From c673a95701debadf4fbe9c89fa1d4b90bf4f7e92 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Wed, 10 Jan 2024 08:03:32 -0500 Subject: [PATCH] Update Windows Hello for Business redirection and user preparation --- .openpublishing.redirection.windows-security.json | 7 ++++++- .../hello-for-business/deploy/prepare-users.md | 14 ++++++++++++-- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/.openpublishing.redirection.windows-security.json b/.openpublishing.redirection.windows-security.json index 616e192759..9ddad9824f 100644 --- a/.openpublishing.redirection.windows-security.json +++ b/.openpublishing.redirection.windows-security.json @@ -8217,7 +8217,7 @@ }, { "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md", - "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-pki", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust", "redirect_document_id": false }, { @@ -8329,6 +8329,11 @@ "source_path": "windows/security/identity-protection/hello-for-business/hello-faq.yml", "redirect_url": "/windows/security/identity-protection/hello-for-business/faq", "redirect_document_id": false + }, + { + "source_path": "windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-pki.md", + "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust", + "redirect_document_id": false } ] } \ No newline at end of file diff --git a/windows/security/identity-protection/hello-for-business/deploy/prepare-users.md b/windows/security/identity-protection/hello-for-business/deploy/prepare-users.md index b3ce1ce6c4..7951c01a2e 100644 --- a/windows/security/identity-protection/hello-for-business/deploy/prepare-users.md +++ b/windows/security/identity-protection/hello-for-business/deploy/prepare-users.md @@ -1,17 +1,27 @@ --- title: Prepare users to provision and use Windows Hello for Business -description: Learn about the role of each component within Windows Hello for Business and how certain deployment decisions affect other aspects of your infrastructure. +description: Learn how to prepare users to enroll and to use Windows Hello for Business. ms.date: 01/02/2024 ms.topic: overview --- # Prepare users to provision and use Windows Hello for Business -Since provisioning of Windows Hello requires multi-factor authentication, ensure you have a solution in place for users to use MFA during the process. Depending on the hardware, users might be prompted to register their fingerprint or face. +This article provides guidance on how to prepare users to enroll and to use Windows Hello for Business. It also provides guidance on how to communicate the benefits of Windows Hello for Business to users. + +## Multi-factor authentication + +The provisioning of Windows Hello requires users to authenticate with multi-factor (MFA). Ensure that you have a solution in place for users to use MFA during the process. > [!TIP] > To facilitate user communication and to ensure a successful Windows Hello for Business deployment, you can find customizable material (email templates, posters, trainings, etc.) at [Microsoft Entra templates](https://aka.ms/adminmails). +## Biometric gestures + +Depending on the hardware, users might be prompted to register their fingerprint or face. Explain to users that for convenience, they should register their biometric gesture during the provisioning process. The biometric gesture can be used to unlock the device and to authenticate to resources that require Windows Hello for Business. Biometric gestures are valid only on the enrolled device and are not stored outside the device. + +## User experience + The next video shows the Windows Hello for Business enrollment experience after a user signs in with a password: 1. Since the device supports biometric authentication, the user is prompted to set up a biometric gesture. This gesture can be used to unlock the device and authenticate to resources that require Windows Hello for Business. The user can skip this step if they don't want to set up a biometric gesture