From 00486ad7c37489f306758d6e249e9dc986abb054 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Notin?= Date: Mon, 11 Oct 2021 19:35:00 +0200 Subject: [PATCH 1/5] Fix default location of Authenticated Users special identity --- .../identity-protection/access-control/special-identities.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/access-control/special-identities.md b/windows/security/identity-protection/access-control/special-identities.md index f0c84a4b48..d97d4fecb9 100644 --- a/windows/security/identity-protection/access-control/special-identities.md +++ b/windows/security/identity-protection/access-control/special-identities.md @@ -106,7 +106,7 @@ Any user who accesses the system through a sign-in process has the Authenticated | :--: | :--: | | Well-Known SID/RID | S-1-5-11 | |Object Class| Foreign Security Principal| -|Default Location in Active Directory |cn=System,cn=WellKnown Security Principals, cn=Configuration, dc=\| +|Default Location in Active Directory |cn=WellKnown Security Principals, cn=Configuration, dc=\| |Default User Rights| [Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight
[Add workstations to domain](/windows/device-security/security-policy-settings/add-workstations-to-domain): SeMachineAccountPrivilege
[Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege| ## Batch From 50093836827e70076bd6b549f749104ef662bbdc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Notin?= Date: Mon, 11 Oct 2021 20:02:38 +0200 Subject: [PATCH 2/5] Fix Authenticated Users name --- .../identity-protection/access-control/special-identities.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/access-control/special-identities.md b/windows/security/identity-protection/access-control/special-identities.md index f0c84a4b48..6bf47c2e9e 100644 --- a/windows/security/identity-protection/access-control/special-identities.md +++ b/windows/security/identity-protection/access-control/special-identities.md @@ -39,7 +39,7 @@ The special identity groups are described in the following tables: - [Anonymous Logon](#anonymous-logon) -- [Authenticated User](#authenticated-users) +- [Authenticated Users](#authenticated-users) - [Batch](#batch) From e998fa0bf2b958635a284c5751959d96cb3733fa Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 12 Oct 2021 12:02:50 -0700 Subject: [PATCH 3/5] Update special-identities.md --- .../identity-protection/access-control/special-identities.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/access-control/special-identities.md b/windows/security/identity-protection/access-control/special-identities.md index 6bf47c2e9e..fbc28f98f2 100644 --- a/windows/security/identity-protection/access-control/special-identities.md +++ b/windows/security/identity-protection/access-control/special-identities.md @@ -12,7 +12,7 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article ms.localizationpriority: medium -ms.date: 04/19/2017 +ms.date: 10/12/2021 ms.reviewer: --- From e89052838304eb882827c85618c5cdf4042b1f5a Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Tue, 12 Oct 2021 12:04:36 -0700 Subject: [PATCH 4/5] Update special-identities.md --- .../identity-protection/access-control/special-identities.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/access-control/special-identities.md b/windows/security/identity-protection/access-control/special-identities.md index d97d4fecb9..1ae787f9f7 100644 --- a/windows/security/identity-protection/access-control/special-identities.md +++ b/windows/security/identity-protection/access-control/special-identities.md @@ -12,7 +12,7 @@ manager: dansimp ms.collection: M365-identity-device-management ms.topic: article ms.localizationpriority: medium -ms.date: 04/19/2017 +ms.date: 10/12/2021 ms.reviewer: --- From 05da7d5caea72cf7c2f6b6b1a85ac5bf485bcf2e Mon Sep 17 00:00:00 2001 From: Matthew Palko Date: Tue, 12 Oct 2021 13:32:47 -0700 Subject: [PATCH 5/5] update PIN reset note about DC connectivity requirement --- .../hello-for-business/hello-feature-pin-reset.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md index 25b4269de7..29bce3f5dc 100644 --- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md +++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md @@ -38,7 +38,7 @@ There are two forms of PIN reset called destructive and non-destructive. Destruc Destructive and non-destructive PIN reset use the same entry points for initiating a PIN reset. If a user has forgotten their PIN, but has an alternate logon method, they can navigate to Sign-in options in Settings and initiate a PIN reset from the PIN options. If they do not have an alternate way to sign into their device, PIN reset can also be initiated from above the lock screen in the PIN credential provider. >[!IMPORTANT] ->For hybrid Azure AD joined devices, users must have corporate network connectivity to domain controllers to reset their PIN. If AD FS is being used for certificate trust or for on-premises only deployments, users must also have corporate network connectivity to federation services to reset their PIN. +>For hybrid Azure AD joined devices, users must have corporate network connectivity to domain controllers to complete destructive PIN reset. If AD FS is being used for certificate trust or for on-premises only deployments, users must also have corporate network connectivity to federation services to reset their PIN. ### Reset PIN from Settings