From a9f1192d612a9f1340b6d77d99ec6d04713c53d1 Mon Sep 17 00:00:00 2001 From: RavennMSFT <37601656+RavennMSFT@users.noreply.github.com> Date: Fri, 10 Jan 2020 10:12:26 -0800 Subject: [PATCH 1/6] Update hello-deployment-guide.md Added a note for the provisioning flow --- .../hello-for-business/hello-deployment-guide.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md index 72257804e5..b32e951f47 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md @@ -68,3 +68,6 @@ Following are the various deployment guides and models included in this topic: Windows Hello for Business provisioning begins immediately after the user has signed in, after the user profile is loaded, but before the user receives their desktop. Windows only launches the provisioning experience if all the prerequisite checks pass. You can determine the status of the prerequisite checks by viewing the **User Device Registration** in the **Event Viewer** under **Applications and Services Logs\Microsoft\Windows**. +> [!NOTE] +> You need to allow access to account.microsoft.com URL to initiate Windows Hello for Business provisioning. This URL launches the subsequent steps in the provisioning process and is required to successfully complete Windows Hello for Business provisioning. This URL does not require any authentication and as such, does not collect any user data. + From f20450f7dc687f2206c4882b40f692f984a5eea2 Mon Sep 17 00:00:00 2001 From: RavennMSFT <37601656+RavennMSFT@users.noreply.github.com> Date: Fri, 10 Jan 2020 11:06:00 -0800 Subject: [PATCH 2/6] Update hello-hybrid-key-trust-prereqs.md Added provisioniong prereq for account.microsoft.com --- .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index d2694a48af..1eb7a19f07 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -125,7 +125,11 @@ Hybrid Windows Hello for Business deployments can use Azure’s Multifactor Auth ## Device Registration Organizations wanting to deploy hybrid key trust need their domain joined devices to register to Azure Active Directory. Just as a computer has an identity in Active Directory, that same computer has an identity in the cloud. This ensures that only approved computers are used with that Azure Active Directory. Each computer registers its identity in Azure Active Directory. - + +## Provisioning + +You need to allow access to account.microsoft.com URL to initiate Windows Hello for Business provisioning. This URL launches the subsequent steps in the provisioning process and is required to successfully complete Windows Hello for Business provisioning. This URL does not require any authentication and as such, does not collect any user data. + ### Section Checklist From 259117e6401135bfdd77596e446bb942c2081089 Mon Sep 17 00:00:00 2001 From: RavennMSFT <37601656+RavennMSFT@users.noreply.github.com> Date: Fri, 10 Jan 2020 11:07:39 -0800 Subject: [PATCH 3/6] Update hello-hybrid-cert-trust-prereqs.md Added prereq for account.microsoft.com --- .../hello-for-business/hello-hybrid-cert-trust-prereqs.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md index 8ed6db6fb4..1e84b38026 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md @@ -118,6 +118,11 @@ Hybrid certificate trust deployments need the device write back feature. Authen > [!NOTE] > Windows Hello for Business is tied between a user and a device. Both the user and device need to be synchronized between Azure Active Directory and Active Directory, and therefore the device writeback is used to update the msDS-KeyCredentialLink on the computer object. +## Provisioning + +You need to allow access to account.microsoft.com URL to initiate Windows Hello for Business provisioning. This URL launches the subsequent steps in the provisioning process and is required to successfully complete Windows Hello for Business provisioning. This URL does not require any authentication and as such, does not collect any user data. + + ### Section Checklist ### > [!div class="checklist"] > * Azure Active Directory Device writeback From dc3fab22d44a1b2fb761c03639c9ec1606f42c7f Mon Sep 17 00:00:00 2001 From: RavennMSFT <37601656+RavennMSFT@users.noreply.github.com> Date: Mon, 13 Jan 2020 12:06:24 -0800 Subject: [PATCH 4/6] Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index 1eb7a19f07..d57a2b162d 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -128,7 +128,7 @@ Organizations wanting to deploy hybrid key trust need their domain joined device ## Provisioning -You need to allow access to account.microsoft.com URL to initiate Windows Hello for Business provisioning. This URL launches the subsequent steps in the provisioning process and is required to successfully complete Windows Hello for Business provisioning. This URL does not require any authentication and as such, does not collect any user data. +You need to allow access to the URL account.microsoft.com to initiate Windows Hello for Business provisioning. This URL launches the subsequent steps in the provisioning process and is required to successfully complete Windows Hello for Business provisioning. This URL does not require any authentication and as such, does not collect any user data. ### Section Checklist From fd059290325835617526bca61cc7d29525b3818d Mon Sep 17 00:00:00 2001 From: RavennMSFT <37601656+RavennMSFT@users.noreply.github.com> Date: Mon, 13 Jan 2020 12:06:32 -0800 Subject: [PATCH 5/6] Update windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-hybrid-cert-trust-prereqs.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md index 1e84b38026..f7a5eed854 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md @@ -120,7 +120,7 @@ Hybrid certificate trust deployments need the device write back feature. Authen ## Provisioning -You need to allow access to account.microsoft.com URL to initiate Windows Hello for Business provisioning. This URL launches the subsequent steps in the provisioning process and is required to successfully complete Windows Hello for Business provisioning. This URL does not require any authentication and as such, does not collect any user data. +You need to allow access to the URL account.microsoft.com to initiate Windows Hello for Business provisioning. This URL launches the subsequent steps in the provisioning process and is required to successfully complete Windows Hello for Business provisioning. This URL does not require any authentication and as such, does not collect any user data. ### Section Checklist ### From 573d87f8d3a699f03dbaf9b36b64e1a7ab6c82c8 Mon Sep 17 00:00:00 2001 From: RavennMSFT <37601656+RavennMSFT@users.noreply.github.com> Date: Mon, 13 Jan 2020 12:06:40 -0800 Subject: [PATCH 6/6] Update windows/security/identity-protection/hello-for-business/hello-deployment-guide.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> --- .../hello-for-business/hello-deployment-guide.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md index b32e951f47..d1efe88759 100644 --- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md @@ -69,5 +69,4 @@ Following are the various deployment guides and models included in this topic: Windows Hello for Business provisioning begins immediately after the user has signed in, after the user profile is loaded, but before the user receives their desktop. Windows only launches the provisioning experience if all the prerequisite checks pass. You can determine the status of the prerequisite checks by viewing the **User Device Registration** in the **Event Viewer** under **Applications and Services Logs\Microsoft\Windows**. > [!NOTE] -> You need to allow access to account.microsoft.com URL to initiate Windows Hello for Business provisioning. This URL launches the subsequent steps in the provisioning process and is required to successfully complete Windows Hello for Business provisioning. This URL does not require any authentication and as such, does not collect any user data. - +> You need to allow access to the URL account.microsoft.com to initiate Windows Hello for Business provisioning. This URL launches the subsequent steps in the provisioning process and is required to successfully complete Windows Hello for Business provisioning. This URL does not require any authentication and as such, does not collect any user data.