From b2ed8f90ce3583e2479640fc3fa37510abf0cbfb Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 29 Dec 2023 17:21:15 -0500 Subject: [PATCH] Update Windows Hello for Business configuration documentation --- .../hello-for-business/deploy/hybrid-key-trust-enroll.md | 2 +- .../hello-for-business/deploy/on-premises-cert-trust-pki.md | 2 +- .../hello-for-business/deploy/on-premises-key-trust-pki.md | 2 +- .../security/identity-protection/hello-for-business/index.md | 2 -- 4 files changed, 3 insertions(+), 5 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-enroll.md b/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-enroll.md index 30567a525b..50eb2f7898 100644 --- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-enroll.md +++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-enroll.md @@ -41,7 +41,7 @@ If the Intune tenant-wide policy is enabled and configured to your needs, you ca --- > [!NOTE] -> If you deployed Windows Hello for Business configuration using both Group Policy and Intune, Group Policy settings will take precedence and Intune settings will be ignored. For more information about policy conflicts, see [Policy conflicts from multiple policy sources](../../configure.md#policy-conflicts-from-multiple-policy-sources) +> If you deployed Windows Hello for Business configuration using both Group Policy and Intune, Group Policy settings will take precedence and Intune settings will be ignored. For more information about policy conflicts, see [Policy conflicts from multiple policy sources](../configure.md#policy-conflicts-from-multiple-policy-sources) Additional policy settings can be configured to control the behavior of Windows Hello for Business. For more information, see [Windows Hello for Business policy settings](../policy-settings.md). diff --git a/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-pki.md b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-pki.md index a73874c1f5..85a2a23689 100644 --- a/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-pki.md +++ b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-pki.md @@ -5,7 +5,7 @@ ms.date: 01/03/2024 ms.topic: tutorial --- -## Configure and validate the Public Key Infrastructure +# Configure and validate the PKI in an on-premises certificate trust model [!INCLUDE [apply-to-on-premises-cert-trust](includes/apply-to-on-premises-cert-trust.md)] diff --git a/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-pki.md b/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-pki.md index 8f284de611..76b6adc914 100644 --- a/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-pki.md +++ b/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-pki.md @@ -5,7 +5,7 @@ ms.date: 01/03/2024 ms.topic: tutorial --- -## Configure and validate the Public Key Infrastructure +# Configure and validate the PKI in an on-premises key trust model [!INCLUDE [apply-to-on-premises-key-trust](includes/apply-to-on-premises-key-trust.md)] diff --git a/windows/security/identity-protection/hello-for-business/index.md b/windows/security/identity-protection/hello-for-business/index.md index 0f615d1964..7a1790135e 100644 --- a/windows/security/identity-protection/hello-for-business/index.md +++ b/windows/security/identity-protection/hello-for-business/index.md @@ -66,8 +66,6 @@ When an identity provider supports keys, the Windows Hello provisioning process > [!NOTE] > Windows Hello as a convenience sign-in uses regular username and password authentication, without the user entering the password. -:::image type="content" alt-text="How authentication works in Windows Hello." source="images/authflow.png" lightbox="images/authflow.png"::: - Imagine that someone is looking over your shoulder as you get money from an ATM and sees the PIN that you enter. Having that PIN won't help them access your account because they don't have your ATM card. In the same way, learning your PIN for your device doesn't allow that attacker to access your account because the PIN is local to your specific device and doesn't enable any type of authentication from any other device. Windows Hello helps protect user identities and user credentials. Because the user doesn't enter a password (except during provisioning), it helps circumvent phishing and brute force attacks. It also helps prevent server breaches because Windows Hello credentials are an asymmetric key pair, which helps prevent replay attacks when these keys are protected by TPMs.