deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-30 22:27:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Paolo Matarazzo 2023-09-14 10:27:51 -04:00
parent b453bbc412
commit ce876f9e62
1 changed files with 8 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
windows/security/identity-protection/web-sign-in/index.md
View File

@ -118,10 +118,11 @@ Here's a list of key scenarios that are supported by Web sign-in, and a brief an
:::row::: :::row:::
:::column span="3"::: :::column span="3":::
**Sign in with a federated identity**\ **Sign in with a federated identity**\
If the Microsoft Entra ID tenant is federated with a third-party SAML-P identity provider (IdP), federated users can sign to the Windows devices. If the Microsoft Entra ID tenant is federated with a third-party SAML-P identity provider (IdP), federated users can sign using the Web sign-in credential provider.
> [!TIP]
> [!TIP] > To improve the user experience for federated identities:
> To simplify the sign in experience, configure the preferred tenant policy, as it automatically redirect the sign in prompt to the IdP. For more information, see > - Configure the *preferred Azure AD tenant name* feature, which allows users to select the domain name during the sign-in process. The users are then automatically redirected to the identity provider sign-in page. For more information about preferred tenant name, see [Authentication CSP - PreferredAadTenantDomainName][WIN-1]
> - Enable Windows Hello for Business. Once the user signs in, the user can enroll in Windows Hello for Business and then use it to sign in to the device
:::column-end::: :::column-end:::
:::column span="1"::: :::column span="1":::
:::image type="content" source="images/web-sign-in-federated-auth.png" border="false" lightbox="images/web-sign-in-federated-auth.gif" alt-text="Animation of the sign in experience with a federated user."::: :::image type="content" source="images/web-sign-in-federated-auth.png" border="false" lightbox="images/web-sign-in-federated-auth.gif" alt-text="Animation of the sign in experience with a federated user.":::
@ -130,19 +131,12 @@ Here's a list of key scenarios that are supported by Web sign-in, and a brief an
## Important considerations ## Important considerations
Here's a list of important considerations to keep in mind when configuring Web sign-in: Here's a list of important considerations to keep in mind when configuring or using Web sign-in:
- Cached credentials are not supported. If the device is offline, the user can't use the Web sign-in credential provider to sign in - Cached credentials are not supported with Web sign-in. If the device is offline, the user can't use the Web sign-in credential provider to sign in
- When signing off, the user is not displayed in the user selection list - When signing off, the user is not displayed in the user selection list
- Once enabled, the Web sign-in credential provider is the default credential provider for new users signing in to the device. To change the default credential provider, you can use the [DefaultCredentialProvider][WIN-2] ADMX-backed policy - Once enabled, the Web sign-in credential provider is the default credential provider for new users signing in to the device. To change the default credential provider, you can use the [DefaultCredentialProvider][WIN-2] ADMX-backed policy
### Sign in with federated identities
In case of federated identities, here are some tips to improve the user experience:
- Configure the *preferred Azure AD tenant name* feature, which allows users to select the domain name during the sign-in process. The users are then automatically redirected to the identity provider sign-in page. For more information about preferred tenant name, see [Authentication CSP - PreferredAadTenantDomainName][WIN-1]
- Enable Windows Hello for Business. Once the user signs in, the user can enroll in Windows Hello for Business and then use it to sign in to the device
### Known issues ### Known issues
- If you attempt to sign in while the device is offline, you will receive the following message: *It doesn't look that you're connected to the Internet. Check your connection and try again.*. Selecting the *Back to sign-in* option doesn't bring you back to the lock screen. As a workaround, you can press <kbd>Ctrl</kbd>+<kbd>Alt</kbd>+<kbd>Delete</kbd> to get back to the lock screen. - If you attempt to sign in while the device is offline, you will receive the following message: *It doesn't look that you're connected to the Internet. Check your connection and try again.*. Selecting the *Back to sign-in* option doesn't bring you back to the lock screen. As a workaround, you can press <kbd>Ctrl</kbd>+<kbd>Alt</kbd>+<kbd>Delete</kbd> to get back to the lock screen.
@ -156,6 +150,7 @@ To provide feedback for Windows Hello for Business passwordless experience, open
[AAD-1]: /azure/active-directory/authentication/howto-authentication-passwordless-phone [AAD-1]: /azure/active-directory/authentication/howto-authentication-passwordless-phone
[AAD-2]: /azure/active-directory/authentication/concept-authentication-passwordless [AAD-2]: /azure/active-directory/authentication/concept-authentication-passwordless
[AAD-3]: /azure/active-directory/authentication/howto-authentication-temporary-access-pass [AAD-3]: /azure/active-directory/authentication/howto-authentication-temporary-access-pass
[FHUB]: feedback-hub://?tabid=2&newFeedback=true&feedbackType=1
[INT-1]: /mem/intune/configuration/custom-settings-windows-10 [INT-1]: /mem/intune/configuration/custom-settings-windows-10
[KB-1]: https://support.microsoft.com/kb/5030310 [KB-1]: https://support.microsoft.com/kb/5030310
[WIN-1]: /windows/client-management/mdm/policy-csp-authentication#preferredaadtenantdomainname [WIN-1]: /windows/client-management/mdm/policy-csp-authentication#preferredaadtenantdomainname