deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 12:53:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Note addition

Browse Source 
Now onwards as MFA will only work with Azure, I have added the note.

Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4872
This commit is contained in:
ImranHabib
2019-09-24 14:05:35 +05:00
committed by GitHub
parent 321ab2ded8
commit d47f97b297
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
windows/security/identity-protection/hello-for-business/hello-planning-guide.md
View File

@ -81,7 +81,7 @@ The key trust type does not require issuing authentication certificates to end u
The certificate trust type issues authentication certificates to end users. Users authenticate using a certificate requested using a hardware-bound key created during the built-in provisioning experience. Unlike key trust, certificate trust does not require Windows Server 2016 domain controllers (but still requires [Windows Server 2016 Active Directory schema](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs#directories)). Users can use their certificate to authenticate to any Windows Server 2008 R2, or later, domain controller.
>[!NOTE]
>RDP does not support authentication with Windows Hello for business key trust deployments. RDP is only supported with certificate trust deployments at this tim
>RDP does not support authentication with Windows Hello for business key trust deployments. RDP is only supported with certificate trust deployments at this time.
#### Device registration
@ -93,6 +93,9 @@ The built-in Windows Hello for Business provisioning experience creates a hardwa
#### Multifactor authentication
> [!IMPORTANT]
> As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multi-factor authentication from their users should use cloud-based Azure Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1 will be able to download the latest version, future updates and generate activation credentials as usual. See [Getting started with the Azure Multi-Factor Authentication Server](https://docs.microsoft.com/azure/active-directory/authentication/howto-mfaserver-deploy) for more details.
The goal of Windows Hello for Business is to move organizations away from passwords by providing them a strong credential that provides easy two-factor authentication. The built-in provisioning experience accepts the users weak credentials (username and password) as the first factor authentication; however, the user must provide a second factor of authentication before Windows provisions a strong credential.
Cloud only and hybrid deployments provide many choices for multi-factor authentication. On-premises deployments must use a multi-factor authentication that provides an AD FS multi-factor adapter to be used in conjunction with the on-premises Windows Server 2016 AD FS server role. Organizations can use the on-premises Azure Multi-factor Authentication server, or choose from several third parties (Read [Microsoft and third-party additional authentication methods](https://docs.microsoft.com/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs#microsoft-and-third-party-additional-authentication-methods) for more information).