Update Windows Hello for Business configuration documentation

2025-05-14 06:17:22 +00:00 · 2023-12-29 17:21:15 -05:00 · 2023-12-29 17:21:15 -05:00 · b2ed8f90ce
commit b2ed8f90ce
parent a1332224e1
4 changed files with 3 additions and 5 deletions
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-enroll.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-enroll.md
@ -41,7 +41,7 @@ If the Intune tenant-wide policy is enabled and configured to your needs, you ca
 ---

 > [!NOTE]
-> If you deployed Windows Hello for Business configuration using both Group Policy and Intune, Group Policy settings will take precedence and Intune settings will be ignored. For more information about policy conflicts, see [Policy conflicts from multiple policy sources](../../configure.md#policy-conflicts-from-multiple-policy-sources)
+> If you deployed Windows Hello for Business configuration using both Group Policy and Intune, Group Policy settings will take precedence and Intune settings will be ignored. For more information about policy conflicts, see [Policy conflicts from multiple policy sources](../configure.md#policy-conflicts-from-multiple-policy-sources)

 Additional policy settings can be configured to control the behavior of Windows Hello for Business. For more information, see [Windows Hello for Business policy settings](../policy-settings.md).

--- a/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-pki.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-pki.md
@ -5,7 +5,7 @@ ms.date: 01/03/2024
 ms.topic: tutorial
 ---

-## Configure and validate the Public Key Infrastructure
+# Configure and validate the PKI in an on-premises certificate trust model

 [!INCLUDE [apply-to-on-premises-cert-trust](includes/apply-to-on-premises-cert-trust.md)]

--- a/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-pki.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-pki.md
@ -5,7 +5,7 @@ ms.date: 01/03/2024
 ms.topic: tutorial
 ---

-## Configure and validate the Public Key Infrastructure
+# Configure and validate the PKI in an on-premises key trust model

 [!INCLUDE [apply-to-on-premises-key-trust](includes/apply-to-on-premises-key-trust.md)]

--- a/windows/security/identity-protection/hello-for-business/index.md
+++ b/windows/security/identity-protection/hello-for-business/index.md
@ -66,8 +66,6 @@ When an identity provider supports keys, the Windows Hello provisioning process
 > [!NOTE]
 > Windows Hello as a convenience sign-in uses regular username and password authentication, without the user entering the password.

-:::image type="content" alt-text="How authentication works in Windows Hello." source="images/authflow.png" lightbox="images/authflow.png":::
-
 Imagine that someone is looking over your shoulder as you get money from an ATM and sees the PIN that you enter. Having that PIN won't help them access your account because they don't have your ATM card. In the same way, learning your PIN for your device doesn't allow that attacker to access your account because the PIN is local to your specific device and doesn't enable any type of authentication from any other device.

 Windows Hello helps protect user identities and user credentials. Because the user doesn't enter a password (except during provisioning), it helps circumvent phishing and brute force attacks. It also helps prevent server breaches because Windows Hello credentials are an asymmetric key pair, which helps prevent replay attacks when these keys are protected by TPMs.