From c95cf2df28f757b0b515ca89a45e0e42c0d77693 Mon Sep 17 00:00:00 2001 From: v-miegge <49650192+v-miegge@users.noreply.github.com> Date: Thu, 3 Jun 2021 11:20:36 -0700 Subject: [PATCH] Updates --- .../hello-aad-join-cloud-only-deploy.md | 14 +++++++------- .../identity-protection/hello-for-business/toc.yml | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md index f46f11f58a..d9cc726083 100644 --- a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md +++ b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md @@ -27,7 +27,7 @@ When you Azure Active Directory (Azure AD) join a Windows 10 device, the system ## Prerequisites -This cloud only deployment will use Azure AD multi-factor authentication (MFA) during the Windows Hello for Business enrollment and there is no additional MFA configuration needed. If you are not already registered in Azure AD MFA, you will be guided though the MFA registration as part of the Windows Hello for Business deployment enrollment process. The necessary Windows Hello for Business prerequisites for are located at [Cloud Only Deployment](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-identity-verification#cloud-only-deployment). +This cloud only deployment will use Azure AD multi-factor authentication (MFA) during the Windows Hello for Business enrollment and there is no additional MFA configuration needed. If you are not already registered in Azure AD MFA, you will be guided though the MFA registration as part of the Windows Hello for Business deployment enrollment process. The necessary Windows Hello for Business prerequisites for are located at [Cloud Only Deployment](hello-identity-verification.md#cloud-only-deployment). > [!NOTE] > It's possible for federated domains to enable the “Supports MFA” flag in your federated domain settings. This tells Azure AD that the federated IDP will perform the MFA challenge. @@ -38,7 +38,7 @@ You can check and view this setting with the following MSOnline PowerShell comma ## Use Intune to disable Windows Hello for Business enrollment -We recommend that you disable or manage this behavior through an Intune policy using the steps in [Integrate Windows Hello for Business with Microsoft Intune](https://docs.microsoft.com/mem/intune/protect/windows-hello). +We recommend that you disable or manage this behavior through an Intune policy using the steps in [Integrate Windows Hello for Business with Microsoft Intune](/mem/intune/protect/windows-hello). However, not everyone uses Intune. The following method explains how to disable Windows Hello for Business enrollment without Intune, or through a third-party mobile device management (MDM). If you are not running Intune in your organization, you can disable Windows Hello for Business via the registry. We have provided the underlying registry subkeys for disabling Windows Hello for Business. @@ -87,8 +87,8 @@ If there is a conflicting Device policy and User policy, the device policy or co ## Related reference documents for Azure AD join scenarios -- [Azure AD joined devices](https://docs.microsoft.com/azure/active-directory/devices/concept-azure-ad-join) -- [Plan your Azure Active Directory device deployment](https://docs.microsoft.com/azure/active-directory/devices/plan-device-deployment) -- [How to: Plan your Azure AD join implementation](https://docs.microsoft.com/azure/active-directory/devices/azureadjoin-plan) -- [How to manage the local administrators group on Azure AD joined devices](https://docs.microsoft.com/azure/active-directory/devices/assign-local-admin) -- [Manage device identities using the Azure portal](https://docs.microsoft.com/azure/active-directory/devices/device-management-azure-portal) +- [Azure AD joined devices](/azure/active-directory/devices/concept-azure-ad-join) +- [Plan your Azure Active Directory device deployment](/azure/active-directory/devices/plan-device-deployment) +- [How to: Plan your Azure AD join implementation](/azure/active-directory/devices/azureadjoin-plan) +- [How to manage the local administrators group on Azure AD joined devices](/azure/active-directory/devices/assign-local-admin) +- [Manage device identities using the Azure portal](/azure/active-directory/devices/device-management-azure-portal) diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml index ec30c22aec..60161ce7da 100644 --- a/windows/security/identity-protection/hello-for-business/toc.yml +++ b/windows/security/identity-protection/hello-for-business/toc.yml @@ -102,7 +102,7 @@ - name: Configure Windows Hello for Business policy settings href: hello-cert-trust-policy-settings.md - name: Azure AD join cloud only deployment - href: hello-aad-join-cloud-only-deploy + href: hello-aad-join-cloud-only-deploy.md - name: Managing Windows Hello for Business in your organization href: hello-manage-in-organization.md - name: Deploying Certificates to Key Trust Users to Enable RDP