diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index 3562d6d9f1..2ffc227a40 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -8,7 +8,7 @@ "locale": "en-us", "monikers": [], "moniker_ranges": [], - "open_to_public_contributors": true, + "open_to_public_contributors": false, "type_mapping": { "Conceptual": "Content", "ManagedReference": "Content", @@ -40,7 +40,7 @@ "locale": "en-us", "monikers": [], "moniker_ranges": [], - "open_to_public_contributors": true, + "open_to_public_contributors": false, "type_mapping": { "Conceptual": "Content", "ManagedReference": "Content", @@ -56,7 +56,7 @@ "locale": "en-us", "monikers": [], "moniker_ranges": [], - "open_to_public_contributors": true, + "open_to_public_contributors": false, "type_mapping": { "Conceptual": "Content", "ManagedReference": "Content", @@ -88,7 +88,7 @@ "locale": "en-us", "monikers": [], "moniker_ranges": [], - "open_to_public_contributors": true, + "open_to_public_contributors": false, "type_mapping": { "Conceptual": "Content", "ManagedReference": "Content", @@ -120,7 +120,7 @@ "locale": "en-us", "monikers": [], "moniker_ranges": [], - "open_to_public_contributors": true, + "open_to_public_contributors": false, "type_mapping": { "Conceptual": "Content", "ManagedReference": "Content", @@ -136,7 +136,7 @@ "locale": "en-us", "monikers": [], "moniker_ranges": [], - "open_to_public_contributors": true, + "open_to_public_contributors": false, "type_mapping": { "Conceptual": "Content", "ManagedReference": "Content", @@ -200,7 +200,7 @@ "locale": "en-us", "monikers": [], "moniker_ranges": [], - "open_to_public_contributors": true, + "open_to_public_contributors": false, "type_mapping": { "Conceptual": "Content", "ManagedReference": "Content", @@ -232,7 +232,7 @@ "locale": "en-us", "monikers": [], "moniker_ranges": [], - "open_to_public_contributors": true, + "open_to_public_contributors": false, "type_mapping": { "Conceptual": "Content", "ManagedReference": "Content", @@ -280,7 +280,7 @@ "locale": "en-us", "monikers": [], "moniker_ranges": [], - "open_to_public_contributors": true, + "open_to_public_contributors": false, "type_mapping": { "Conceptual": "Content", "ManagedReference": "Content", @@ -481,4 +481,4 @@ }, "need_generate_pdf": false, "need_generate_intellisense": false -} \ No newline at end of file +} diff --git a/browsers/edge/docfx.json b/browsers/edge/docfx.json index aaea044e0e..45cd5c2570 100644 --- a/browsers/edge/docfx.json +++ b/browsers/edge/docfx.json @@ -35,6 +35,7 @@ "manager": "laurawi", "ms.prod": "edge", "feedback_system": "None", + "hideEdit": true, "_op_documentIdPathDepotMapping": { "./": { "depot_name": "Win.microsoft-edge", diff --git a/browsers/internet-explorer/docfx.json b/browsers/internet-explorer/docfx.json index 9fdee0781f..1cec2c9694 100644 --- a/browsers/internet-explorer/docfx.json +++ b/browsers/internet-explorer/docfx.json @@ -31,6 +31,7 @@ "manager": "laurawi", "ms.date": "04/05/2017", "feedback_system": "None", + "hideEdit": true, "_op_documentIdPathDepotMapping": { "./": { "depot_name": "Win.internet-explorer", diff --git a/education/docfx.json b/education/docfx.json index ccdccf2c7e..91c875c200 100644 --- a/education/docfx.json +++ b/education/docfx.json @@ -33,6 +33,7 @@ "breadcrumb_path": "/education/breadcrumb/toc.json", "ms.date": "05/09/2017", "feedback_system": "None", + "hideEdit": true, "_op_documentIdPathDepotMapping": { "./": { "depot_name": "Win.education", diff --git a/smb/docfx.json b/smb/docfx.json index 5e53d296ed..14448aa33c 100644 --- a/smb/docfx.json +++ b/smb/docfx.json @@ -31,6 +31,7 @@ "globalMetadata": { "breadcrumb_path": "/windows/smb/breadcrumb/toc.json", "feedback_system": "None", + "hideEdit": true, "_op_documentIdPathDepotMapping": { "./": { "depot_name": "TechNet.smb", diff --git a/store-for-business/docfx.json b/store-for-business/docfx.json index aeefd6b341..760a988add 100644 --- a/store-for-business/docfx.json +++ b/store-for-business/docfx.json @@ -41,6 +41,7 @@ "Store" ], "feedback_system": "None", + "hideEdit": true, "_op_documentIdPathDepotMapping": { "./": { "depot_name": "MSDN.store-for-business", diff --git a/windows/configuration/docfx.json b/windows/configuration/docfx.json index e8e03a3ba7..4986e61b5d 100644 --- a/windows/configuration/docfx.json +++ b/windows/configuration/docfx.json @@ -36,6 +36,7 @@ "audience": "ITPro", "ms.topic": "article", "feedback_system": "None", + "hideEdit": true, "_op_documentIdPathDepotMapping": { "./": { "depot_name": "MSDN.win-configuration", diff --git a/windows/configure/docfx.json b/windows/configure/docfx.json index 32e84ef526..3dcf319a94 100644 --- a/windows/configure/docfx.json +++ b/windows/configure/docfx.json @@ -31,6 +31,7 @@ "externalReference": [], "globalMetadata": { "feedback_system": "None", + "hideEdit": true, "_op_documentIdPathDepotMapping": { "./": { "depot_name": "MSDN.windows-configure" diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md index f00875d1a2..c1a9b60e79 100644 --- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md +++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md @@ -23,19 +23,21 @@ In Windows 10, Windows Hello for Business replaces passwords with strong two-fa Windows Hello for Business lets user authenticate to an Active Directory or Azure Active Directory account. Windows Hello addresses the following problems with passwords: -- Strong passwords can be difficult to remember, and users often reuse passwords on multiple sites. -- Server breaches can expose symmetric network credentials (passwords). -- Passwords are subject to [replay attacks](https://go.microsoft.com/fwlink/p/?LinkId=615673). -- Users can inadvertently expose their passwords due to [phishing attacks](https://docs.microsoft.com/windows/security/threat-protection/intelligence/phishing). + +- Strong passwords can be difficult to remember, and users often reuse passwords on multiple sites. +- Server breaches can expose symmetric network credentials (passwords). +- Passwords are subject to [replay attacks](https://go.microsoft.com/fwlink/p/?LinkId=615673). +- Users can inadvertently expose their passwords due to [phishing attacks](https://docs.microsoft.com/windows/security/threat-protection/intelligence/phishing). >[!div class="mx-tdBreakAll"] >| | | | >| :---: | :---: | :---: | >| [![Overview Icon](images/hello_filter.png)](hello-overview.md)
[Overview](hello-overview.md) | [![Why a PIN is better than a password Icon](images/hello_lock.png)](hello-why-pin-is-better-than-password.md)
[Why PIN is better than a password](hello-why-pin-is-better-than-password.md) | [![Manage Hello Icon](images/hello_gear.png)](hello-manage-in-organization.md)
[Manage Windows Hello in your Organization](hello-manage-in-organization.md) | -## Prerequisites +## Prerequisites ### Cloud Only Deployment + * Windows 10, version 1511 or later * Microsoft Azure Account * Azure Active Directory @@ -44,6 +46,7 @@ Windows Hello addresses the following problems with passwords: * Azure AD Premium subscription - *optional*, needed for automatic MDM enrollment when the device joins Azure Active Directory ### Hybrid Deployments + The table shows the minimum requirements for each deployment. For key trust in a multi-domain/multi-forest deployment, the following requirements are applicable for each domain/forest that hosts Windows Hello for business components or is involved in the Kerberos referral process. | Key trust
Group Policy managed | Certificate trust
Mixed managed | Key trust
Modern managed | Certificate trust
Modern managed | @@ -54,25 +57,26 @@ The table shows the minimum requirements for each deployment. For key trust in a | Windows Server 2016 or later Domain Controllers | Windows Server 2008 R2 or later Domain Controllers | Windows Server 2016 or later Domain Controllers | Windows Server 2008 R2 or later Domain Controllers | | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority | | N/A | Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/help/4088889) (hybrid Azure AD joined clients),
and
Windows Server 2012 or later Network Device Enrollment Service (Azure AD joined) | N/A | Windows Server 2012 or later Network Device Enrollment Service | -| Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/Azure MFA Server adapter, or
AD FS w/3rd Party MFA Adapter| Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/Azure MFA Server adapter, or
AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/Azure MFA Server adapter, or
AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/Azure MFA Server adapter, or
AD FS w/3rd Party MFA Adapter | +| Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/3rd Party MFA Adapter| Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/3rd Party MFA Adapter | | Azure Account | Azure Account | Azure Account | Azure Account | | Azure Active Directory | Azure Active Directory | Azure Active Directory | Azure Active Directory | | Azure AD Connect | Azure AD Connect | Azure AD Connect | Azure AD Connect | | Azure AD Premium, optional | Azure AD Premium, needed for device write-back | Azure AD Premium, optional for automatic MDM enrollment | Azure AD Premium, optional for automatic MDM enrollment | -### On-premises Deployments +### On-premises Deployments + The table shows the minimum requirements for each deployment. | Key trust
Group Policy managed | Certificate trust
Group Policy managed| -| --- | --- | +| --- | --- | | Windows 10, version 1703 or later | Windows 10, version 1703 or later | | Windows Server 2016 Schema | Windows Server 2016 Schema| | Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level | | Windows Server 2016 or later Domain Controllers | Windows Server 2008 R2 or later Domain Controllers | | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority | | Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/help/4088889) | Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/help/4088889) | -| AD FS with Azure MFA Server, or
AD FS with 3rd Party MFA Adapter | AD FS with Azure MFA Server, or
AD FS with 3rd Party MFA Adapter | +| AD FS with 3rd Party MFA Adapter | AD FS with 3rd Party MFA Adapter | | Azure Account, optional for Azure MFA billing | Azure Account, optional for Azure MFA billing | >[!IMPORTANT] -> For Windows Hello for Business deployment, if you have several domains, at least one Windows Server Domain Controller 2016 is required for each domain. For more information, see the [planning guide](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers). +> For Windows Hello for Business key trust deployments, if you have several domains, at least one Windows Server Domain Controller 2016 or newer is required for each domain. For more information, see the [planning guide](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers).