From f9ae93eedd1e7dff201f8f4f72b4735e57559692 Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Fri, 1 Nov 2019 13:52:39 -0700 Subject: [PATCH 1/9] Update .openpublishing.publish.config.json --- .openpublishing.publish.config.json | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index 3562d6d9f1..2ffc227a40 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -8,7 +8,7 @@ "locale": "en-us", "monikers": [], "moniker_ranges": [], - "open_to_public_contributors": true, + "open_to_public_contributors": false, "type_mapping": { "Conceptual": "Content", "ManagedReference": "Content", @@ -40,7 +40,7 @@ "locale": "en-us", "monikers": [], "moniker_ranges": [], - "open_to_public_contributors": true, + "open_to_public_contributors": false, "type_mapping": { "Conceptual": "Content", "ManagedReference": "Content", @@ -56,7 +56,7 @@ "locale": "en-us", "monikers": [], "moniker_ranges": [], - "open_to_public_contributors": true, + "open_to_public_contributors": false, "type_mapping": { "Conceptual": "Content", "ManagedReference": "Content", @@ -88,7 +88,7 @@ "locale": "en-us", "monikers": [], "moniker_ranges": [], - "open_to_public_contributors": true, + "open_to_public_contributors": false, "type_mapping": { "Conceptual": "Content", "ManagedReference": "Content", @@ -120,7 +120,7 @@ "locale": "en-us", "monikers": [], "moniker_ranges": [], - "open_to_public_contributors": true, + "open_to_public_contributors": false, "type_mapping": { "Conceptual": "Content", "ManagedReference": "Content", @@ -136,7 +136,7 @@ "locale": "en-us", "monikers": [], "moniker_ranges": [], - "open_to_public_contributors": true, + "open_to_public_contributors": false, "type_mapping": { "Conceptual": "Content", "ManagedReference": "Content", @@ -200,7 +200,7 @@ "locale": "en-us", "monikers": [], "moniker_ranges": [], - "open_to_public_contributors": true, + "open_to_public_contributors": false, "type_mapping": { "Conceptual": "Content", "ManagedReference": "Content", @@ -232,7 +232,7 @@ "locale": "en-us", "monikers": [], "moniker_ranges": [], - "open_to_public_contributors": true, + "open_to_public_contributors": false, "type_mapping": { "Conceptual": "Content", "ManagedReference": "Content", @@ -280,7 +280,7 @@ "locale": "en-us", "monikers": [], "moniker_ranges": [], - "open_to_public_contributors": true, + "open_to_public_contributors": false, "type_mapping": { "Conceptual": "Content", "ManagedReference": "Content", @@ -481,4 +481,4 @@ }, "need_generate_pdf": false, "need_generate_intellisense": false -} \ No newline at end of file +} From b1cc05265e6a0490946f5bc6dc5fbb6492a696e1 Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Fri, 1 Nov 2019 14:14:49 -0700 Subject: [PATCH 2/9] Update smb docfx.json Add hideEdit --- smb/docfx.json | 1 + 1 file changed, 1 insertion(+) diff --git a/smb/docfx.json b/smb/docfx.json index 5e53d296ed..14448aa33c 100644 --- a/smb/docfx.json +++ b/smb/docfx.json @@ -31,6 +31,7 @@ "globalMetadata": { "breadcrumb_path": "/windows/smb/breadcrumb/toc.json", "feedback_system": "None", + "hideEdit": true, "_op_documentIdPathDepotMapping": { "./": { "depot_name": "TechNet.smb", From e08a14732c00f40e0e7491c84081ca47b18ce11b Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Fri, 1 Nov 2019 14:22:37 -0700 Subject: [PATCH 3/9] Update edge docfx.json Added hideEdit --- browsers/edge/docfx.json | 1 + 1 file changed, 1 insertion(+) diff --git a/browsers/edge/docfx.json b/browsers/edge/docfx.json index aaea044e0e..45cd5c2570 100644 --- a/browsers/edge/docfx.json +++ b/browsers/edge/docfx.json @@ -35,6 +35,7 @@ "manager": "laurawi", "ms.prod": "edge", "feedback_system": "None", + "hideEdit": true, "_op_documentIdPathDepotMapping": { "./": { "depot_name": "Win.microsoft-edge", From ead6deb9551909acc6b3c1d79760cfebfe6b23ae Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Fri, 1 Nov 2019 15:16:25 -0700 Subject: [PATCH 4/9] Update internet-explorer docfx.json Add hideEdit --- browsers/internet-explorer/docfx.json | 1 + 1 file changed, 1 insertion(+) diff --git a/browsers/internet-explorer/docfx.json b/browsers/internet-explorer/docfx.json index 9fdee0781f..1cec2c9694 100644 --- a/browsers/internet-explorer/docfx.json +++ b/browsers/internet-explorer/docfx.json @@ -31,6 +31,7 @@ "manager": "laurawi", "ms.date": "04/05/2017", "feedback_system": "None", + "hideEdit": true, "_op_documentIdPathDepotMapping": { "./": { "depot_name": "Win.internet-explorer", From ea6f0c8f905e1f3b815967dd2bf283dcee7c4ab7 Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Fri, 1 Nov 2019 15:45:21 -0700 Subject: [PATCH 5/9] Update education docfx.json Add hideEdit --- education/docfx.json | 1 + 1 file changed, 1 insertion(+) diff --git a/education/docfx.json b/education/docfx.json index ccdccf2c7e..91c875c200 100644 --- a/education/docfx.json +++ b/education/docfx.json @@ -33,6 +33,7 @@ "breadcrumb_path": "/education/breadcrumb/toc.json", "ms.date": "05/09/2017", "feedback_system": "None", + "hideEdit": true, "_op_documentIdPathDepotMapping": { "./": { "depot_name": "Win.education", From db565a540ea51a59681129c67262af27b02159df Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Fri, 1 Nov 2019 15:46:25 -0700 Subject: [PATCH 6/9] Update store-for-business docfx.json Add hideEdit --- store-for-business/docfx.json | 1 + 1 file changed, 1 insertion(+) diff --git a/store-for-business/docfx.json b/store-for-business/docfx.json index aeefd6b341..760a988add 100644 --- a/store-for-business/docfx.json +++ b/store-for-business/docfx.json @@ -41,6 +41,7 @@ "Store" ], "feedback_system": "None", + "hideEdit": true, "_op_documentIdPathDepotMapping": { "./": { "depot_name": "MSDN.store-for-business", From 6480cee04dbbeb543d6294ff51dbd4641323a7bd Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Fri, 1 Nov 2019 15:47:19 -0700 Subject: [PATCH 7/9] Update windows-configure docfx.json Add hideEdit --- windows/configure/docfx.json | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/configure/docfx.json b/windows/configure/docfx.json index 32e84ef526..3dcf319a94 100644 --- a/windows/configure/docfx.json +++ b/windows/configure/docfx.json @@ -31,6 +31,7 @@ "externalReference": [], "globalMetadata": { "feedback_system": "None", + "hideEdit": true, "_op_documentIdPathDepotMapping": { "./": { "depot_name": "MSDN.windows-configure" From 5485238f9c14aac23761191aba4e5302a0d179b0 Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Fri, 1 Nov 2019 15:48:27 -0700 Subject: [PATCH 8/9] Update win-configuration docfx.json Add hideEdit --- windows/configuration/docfx.json | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/configuration/docfx.json b/windows/configuration/docfx.json index e8e03a3ba7..4986e61b5d 100644 --- a/windows/configuration/docfx.json +++ b/windows/configuration/docfx.json @@ -36,6 +36,7 @@ "audience": "ITPro", "ms.topic": "article", "feedback_system": "None", + "hideEdit": true, "_op_documentIdPathDepotMapping": { "./": { "depot_name": "MSDN.win-configuration", From a7f31a12890a8136749f3fb9e591ef1e67d9a799 Mon Sep 17 00:00:00 2001 From: Matthew Palko Date: Fri, 1 Nov 2019 17:29:29 -0700 Subject: [PATCH 9/9] Updating table of requirements for MFA server deprecation --- .../hello-identity-verification.md | 24 +++++++++++-------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md index f00875d1a2..c1a9b60e79 100644 --- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md +++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md @@ -23,19 +23,21 @@ In Windows 10, Windows Hello for Business replaces passwords with strong two-fa Windows Hello for Business lets user authenticate to an Active Directory or Azure Active Directory account. Windows Hello addresses the following problems with passwords: -- Strong passwords can be difficult to remember, and users often reuse passwords on multiple sites. -- Server breaches can expose symmetric network credentials (passwords). -- Passwords are subject to [replay attacks](https://go.microsoft.com/fwlink/p/?LinkId=615673). -- Users can inadvertently expose their passwords due to [phishing attacks](https://docs.microsoft.com/windows/security/threat-protection/intelligence/phishing). + +- Strong passwords can be difficult to remember, and users often reuse passwords on multiple sites. +- Server breaches can expose symmetric network credentials (passwords). +- Passwords are subject to [replay attacks](https://go.microsoft.com/fwlink/p/?LinkId=615673). +- Users can inadvertently expose their passwords due to [phishing attacks](https://docs.microsoft.com/windows/security/threat-protection/intelligence/phishing). >[!div class="mx-tdBreakAll"] >| | | | >| :---: | :---: | :---: | >| [![Overview Icon](images/hello_filter.png)](hello-overview.md)
[Overview](hello-overview.md) | [![Why a PIN is better than a password Icon](images/hello_lock.png)](hello-why-pin-is-better-than-password.md)
[Why PIN is better than a password](hello-why-pin-is-better-than-password.md) | [![Manage Hello Icon](images/hello_gear.png)](hello-manage-in-organization.md)
[Manage Windows Hello in your Organization](hello-manage-in-organization.md) | -## Prerequisites +## Prerequisites ### Cloud Only Deployment + * Windows 10, version 1511 or later * Microsoft Azure Account * Azure Active Directory @@ -44,6 +46,7 @@ Windows Hello addresses the following problems with passwords: * Azure AD Premium subscription - *optional*, needed for automatic MDM enrollment when the device joins Azure Active Directory ### Hybrid Deployments + The table shows the minimum requirements for each deployment. For key trust in a multi-domain/multi-forest deployment, the following requirements are applicable for each domain/forest that hosts Windows Hello for business components or is involved in the Kerberos referral process. | Key trust
Group Policy managed | Certificate trust
Mixed managed | Key trust
Modern managed | Certificate trust
Modern managed | @@ -54,25 +57,26 @@ The table shows the minimum requirements for each deployment. For key trust in a | Windows Server 2016 or later Domain Controllers | Windows Server 2008 R2 or later Domain Controllers | Windows Server 2016 or later Domain Controllers | Windows Server 2008 R2 or later Domain Controllers | | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority | | N/A | Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/help/4088889) (hybrid Azure AD joined clients),
and
Windows Server 2012 or later Network Device Enrollment Service (Azure AD joined) | N/A | Windows Server 2012 or later Network Device Enrollment Service | -| Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/Azure MFA Server adapter, or
AD FS w/3rd Party MFA Adapter| Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/Azure MFA Server adapter, or
AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/Azure MFA Server adapter, or
AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/Azure MFA Server adapter, or
AD FS w/3rd Party MFA Adapter | +| Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/3rd Party MFA Adapter| Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/3rd Party MFA Adapter | Azure MFA tenant, or
AD FS w/Azure MFA adapter, or
AD FS w/3rd Party MFA Adapter | | Azure Account | Azure Account | Azure Account | Azure Account | | Azure Active Directory | Azure Active Directory | Azure Active Directory | Azure Active Directory | | Azure AD Connect | Azure AD Connect | Azure AD Connect | Azure AD Connect | | Azure AD Premium, optional | Azure AD Premium, needed for device write-back | Azure AD Premium, optional for automatic MDM enrollment | Azure AD Premium, optional for automatic MDM enrollment | -### On-premises Deployments +### On-premises Deployments + The table shows the minimum requirements for each deployment. | Key trust
Group Policy managed | Certificate trust
Group Policy managed| -| --- | --- | +| --- | --- | | Windows 10, version 1703 or later | Windows 10, version 1703 or later | | Windows Server 2016 Schema | Windows Server 2016 Schema| | Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level | | Windows Server 2016 or later Domain Controllers | Windows Server 2008 R2 or later Domain Controllers | | Windows Server 2012 or later Certificate Authority | Windows Server 2012 or later Certificate Authority | | Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/help/4088889) | Windows Server 2016 AD FS with [KB4088889 update](https://support.microsoft.com/help/4088889) | -| AD FS with Azure MFA Server, or
AD FS with 3rd Party MFA Adapter | AD FS with Azure MFA Server, or
AD FS with 3rd Party MFA Adapter | +| AD FS with 3rd Party MFA Adapter | AD FS with 3rd Party MFA Adapter | | Azure Account, optional for Azure MFA billing | Azure Account, optional for Azure MFA billing | >[!IMPORTANT] -> For Windows Hello for Business deployment, if you have several domains, at least one Windows Server Domain Controller 2016 is required for each domain. For more information, see the [planning guide](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers). +> For Windows Hello for Business key trust deployments, if you have several domains, at least one Windows Server Domain Controller 2016 or newer is required for each domain. For more information, see the [planning guide](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers).