From cf49e1a8cda433f8198c295359f3aebbe72df279 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Mon, 21 Nov 2022 12:11:09 -0500
Subject: [PATCH] updates
---
.../hello-hybrid-aadj-sso-base.md | 3 +++
.../hello-hybrid-aadj-sso-cert.md | 2 ++
.../hello-hybrid-cloud-kerberos-trust.md | 5 +----
.../microsoft-compatible-security-key.md | 0
.../{ => retired}/reset-security-key.md | 0
.../hello-for-business/toc.yml | 18 ++++++++----------
.../includes/hello-hybrid-cloudkerb-trust.md | 8 ++++++++
.../includes/hello-hybrid-keycert-trust-aad.md | 7 +++++++
windows/security/includes/hello-template.md | 15 ---------------
9 files changed, 29 insertions(+), 29 deletions(-)
rename windows/security/identity-protection/hello-for-business/{ => retired}/microsoft-compatible-security-key.md (100%)
rename windows/security/identity-protection/hello-for-business/{ => retired}/reset-security-key.md (100%)
create mode 100644 windows/security/includes/hello-hybrid-cloudkerb-trust.md
create mode 100644 windows/security/includes/hello-hybrid-keycert-trust-aad.md
delete mode 100644 windows/security/includes/hello-template.md
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
index 103f9f3d54..a53b5977d6 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
@@ -7,6 +7,9 @@ appliesto:
ms.topic: article
---
# Configure Azure AD-joined devices for On-premises Single-Sign On using Windows Hello for Business
+
+[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-keycert-trust-aad.md)]
+
## Prerequisites
Before adding Azure Active Directory (Azure AD) joined devices to your existing hybrid deployment, you need to verify the existing deployment can support Azure AD-joined devices. Unlike hybrid Azure AD-joined devices, Azure AD-joined devices don't have a relationship with your Active Directory domain. This factor changes the way in which users authenticate to Active Directory. Validate the following configurations to ensure they support Azure AD-joined devices.
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
index 8a2009474b..84377c36b5 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
@@ -9,6 +9,8 @@ ms.topic: article
# Using Certificates for AADJ On-premises Single-sign On
+[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-keycert-trust-aad.md)]
+
If you plan to use certificates for on-premises single-sign on, then follow these **additional** steps to configure the environment to enroll Windows Hello for Business certificates for Azure AD-joined devices.
> [!IMPORTANT]
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md
index 05694db88f..4b65d68e29 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md
@@ -8,10 +8,7 @@ ms.topic: article
---
# Hybrid cloud Kerberos trust deployment
-This document describes Windows Hello for Business functionalities or scenarios that apply to:\
-✅ **Deployment type:** [hybrid](hello-how-it-works-technology.md#hybrid-deployment)\
-✅ **Trust type:** [cloud Kerberos trust](hello-hybrid-cloud-kerberos-trust.md)\
-✅ **Device registration type:** [Azure AD join](hello-how-it-works-technology.md#azure-active-directory-join), [Hybrid Azure AD join](hello-how-it-works-technology.md#hybrid-azure-ad-join)
+[!INCLUDE [hello-hybrid-key-trust](../../includes/hello-hybrid-cloudkerb-trust.md)]
diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/retired/microsoft-compatible-security-key.md
similarity index 100%
rename from windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md
rename to windows/security/identity-protection/hello-for-business/retired/microsoft-compatible-security-key.md
diff --git a/windows/security/identity-protection/hello-for-business/reset-security-key.md b/windows/security/identity-protection/hello-for-business/retired/reset-security-key.md
similarity index 100%
rename from windows/security/identity-protection/hello-for-business/reset-security-key.md
rename to windows/security/identity-protection/hello-for-business/retired/reset-security-key.md
diff --git a/windows/security/identity-protection/hello-for-business/toc.yml b/windows/security/identity-protection/hello-for-business/toc.yml
index e76276cdca..732561a038 100644
--- a/windows/security/identity-protection/hello-for-business/toc.yml
+++ b/windows/security/identity-protection/hello-for-business/toc.yml
@@ -13,14 +13,6 @@
href: hello-biometrics-in-enterprise.md
- name: How Windows Hello for Business works
href: hello-how-it-works.md
- - name: Technical deep dive
- items:
- - name: Provisioning
- href: hello-how-it-works-provisioning.md
- - name: Authentication
- href: hello-how-it-works-authentication.md
- - name: WebAuthn APIs
- href: webauthn-apis.md
- name: Deployment guides
items:
- name: Windows Hello for Business deployment overview
@@ -125,6 +117,8 @@
href: hello-cert-trust-validate-deploy-mfa.md
- name: Configure Windows Hello for Business policy settings
href: hello-cert-trust-policy-settings.md
+ - name: Planning for Domain Controller load
+ href: hello-adequate-domain-controllers.md
- name: How-to Guides
items:
- name: Prepare people to use Windows Hello
@@ -159,10 +153,14 @@
href: hello-and-password-changes.md
- name: Reference
items:
+ - name: How Windows Hello for Business provisioning works
+ href: hello-how-it-works-provisioning.md
+ - name: How Windows Hello for Business authentication works
+ href: hello-how-it-works-authentication.md
+ - name: WebAuthn APIs
+ href: webauthn-apis.md
- name: Technology and terminology
href: hello-how-it-works-technology.md
- - name: How many Domain Controllers?
- href: hello-adequate-domain-controllers.md
- name: Frequently Asked Questions (FAQ)
href: hello-faq.yml
- name: Windows Hello for Business videos
diff --git a/windows/security/includes/hello-hybrid-cloudkerb-trust.md b/windows/security/includes/hello-hybrid-cloudkerb-trust.md
new file mode 100644
index 0000000000..4f68be791b
--- /dev/null
+++ b/windows/security/includes/hello-hybrid-cloudkerb-trust.md
@@ -0,0 +1,8 @@
+This document describes Windows Hello for Business functionalities or scenarios that apply to:\
+✅ **Deployment type:** [hybrid](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment)\
+✅ **Trust type:** [cloud Kerberos trust](../identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md)\
+✅ **Device registration type:** [Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-active-directory-join), [Hybrid Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-azure-ad-join)
+
+
+
+---
diff --git a/windows/security/includes/hello-hybrid-keycert-trust-aad.md b/windows/security/includes/hello-hybrid-keycert-trust-aad.md
new file mode 100644
index 0000000000..a8d82200d3
--- /dev/null
+++ b/windows/security/includes/hello-hybrid-keycert-trust-aad.md
@@ -0,0 +1,7 @@
+This document describes Windows Hello for Business functionalities or scenarios that apply to:\
+✅ **Deployment type:** [hybrid](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment)\
+✅ **Trust type:** [key trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#key-trust), [certificate trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#certificate-trust)\
+✅ **Device registration type:** [Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-active-directory-join)
+
+
+---
diff --git a/windows/security/includes/hello-template.md b/windows/security/includes/hello-template.md
deleted file mode 100644
index 8bf862c83f..0000000000
--- a/windows/security/includes/hello-template.md
+++ /dev/null
@@ -1,15 +0,0 @@
-This document describes Windows Hello for Business functionalities or scenarios that apply to:\
-✅ **Deployment type:** [cloud-only](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment)\
-✅ **Deployment type:** [hybrid](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-deployment)\
-✅ **Deployment type:** [on-premises](../identity-protection/hello-for-business/hello-how-it-works-technology.md#on-premises-deployment)\
-✅ **Trust type:** [certificate trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#certificate-trust)\
-✅ **Trust type:** [cloud Kerberos trust](../identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md)\
-✅ **Trust type:** [key trust](../identity-protection/hello-for-business/hello-how-it-works-technology.md#key-trust)\
-✅ **Device registration type:** Active Directory domain join\
-✅ **Device registration type:** [Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-active-directory-join)\
-✅ **Device registration type:** [Hybrid Azure AD join](../identity-protection/hello-for-business/hello-how-it-works-technology.md#hybrid-azure-ad-join)\
-✅ **Device registration type:** [Azure AD registration](../identity-protection/hello-for-business/hello-how-it-works-technology.md#azure-ad-registration)
-
-
-
----