date: 05/05/2018
|
ms.date: 03/31/2023
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Windows Hello errors during PIN creation
|
# Windows Hello errors during PIN creation
|
||||||
|
|||||||
@ -9,8 +9,6 @@ metadata:
|
|||||||
- tier1
|
- tier1
|
||||||
ms.topic: faq
|
ms.topic: faq
|
||||||
ms.date: 03/09/2023
|
ms.date: 03/09/2023
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
|
|
||||||
title: Common questions about Windows Hello for Business
|
title: Common questions about Windows Hello for Business
|
||||||
summary: Windows Hello for Business replaces password sign-in with strong authentication, using an asymmetric key pair. This Frequently Asked Questions (FAQ) article is intended to help you learn more about Windows Hello for Business.
|
summary: Windows Hello for Business replaces password sign-in with strong authentication, using an asymmetric key pair. This Frequently Asked Questions (FAQ) article is intended to help you learn more about Windows Hello for Business.
|
||||||
|
|||||||
@ -2,8 +2,6 @@
|
|||||||
title: Dual Enrollment
|
title: Dual Enrollment
|
||||||
description: Learn how to configure Windows Hello for Business dual enrollment. Also, learn how to configure Active Directory to support Domain Administrator enrollment.
|
description: Learn how to configure Windows Hello for Business dual enrollment. Also, learn how to configure Active Directory to support Domain Administrator enrollment.
|
||||||
ms.date: 09/09/2019
|
ms.date: 09/09/2019
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -2,8 +2,6 @@
|
|||||||
title: Dynamic lock
|
title: Dynamic lock
|
||||||
description: Learn how to configure dynamic lock on Windows devices via group policies. This feature locks a device when a Bluetooth signal falls below a set value.
|
description: Learn how to configure dynamic lock on Windows devices via group policies. This feature locks a device when a Bluetooth signal falls below a set value.
|
||||||
ms.date: 03/10/2023
|
ms.date: 03/10/2023
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
ms.topic: how-to
|
ms.topic: how-to
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -5,8 +5,6 @@ ms.collection:
|
|||||||
- highpri
|
- highpri
|
||||||
- tier1
|
- tier1
|
||||||
ms.date: 03/10/2023
|
ms.date: 03/10/2023
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
ms.topic: how-to
|
ms.topic: how-to
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -2,8 +2,6 @@
|
|||||||
title: Remote Desktop
|
title: Remote Desktop
|
||||||
description: Learn how Windows Hello for Business supports using biometrics with remote desktop
|
description: Learn how Windows Hello for Business supports using biometrics with remote desktop
|
||||||
ms.date: 02/24/2021
|
ms.date: 02/24/2021
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.collection:
|
ms.collection:
|
||||||
- tier1
|
- tier1
|
||||||
|
|||||||
@ -2,8 +2,6 @@
|
|||||||
title: How Windows Hello for Business works - Authentication
|
title: How Windows Hello for Business works - Authentication
|
||||||
description: Learn about the authentication flow for Windows Hello for Business.
|
description: Learn about the authentication flow for Windows Hello for Business.
|
||||||
ms.date: 02/15/2022
|
ms.date: 02/15/2022
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
---
|
---
|
||||||
# Windows Hello for Business and Authentication
|
# Windows Hello for Business and Authentication
|
||||||
|
|||||||
@ -2,8 +2,6 @@
|
|||||||
title: How Windows Hello for Business works - Provisioning
|
title: How Windows Hello for Business works - Provisioning
|
||||||
description: Explore the provisioning flows for Windows Hello for Business, from within a variety of environments.
|
description: Explore the provisioning flows for Windows Hello for Business, from within a variety of environments.
|
||||||
ms.date: 2/15/2022
|
ms.date: 2/15/2022
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
---
|
---
|
||||||
# Windows Hello for Business Provisioning
|
# Windows Hello for Business Provisioning
|
||||||
|
|||||||
@ -2,8 +2,6 @@
|
|||||||
title: How Windows Hello for Business works - technology and terms
|
title: How Windows Hello for Business works - technology and terms
|
||||||
description: Explore technology and terms associated with Windows Hello for Business. Learn how Windows Hello for Business works.
|
description: Explore technology and terms associated with Windows Hello for Business. Learn how Windows Hello for Business works.
|
||||||
ms.date: 10/08/2018
|
ms.date: 10/08/2018
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -2,8 +2,6 @@
|
|||||||
title: How Windows Hello for Business works
|
title: How Windows Hello for Business works
|
||||||
description: Learn how Windows Hello for Business works, and how it can help your users authenticate to services.
|
description: Learn how Windows Hello for Business works, and how it can help your users authenticate to services.
|
||||||
ms.date: 05/05/2018
|
ms.date: 05/05/2018
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
---
|
---
|
||||||
# How Windows Hello for Business works in Windows Devices
|
# How Windows Hello for Business works in Windows Devices
|
||||||
|
|||||||
@ -2,8 +2,6 @@
|
|||||||
title: Use Certificates to enable SSO for Azure AD join devices
|
title: Use Certificates to enable SSO for Azure AD join devices
|
||||||
description: If you want to use certificates for on-premises single-sign on for Azure Active Directory-joined devices, then follow these additional steps.
|
description: If you want to use certificates for on-premises single-sign on for Azure Active Directory-joined devices, then follow these additional steps.
|
||||||
ms.date: 08/19/2018
|
ms.date: 08/19/2018
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
ms.topic: how-to
|
ms.topic: how-to
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -2,8 +2,6 @@
|
|||||||
title: Configure single sign-on (SSO) for Azure AD joined devices
|
title: Configure single sign-on (SSO) for Azure AD joined devices
|
||||||
description: Learn how to configure single sign-on to on-premises resources for Azure AD-joined devices, using Windows Hello for Business.
|
description: Learn how to configure single sign-on to on-premises resources for Azure AD-joined devices, using Windows Hello for Business.
|
||||||
ms.date: 12/30/2022
|
ms.date: 12/30/2022
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
---
|
---
|
||||||
# Configure single sign-on for Azure AD joined devices
|
# Configure single sign-on for Azure AD joined devices
|
||||||
|
|||||||
@ -3,8 +3,11 @@ title: Configure and validate the Public Key Infrastructure in an hybrid certifi
|
|||||||
description: Configure and validate the Public Key Infrastructure when deploying Windows Hello for Business in a hybrid certificate trust model.
|
description: Configure and validate the Public Key Infrastructure when deploying Windows Hello for Business in a hybrid certificate trust model.
|
||||||
ms.date: 01/03/2023
|
ms.date: 01/03/2023
|
||||||
appliesto:
|
appliesto:
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
# Configure and validate the Public Key Infrastructure - hybrid certificate trust
|
# Configure and validate the Public Key Infrastructure - hybrid certificate trust
|
||||||
|
|||||||
@ -3,8 +3,11 @@ title: Windows Hello for Business hybrid certificate trust deployment
|
|||||||
description: Learn how to deploy Windows Hello for Business in a hybrid certificate trust scenario.
|
description: Learn how to deploy Windows Hello for Business in a hybrid certificate trust scenario.
|
||||||
ms.date: 03/16/2023
|
ms.date: 03/16/2023
|
||||||
appliesto:
|
appliesto:
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>
|
||||||
ms.topic: how-to
|
ms.topic: how-to
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -2,8 +2,6 @@
|
|||||||
title: Windows Hello for Business hybrid certificate trust clients configuration and enrollment
|
title: Windows Hello for Business hybrid certificate trust clients configuration and enrollment
|
||||||
description: Learn how to configure devices and enroll them in Windows Hello for Business in a hybrid certificate trust scenario.
|
description: Learn how to configure devices and enroll them in Windows Hello for Business in a hybrid certificate trust scenario.
|
||||||
ms.date: 01/03/2023
|
ms.date: 01/03/2023
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -3,8 +3,11 @@ title: Configure Active Directory Federation Services in a hybrid certificate tr
|
|||||||
description: Learn how to configure Active Directory Federation Services to support the Windows Hello for Business hybrid certificate trust model.
|
description: Learn how to configure Active Directory Federation Services to support the Windows Hello for Business hybrid certificate trust model.
|
||||||
ms.date: 01/03/2023
|
ms.date: 01/03/2023
|
||||||
appliesto:
|
appliesto:
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
# Configure Active Directory Federation Services - hybrid certificate trust
|
# Configure Active Directory Federation Services - hybrid certificate trust
|
||||||
|
|||||||
@ -2,8 +2,6 @@
|
|||||||
title: Windows Hello for Business hybrid key trust clients configuration and enrollment
|
title: Windows Hello for Business hybrid key trust clients configuration and enrollment
|
||||||
description: Learn how to configure devices and enroll them in Windows Hello for Business in a hybrid key trust scenario.
|
description: Learn how to configure devices and enroll them in Windows Hello for Business in a hybrid key trust scenario.
|
||||||
ms.date: 01/03/2023
|
ms.date: 01/03/2023
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -3,8 +3,11 @@ title: Configure and validate the Public Key Infrastructure in an hybrid key tru
|
|||||||
description: Configure and validate the Public Key Infrastructure when deploying Windows Hello for Business in an hybrid key trust model.
|
description: Configure and validate the Public Key Infrastructure when deploying Windows Hello for Business in an hybrid key trust model.
|
||||||
ms.date: 01/03/2023
|
ms.date: 01/03/2023
|
||||||
appliesto:
|
appliesto:
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
# Configure and validate the Public Key Infrastructure - hybrid key trust
|
# Configure and validate the Public Key Infrastructure - hybrid key trust
|
||||||
|
|||||||
@ -3,8 +3,11 @@ title: Windows Hello for Business hybrid key trust deployment
|
|||||||
description: Learn how to deploy Windows Hello for Business in a hybrid key trust scenario.
|
description: Learn how to deploy Windows Hello for Business in a hybrid key trust scenario.
|
||||||
ms.date: 12/28/2022
|
ms.date: 12/28/2022
|
||||||
appliesto:
|
appliesto:
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>
|
||||||
ms.topic: how-to
|
ms.topic: how-to
|
||||||
---
|
---
|
||||||
# Hybrid key trust deployment
|
# Hybrid key trust deployment
|
||||||
|
|||||||
@ -1,14 +1,17 @@
|
|||||||
---
|
---
|
||||||
|
ms.date: 12/13/2022
|
||||||
title: Windows Hello for Business Deployment Prerequisite Overview
|
title: Windows Hello for Business Deployment Prerequisite Overview
|
||||||
description: Overview of all the different infrastructure requirements for Windows Hello for Business deployment models
|
description: Overview of all the different infrastructure requirements for Windows Hello for Business deployment models
|
||||||
|
ms.topic: article
|
||||||
ms.collection:
|
ms.collection:
|
||||||
- highpri
|
- highpri
|
||||||
- tier1
|
- tier1
|
||||||
ms.date: 12/13/2022
|
|
||||||
appliesto:
|
appliesto:
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
|
||||||
ms.topic: article
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>
|
||||||
---
|
---
|
||||||
|
|
||||||
# Windows Hello for Business Deployment Prerequisite Overview
|
# Windows Hello for Business Deployment Prerequisite Overview
|
||||||
|
|||||||
@ -1,10 +1,13 @@
|
|||||||
---
|
---
|
||||||
|
ms.date: 12/12/2022
|
||||||
title: Prepare and deploy Active Directory Federation Services in an on-premises key trust
|
title: Prepare and deploy Active Directory Federation Services in an on-premises key trust
|
||||||
description: Learn how to configure Active Directory Federation Services to support the Windows Hello for Business key trust model.
|
description: Learn how to configure Active Directory Federation Services to support the Windows Hello for Business key trust model.
|
||||||
ms.date: 12/12/2022
|
|
||||||
appliesto:
|
appliesto:
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
# Prepare and deploy Active Directory Federation Services - on-premises key trust
|
# Prepare and deploy Active Directory Federation Services - on-premises key trust
|
||||||
|
|||||||
@ -1,10 +1,10 @@
|
|||||||
---
|
---
|
||||||
|
ms.date: 12/12/2022
|
||||||
title: Configure Windows Hello for Business Policy settings in an on-premises key trust
|
title: Configure Windows Hello for Business Policy settings in an on-premises key trust
|
||||||
description: Configure Windows Hello for Business Policy settings for Windows Hello for Business in an on-premises key trust scenario
|
description: Configure Windows Hello for Business Policy settings for Windows Hello for Business in an on-premises key trust scenario
|
||||||
ms.date: 12/12/2022
|
|
||||||
appliesto:
|
appliesto:
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
# Configure Windows Hello for Business group policy settings - on-premises key trust
|
# Configure Windows Hello for Business group policy settings - on-premises key trust
|
||||||
|
|||||||
@ -3,8 +3,11 @@ title: Validate Active Directory prerequisites in an on-premises key trust
|
|||||||
description: Validate Active Directory prerequisites when deploying Windows Hello for Business in a key trust model.
|
description: Validate Active Directory prerequisites when deploying Windows Hello for Business in a key trust model.
|
||||||
ms.date: 12/12/2022
|
ms.date: 12/12/2022
|
||||||
appliesto:
|
appliesto:
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
# Validate Active Directory prerequisites - on-premises key trust
|
# Validate Active Directory prerequisites - on-premises key trust
|
||||||
|
|||||||
@ -3,8 +3,11 @@ title: Validate and Deploy MFA for Windows Hello for Business with key trust
|
|||||||
description: Validate and deploy multi-factor authentication (MFA) for Windows Hello for Business in an on-premises key trust model.
|
description: Validate and deploy multi-factor authentication (MFA) for Windows Hello for Business in an on-premises key trust model.
|
||||||
ms.date: 12/12/2022
|
ms.date: 12/12/2022
|
||||||
appliesto:
|
appliesto:
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -3,8 +3,11 @@ title: Configure and validate the Public Key Infrastructure in an on-premises ke
|
|||||||
description: Configure and validate the Public Key Infrastructure when deploying Windows Hello for Business in a key trust model.
|
description: Configure and validate the Public Key Infrastructure when deploying Windows Hello for Business in a key trust model.
|
||||||
ms.date: 12/12/2022
|
ms.date: 12/12/2022
|
||||||
appliesto:
|
appliesto:
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016 and later</a>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>
|
||||||
ms.topic: tutorial
|
ms.topic: tutorial
|
||||||
---
|
---
|
||||||
# Configure and validate the Public Key Infrastructure - on-premises key trust
|
# Configure and validate the Public Key Infrastructure - on-premises key trust
|
||||||
|
|||||||
@ -5,8 +5,6 @@ ms.collection:
|
|||||||
- highpri
|
- highpri
|
||||||
- tier1
|
- tier1
|
||||||
ms.date: 2/15/2022
|
ms.date: 2/15/2022
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@ -5,8 +5,6 @@ ms.collection:
|
|||||||
- highpri
|
- highpri
|
||||||
- tier1
|
- tier1
|
||||||
ms.topic: conceptual
|
ms.topic: conceptual
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
ms.date: 12/31/2017
|
ms.date: 12/31/2017
|
||||||
---
|
---
|
||||||
# Windows Hello for Business Overview
|
# Windows Hello for Business Overview
|
||||||
|
|||||||
@ -2,8 +2,6 @@
|
|||||||
title: Planning a Windows Hello for Business Deployment
|
title: Planning a Windows Hello for Business Deployment
|
||||||
description: Learn about the role of each component within Windows Hello for Business and how certain deployment decisions affect other aspects of your infrastructure.
|
description: Learn about the role of each component within Windows Hello for Business and how certain deployment decisions affect other aspects of your infrastructure.
|
||||||
ms.date: 09/16/2020
|
ms.date: 09/16/2020
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
---
|
---
|
||||||
# Planning a Windows Hello for Business Deployment
|
# Planning a Windows Hello for Business Deployment
|
||||||
|
|||||||
@ -2,8 +2,6 @@
|
|||||||
title: Prepare people to use Windows Hello (Windows)
|
title: Prepare people to use Windows Hello (Windows)
|
||||||
description: When you set a policy to require Windows Hello for Business in the workplace, you will want to prepare people in your organization.
|
description: When you set a policy to require Windows Hello for Business in the workplace, you will want to prepare people in your organization.
|
||||||
ms.date: 08/19/2018
|
ms.date: 08/19/2018
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
---
|
---
|
||||||
# Prepare people to use Windows Hello
|
# Prepare people to use Windows Hello
|
||||||
|
|||||||
@ -2,8 +2,6 @@
|
|||||||
title: Windows Hello for Business Videos
|
title: Windows Hello for Business Videos
|
||||||
description: View several informative videos describing features and experiences in Windows Hello for Business in Windows 10 and Windows 11.
|
description: View several informative videos describing features and experiences in Windows Hello for Business in Windows 10 and Windows 11.
|
||||||
ms.date: 03/09/2023
|
ms.date: 03/09/2023
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
---
|
---
|
||||||
# Windows Hello for Business Videos
|
# Windows Hello for Business Videos
|
||||||
|
|||||||
@ -5,8 +5,6 @@ ms.collection:
|
|||||||
- highpri
|
- highpri
|
||||||
- tier1
|
- tier1
|
||||||
ms.date: 03/15/2023
|
ms.date: 03/15/2023
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
ms.topic: conceptual
|
ms.topic: conceptual
|
||||||
---
|
---
|
||||||
# Why a PIN is better than an online password
|
# Why a PIN is better than an online password
|
||||||
|
|||||||
@ -6,12 +6,7 @@ summary: Learn how to manage and deploy Windows Hello for Business.
|
|||||||
metadata:
|
metadata:
|
||||||
title: Windows Hello for Business documentation
|
title: Windows Hello for Business documentation
|
||||||
description: Learn how to manage and deploy Windows Hello for Business.
|
description: Learn how to manage and deploy Windows Hello for Business.
|
||||||
ms.prod: windows-client
|
|
||||||
ms.technology: itpro-security
|
|
||||||
ms.topic: landing-page
|
ms.topic: landing-page
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
manager: aaroncz
|
|
||||||
ms.date: 03/09/2023
|
ms.date: 03/09/2023
|
||||||
ms.collection:
|
ms.collection:
|
||||||
- highpri
|
- highpri
|
||||||
|
|||||||
@ -3,8 +3,6 @@ title: Password-less strategy
|
|||||||
description: Learn about the password-less strategy and how Windows Hello for Business implements this strategy in Windows 10 and Windows 11.
|
description: Learn about the password-less strategy and how Windows Hello for Business implements this strategy in Windows 10 and Windows 11.
|
||||||
ms.topic: conceptual
|
ms.topic: conceptual
|
||||||
ms.date: 05/24/2022
|
ms.date: 05/24/2022
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Password-less strategy
|
# Password-less strategy
|
||||||
|
|||||||
@ -2,8 +2,6 @@
|
|||||||
title: WebAuthn APIs
|
title: WebAuthn APIs
|
||||||
description: Learn how to use WebAuthn APIs to enable passwordless authentication for your sites and apps.
|
description: Learn how to use WebAuthn APIs to enable passwordless authentication for your sites and apps.
|
||||||
ms.date: 03/09/2023
|
ms.date: 03/09/2023
|
||||||
appliesto:
|
|
||||||
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10 and later</a>
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
---
|
---
|
||||||
# WebAuthn APIs for passwordless authentication on Windows
|
# WebAuthn APIs for passwordless authentication on Windows
|
||||||
|
|||||||
@ -1,17 +1,8 @@
|
|||||||
---
|
---
|
||||||
title: Identity and access management (Windows 10)
|
title: Identity and access management
|
||||||
description: Learn more about identity and access protection technologies in Windows.
|
description: Learn more about identity and access protection technologies in Windows.
|
||||||
ms.prod: windows-client
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
manager: aaroncz
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.localizationpriority: medium
|
|
||||||
ms.date: 02/05/2018
|
ms.date: 02/05/2018
|
||||||
appliesto:
|
|
||||||
- ✅ <b>Windows 10</b>
|
|
||||||
- ✅ <b>Windows 11</b>
|
|
||||||
ms.technology: itpro-security
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Identity and access management
|
# Identity and access management
|
||||||
|
|||||||
@ -1,22 +1,13 @@
|
|||||||
---
|
---
|
||||||
title: Technical support policy for lost or forgotten passwords
|
title: Technical support policy for lost or forgotten passwords
|
||||||
description: Outlines the ways in which Microsoft can help you reset a lost or forgotten password, and provides links to instructions for doing so.
|
description: Outlines the ways in which Microsoft can help you reset a lost or forgotten password, and provides links to instructions for doing so.
|
||||||
ms.custom:
|
|
||||||
- CI ID 110060
|
|
||||||
- CSSTroubleshoot
|
|
||||||
ms.prod: windows-client
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.localizationpriority: medium
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
manager: aaroncz
|
|
||||||
ms.date: 11/20/2019
|
ms.date: 11/20/2019
|
||||||
ms.technology: itpro-security
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Technical support policy for lost or forgotten passwords
|
# Technical support policy for lost or forgotten passwords
|
||||||
|
|
||||||
Microsoft takes security seriously. This is for your protection. Microsoft accounts, the Windows operating system, and other Microsoft products include passwords to help secure your information. This article provides some options that you can use to reset or recover your password if you forget it. If these options don’t work, Microsoft support engineers can't help you retrieve or circumvent a lost or forgotten password.
|
Microsoft takes security seriously. This is for your protection. Microsoft accounts, the Windows operating system, and other Microsoft products include passwords to help secure your information. This article provides some options that you can use to reset or recover your password if you forget it. If these options don't work, Microsoft support engineers can't help you retrieve or circumvent a lost or forgotten password.
|
||||||
|
|
||||||
If you lose or forget a password, you can use the links in this article to find published support information that will help you reset the password.
|
If you lose or forget a password, you can use the links in this article to find published support information that will help you reset the password.
|
||||||
|
|
||||||
|
|||||||
@ -1,20 +1,17 @@
|
|||||||
---
|
---
|
||||||
title: Protect Remote Desktop credentials with Windows Defender Remote Credential Guard (Windows 10)
|
title: Protect Remote Desktop credentials with Windows Defender Remote Credential Guard (Windows 10)
|
||||||
description: Windows Defender Remote Credential Guard helps to secure your Remote Desktop credentials by never sending them to the target device.
|
description: Windows Defender Remote Credential Guard helps to secure your Remote Desktop credentials by never sending them to the target device.
|
||||||
ms.prod: windows-client
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
manager: aaroncz
|
|
||||||
ms.collection:
|
ms.collection:
|
||||||
- highpri
|
- highpri
|
||||||
- tier2
|
- tier2
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.localizationpriority: medium
|
|
||||||
ms.date: 01/12/2018
|
ms.date: 01/12/2018
|
||||||
appliesto:
|
appliesto:
|
||||||
- ✅ <b>Windows 10</b>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
|
||||||
- ✅ <b>Windows Server 2016</b>
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
|
||||||
ms.technology: itpro-security
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
|
||||||
|
- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>
|
||||||
---
|
---
|
||||||
# Protect Remote Desktop credentials with Windows Defender Remote Credential Guard
|
# Protect Remote Desktop credentials with Windows Defender Remote Credential Guard
|
||||||
|
|
||||||
|
|||||||
@ -1,27 +1,15 @@
|
|||||||
---
|
---
|
||||||
|
ms.date: 09/24/2021
|
||||||
title: Smart Card and Remote Desktop Services (Windows)
|
title: Smart Card and Remote Desktop Services (Windows)
|
||||||
description: This topic for the IT professional describes the behavior of Remote Desktop Services when you implement smart card sign-in.
|
description: This topic for the IT professional describes the behavior of Remote Desktop Services when you implement smart card sign-in.
|
||||||
ms.prod: windows-client
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
ms.reviewer: ardenw
|
|
||||||
manager: aaroncz
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.localizationpriority: medium
|
ms.reviewer: ardenw
|
||||||
ms.date: 09/24/2021
|
|
||||||
appliesto:
|
|
||||||
- ✅ <b>Windows 10</b>
|
|
||||||
- ✅ <b>Windows 11</b>
|
|
||||||
- ✅ <b>Windows Server 2016</b>
|
|
||||||
- ✅ <b>Windows Server 2019</b>
|
|
||||||
- ✅ <b>Windows Server 2022</b>
|
|
||||||
ms.technology: itpro-security
|
|
||||||
---
|
---
|
||||||
# Smart Card and Remote Desktop Services
|
# Smart Card and Remote Desktop Services
|
||||||
|
|
||||||
This topic for the IT professional describes the behavior of Remote Desktop Services when you implement smart card sign-in.
|
This topic for the IT professional describes the behavior of Remote Desktop Services when you implement smart card sign-in.
|
||||||
|
|
||||||
The content in this topic applies to the versions of Windows that are designated in the **Applies To** list at the beginning of this topic. In these versions, smart card redirection logic and **WinSCard** API are combined to support multiple redirected sessions into a single process.
|
Smart card redirection logic and **WinSCard** API are combined to support multiple redirected sessions into a single process.
|
||||||
|
|
||||||
Smart card support is required to enable many Remote Desktop Services scenarios. These include:
|
Smart card support is required to enable many Remote Desktop Services scenarios. These include:
|
||||||
|
|
||||||
@ -95,7 +83,8 @@ Where <*CertFile*> is the root certificate of the KDC certificate issuer.
|
|||||||
|
|
||||||
For information about this option for the command-line tool, see [-addstore](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc732443(v=ws.11)#BKMK_addstore).
|
For information about this option for the command-line tool, see [-addstore](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc732443(v=ws.11)#BKMK_addstore).
|
||||||
|
|
||||||
> **Note** If you use the credential SSP on computers running the supported versions of the operating system that are designated in the **Applies To** list at the beginning of this topic: To sign in with a smart card from a computer that is not joined to a domain, the smart card must contain the root certification of the domain controller. A public key infrastructure (PKI) secure channel cannot be established without the root certification of the domain controller.
|
> [!NOTE]
|
||||||
|
> To sign in with a smart card from a computer that is not joined to a domain, the smart card must contain the root certification of the domain controller. A public key infrastructure (PKI) secure channel cannot be established without the root certification of the domain controller.
|
||||||
|
|
||||||
Sign-in to Remote Desktop Services across a domain works only if the UPN in the certificate uses the following form: <*ClientName*>@<*DomainDNSName*>
|
Sign-in to Remote Desktop Services across a domain works only if the UPN in the certificate uses the following form: <*ClientName*>@<*DomainDNSName*>
|
||||||
|
|
||||||
|
|||||||
@ -1,21 +1,9 @@
|
|||||||
---
|
---
|
||||||
title: Smart Card Architecture (Windows)
|
title: Smart Card Architecture (Windows)
|
||||||
description: This topic for the IT professional describes the system architecture that supports smart cards in the Windows operating system.
|
description: This topic for the IT professional describes the system architecture that supports smart cards in the Windows operating system.
|
||||||
ms.prod: windows-client
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
ms.reviewer: ardenw
|
ms.reviewer: ardenw
|
||||||
manager: aaroncz
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.localizationpriority: medium
|
|
||||||
ms.date: 09/24/2021
|
ms.date: 09/24/2021
|
||||||
appliesto:
|
|
||||||
- ✅ <b>Windows 10</b>
|
|
||||||
- ✅ <b>Windows 11</b>
|
|
||||||
- ✅ <b>Windows Server 2016</b>
|
|
||||||
- ✅ <b>Windows Server 2019</b>
|
|
||||||
- ✅ <b>Windows Server 2022</b>
|
|
||||||
ms.technology: itpro-security
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Smart Card Architecture
|
# Smart Card Architecture
|
||||||
@ -94,7 +82,7 @@ Figure 2 illustrates the relationship between the CryptoAPI, CSPs, the Smart Ca
|
|||||||
|
|
||||||
### Caching with Base CSP and smart card KSP
|
### Caching with Base CSP and smart card KSP
|
||||||
|
|
||||||
Smart card architecture uses caching mechanisms to assist in streamlining operations and to improve a user’s access to a PIN.
|
Smart card architecture uses caching mechanisms to assist in streamlining operations and to improve a user's access to a PIN.
|
||||||
|
|
||||||
- [Data caching](#data-caching): The data cache provides for a single process to minimize smart card I/O operations.
|
- [Data caching](#data-caching): The data cache provides for a single process to minimize smart card I/O operations.
|
||||||
|
|
||||||
@ -320,8 +308,6 @@ Figure 4 shows the Cryptography architecture that is used by the Windows operat
|
|||||||
|
|
||||||
### Base CSP and smart card KSP properties in Windows
|
### Base CSP and smart card KSP properties in Windows
|
||||||
|
|
||||||
The following properties are supported in versions of Windows designated in the **Applies To** list at the beginning of this topic.
|
|
||||||
|
|
||||||
> **Note** The API definitions are located in WinCrypt.h and WinSCard.h.
|
> **Note** The API definitions are located in WinCrypt.h and WinSCard.h.
|
||||||
|
|
||||||
| **Property** | **Description** |
|
| **Property** | **Description** |
|
||||||
|
|||||||
@ -1,21 +1,9 @@
|
|||||||
---
|
---
|
||||||
title: Certificate Propagation Service (Windows)
|
title: Certificate Propagation Service (Windows)
|
||||||
description: This topic for the IT professional describes the certificate propagation service (CertPropSvc), which is used in smart card implementation.
|
description: This topic for the IT professional describes the certificate propagation service (CertPropSvc), which is used in smart card implementation.
|
||||||
ms.prod: windows-client
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
ms.reviewer: ardenw
|
ms.reviewer: ardenw
|
||||||
manager: aaroncz
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.localizationpriority: medium
|
|
||||||
ms.date: 08/24/2021
|
ms.date: 08/24/2021
|
||||||
appliesto:
|
|
||||||
- ✅ <b>Windows 10</b>
|
|
||||||
- ✅ <b>Windows 11</b>
|
|
||||||
- ✅ <b>Windows Server 2016</b>
|
|
||||||
- ✅ <b>Windows Server 2019</b>
|
|
||||||
- ✅ <b>Windows Server 2022</b>
|
|
||||||
ms.technology: itpro-security
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Certificate Propagation Service
|
# Certificate Propagation Service
|
||||||
|
|||||||
@ -1,21 +1,9 @@
|
|||||||
---
|
---
|
||||||
title: Certificate Requirements and Enumeration (Windows)
|
title: Certificate Requirements and Enumeration (Windows)
|
||||||
description: This topic for the IT professional and smart card developers describes how certificates are managed and used for smart card sign-in.
|
description: This topic for the IT professional and smart card developers describes how certificates are managed and used for smart card sign-in.
|
||||||
ms.prod: windows-client
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
ms.reviewer: ardenw
|
ms.reviewer: ardenw
|
||||||
manager: aaroncz
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.localizationpriority: medium
|
|
||||||
ms.date: 09/24/2021
|
ms.date: 09/24/2021
|
||||||
appliesto:
|
|
||||||
- ✅ <b>Windows 10</b>
|
|
||||||
- ✅ <b>Windows 11</b>
|
|
||||||
- ✅ <b>Windows Server 2016</b>
|
|
||||||
- ✅ <b>Windows Server 2019</b>
|
|
||||||
- ✅ <b>Windows Server 2022</b>
|
|
||||||
ms.technology: itpro-security
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Certificate Requirements and Enumeration
|
# Certificate Requirements and Enumeration
|
||||||
@ -81,7 +69,7 @@ The following table lists the certificate support in older Windows operating sys
|
|||||||
|
|
||||||
Most issues during authentication occur because of session behavior changes. When changes occur, the Local Security Authority (LSA) does not reacquire the session context; it relies instead on the Cryptographic Service Provider to handle the session change.
|
Most issues during authentication occur because of session behavior changes. When changes occur, the Local Security Authority (LSA) does not reacquire the session context; it relies instead on the Cryptographic Service Provider to handle the session change.
|
||||||
|
|
||||||
In the supported versions of Windows designated in the **Applies To** list at the beginning of this topic, client certificates that do not contain a UPN in the **subjectAltName** (SAN) field of the certificate can be enabled for sign-in, which supports a wider variety of certificates and supports multiple sign-in certificates on the same card.
|
Client certificates that do not contain a UPN in the **subjectAltName** (SAN) field of the certificate can be enabled for sign-in, which supports a wider variety of certificates and supports multiple sign-in certificates on the same card.
|
||||||
|
|
||||||
Support for multiple certificates on the same card is enabled by default. New certificate types must be enabled through Group Policy.
|
Support for multiple certificates on the same card is enabled by default. New certificate types must be enabled through Group Policy.
|
||||||
|
|
||||||
@ -131,7 +119,7 @@ Following are the steps that are performed during a smart card sign-in:
|
|||||||
|
|
||||||
12. The KDC validates the user's certificate (time, path, and revocation status) to ensure that the certificate is from a trusted source. The KDC uses CryptoAPI to build a certification path from the user's certificate to a root certification authority (CA) certificate that resides in the root store on the domain controller. The KDC then uses CryptoAPI to verify the digital signature on the signed authenticator that was included in the preauthentication data fields. The domain controller verifies the signature and uses the public key from the user's certificate to prove that the request originated from the owner of the private key that corresponds to the public key. The KDC also verifies that the issuer is trusted and appears in the NTAUTH certificate store.
|
12. The KDC validates the user's certificate (time, path, and revocation status) to ensure that the certificate is from a trusted source. The KDC uses CryptoAPI to build a certification path from the user's certificate to a root certification authority (CA) certificate that resides in the root store on the domain controller. The KDC then uses CryptoAPI to verify the digital signature on the signed authenticator that was included in the preauthentication data fields. The domain controller verifies the signature and uses the public key from the user's certificate to prove that the request originated from the owner of the private key that corresponds to the public key. The KDC also verifies that the issuer is trusted and appears in the NTAUTH certificate store.
|
||||||
|
|
||||||
13. The KDC service retrieves user account information from AD DS. The KDC constructs a TGT, which is based on the user account information that it retrieves from AD DS. The TGT’s authorization data fields include the user's security identifier (SID), the SIDs for universal and global domain groups to which the user belongs, and (in a multidomain environment) the SIDs for any universal groups of which the user is a member.
|
13. The KDC service retrieves user account information from AD DS. The KDC constructs a TGT, which is based on the user account information that it retrieves from AD DS. The TGT's authorization data fields include the user's security identifier (SID), the SIDs for universal and global domain groups to which the user belongs, and (in a multidomain environment) the SIDs for any universal groups of which the user is a member.
|
||||||
|
|
||||||
14. The domain controller returns the TGT to the client as part of the KRB\_AS\_REP response.
|
14. The domain controller returns the TGT to the client as part of the KRB\_AS\_REP response.
|
||||||
|
|
||||||
|
|||||||
@ -1,24 +1,12 @@
|
|||||||
---
|
---
|
||||||
title: Smart Card Troubleshooting (Windows)
|
title: Smart Card Troubleshooting (Windows)
|
||||||
description: Describes the tools and services that smart card developers can use to help identify certificate issues with the smart card deployment.
|
description: Describes the tools and services that smart card developers can use to help identify certificate issues with the smart card deployment.
|
||||||
ms.prod: windows-client
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
ms.reviewer: ardenw
|
ms.reviewer: ardenw
|
||||||
manager: aaroncz
|
|
||||||
ms.collection:
|
ms.collection:
|
||||||
- highpri
|
- highpri
|
||||||
- tier2
|
- tier2
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.localizationpriority: medium
|
|
||||||
ms.date: 09/24/2021
|
ms.date: 09/24/2021
|
||||||
appliesto:
|
|
||||||
- ✅ <b>Windows 10</b>
|
|
||||||
- ✅ <b>Windows 11</b>
|
|
||||||
- ✅ <b>Windows Server 2016</b>
|
|
||||||
- ✅ <b>Windows Server 2019</b>
|
|
||||||
- ✅ <b>Windows Server 2022</b>
|
|
||||||
ms.technology: itpro-security
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Smart Card Troubleshooting
|
# Smart Card Troubleshooting
|
||||||
|
|||||||
@ -1,21 +1,9 @@
|
|||||||
---
|
---
|
||||||
title: Smart Card Events (Windows)
|
title: Smart Card Events (Windows)
|
||||||
description: This topic for the IT professional and smart card developer describes events that are related to smart card deployment and development.
|
description: This topic for the IT professional and smart card developer describes events that are related to smart card deployment and development.
|
||||||
ms.prod: windows-client
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
ms.reviewer: ardenw
|
ms.reviewer: ardenw
|
||||||
manager: aaroncz
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.localizationpriority: medium
|
|
||||||
ms.date: 09/24/2021
|
ms.date: 09/24/2021
|
||||||
appliesto:
|
|
||||||
- ✅ <b>Windows 10</b>
|
|
||||||
- ✅ <b>Windows 11</b>
|
|
||||||
- ✅ <b>Windows Server 2016</b>
|
|
||||||
- ✅ <b>Windows Server 2019</b>
|
|
||||||
- ✅ <b>Windows Server 2022</b>
|
|
||||||
ms.technology: itpro-security
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Smart Card Events
|
# Smart Card Events
|
||||||
|
|||||||
@ -1,21 +1,9 @@
|
|||||||
---
|
---
|
||||||
title: Smart Card Group Policy and Registry Settings (Windows)
|
title: Smart Card Group Policy and Registry Settings (Windows)
|
||||||
description: Discover the Group Policy, registry key, local security policy, and credential delegation policy settings that are available for configuring smart cards.
|
description: Discover the Group Policy, registry key, local security policy, and credential delegation policy settings that are available for configuring smart cards.
|
||||||
ms.prod: windows-client
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
ms.reviewer: ardenw
|
ms.reviewer: ardenw
|
||||||
manager: aaroncz
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.localizationpriority: medium
|
|
||||||
ms.date: 11/02/2021
|
ms.date: 11/02/2021
|
||||||
appliesto:
|
|
||||||
- ✅ <b>Windows 10</b>
|
|
||||||
- ✅ <b>Windows 11</b>
|
|
||||||
- ✅ <b>Windows Server 2016</b>
|
|
||||||
- ✅ <b>Windows Server 2019</b>
|
|
||||||
- ✅ <b>Windows Server 2022</b>
|
|
||||||
ms.technology: itpro-security
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# Smart Card Group Policy and Registry Settings
|
# Smart Card Group Policy and Registry Settings
|
||||||
@ -222,7 +210,7 @@ You can use this policy setting to change the default message that a user sees i
|
|||||||
|
|
||||||
When this policy setting is turned on, you can create and manage the displayed message that the user sees when a smart card is blocked.
|
When this policy setting is turned on, you can create and manage the displayed message that the user sees when a smart card is blocked.
|
||||||
|
|
||||||
When this policy setting isn't turned on (and the integrated unblock feature is also enabled), the user sees the system’s default message when the smart card is blocked.
|
When this policy setting isn't turned on (and the integrated unblock feature is also enabled), the user sees the system's default message when the smart card is blocked.
|
||||||
|
|
||||||
| **Item** | **Description** |
|
| **Item** | **Description** |
|
||||||
|--------------------------------------|-------------------------|
|
|--------------------------------------|-------------------------|
|
||||||
@ -236,7 +224,7 @@ When this policy setting isn't turned on (and the integrated unblock feature is
|
|||||||
You can use this policy setting to configure which valid sign-in certificates are displayed.
|
You can use this policy setting to configure which valid sign-in certificates are displayed.
|
||||||
|
|
||||||
> [!NOTE]
|
> [!NOTE]
|
||||||
> During the certificate renewal period, a user’s smart card can have multiple valid sign-in certificates issued from the same certificate template, which can cause confusion about which certificate to select. This behavior can occur when a certificate is renewed and the old certificate has not expired yet.
|
> During the certificate renewal period, a user's smart card can have multiple valid sign-in certificates issued from the same certificate template, which can cause confusion about which certificate to select. This behavior can occur when a certificate is renewed and the old certificate has not expired yet.
|
||||||
>
|
>
|
||||||
> If two certificates are issued from the same template with the same major version and they are for the same user (this is determined by their UPN), they are determined to be the same.
|
> If two certificates are issued from the same template with the same major version and they are for the same user (this is determined by their UPN), they are determined to be the same.
|
||||||
|
|
||||||
@ -288,7 +276,7 @@ When this setting isn't turned on, the user doesn't see a smart card device driv
|
|||||||
You can use this policy setting to prevent Credential Manager from returning plaintext PINs.
|
You can use this policy setting to prevent Credential Manager from returning plaintext PINs.
|
||||||
|
|
||||||
> [!NOTE]
|
> [!NOTE]
|
||||||
> Credential Manager is controlled by the user on the local computer, and it stores credentials from supported browsers and Windows applications. Credentials are saved in special encrypted folders on the computer under the user’s profile.
|
> Credential Manager is controlled by the user on the local computer, and it stores credentials from supported browsers and Windows applications. Credentials are saved in special encrypted folders on the computer under the user's profile.
|
||||||
|
|
||||||
When this policy setting is turned on, Credential Manager doesn't return a plaintext PIN.
|
When this policy setting is turned on, Credential Manager doesn't return a plaintext PIN.
|
||||||
|
|
||||||
@ -310,7 +298,7 @@ You can use this policy setting to control the way the subject name appears duri
|
|||||||
|
|
||||||
When this policy setting is turned on, the subject name during sign-in appears reversed from the way that it's stored in the certificate.
|
When this policy setting is turned on, the subject name during sign-in appears reversed from the way that it's stored in the certificate.
|
||||||
|
|
||||||
When this policy setting isn’t turned on, the subject name appears the same as it’s stored in the certificate.
|
When this policy setting isn't turned on, the subject name appears the same as it's stored in the certificate.
|
||||||
|
|
||||||
|
|
||||||
| **Item** | **Description** |
|
| **Item** | **Description** |
|
||||||
@ -346,7 +334,7 @@ You can use this policy setting to manage the root certificate propagation that
|
|||||||
|
|
||||||
When this policy setting is turned on, root certificate propagation occurs when the user inserts the smart card.
|
When this policy setting is turned on, root certificate propagation occurs when the user inserts the smart card.
|
||||||
|
|
||||||
When this policy setting isn’t turned on, root certificate propagation doesn’t occur when the user inserts the smart card.
|
When this policy setting isn't turned on, root certificate propagation doesn't occur when the user inserts the smart card.
|
||||||
|
|
||||||
| **Item** | **Description** |
|
| **Item** | **Description** |
|
||||||
|--------------------------------------|---------------------------------------------------------------------------------------------------------|
|
|--------------------------------------|---------------------------------------------------------------------------------------------------------|
|
||||||
|
|||||||
@ -1,21 +1,9 @@
|
|||||||
---
|
---
|
||||||
title: How Smart Card Sign-in Works in Windows
|
title: How Smart Card Sign-in Works in Windows
|
||||||
description: This topic for IT professional provides links to resources about the implementation of smart card technologies in the Windows operating system.
|
description: This topic for IT professional provides links to resources about the implementation of smart card technologies in the Windows operating system.
|
||||||
ms.prod: windows-client
|
|
||||||
author: paolomatarazzo
|
|
||||||
ms.author: paoloma
|
|
||||||
ms.reviewer: ardenw
|
ms.reviewer: ardenw
|
||||||
manager: aaroncz
|
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.localizationpriority: medium
|
|
||||||
ms.date: 09/24/2021
|
ms.date: 09/24/2021
|
||||||
appliesto:
|
|
||||||
- ✅ <b>Windows 10</b>
|
|
||||||
- ✅ <b>Windows 11</b>
|
|
||||||
- ✅ <b>Windows Server 2016</b>
|
|
||||||
- ✅ <b>Windows Server 2019</b>
|
|
||||||
- ✅ <b>Windows Server 2022</b>
|
|
||||||
ms.technology: itpro-security
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# How Smart Card Sign-in Works in Windows
|
# How Smart Card Sign-in Works in Windows
|
||||||
|
|||||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user